diff --git a/.github/workflows/push-lite-to-docker.yml b/.github/workflows/push-lite-to-docker.yml index cacdc4462c..3449353456 100644 --- a/.github/workflows/push-lite-to-docker.yml +++ b/.github/workflows/push-lite-to-docker.yml @@ -8,6 +8,8 @@ jobs: docker: runs-on: ubuntu-22.04 steps: + - name: Checkout the Heimdall Repository + uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to DockerHub @@ -15,14 +17,12 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Checkout the Heimdall Repository - uses: actions/checkout@v4 - name: Build and push id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile.lite push: true - platforms: 'linux/amd64' + platforms: linux/amd64 tags: mitre/heimdall-lite:latest diff --git a/.github/workflows/push-server-to-docker.yml b/.github/workflows/push-server-to-docker.yml index fdc46b53e1..766af0d109 100644 --- a/.github/workflows/push-server-to-docker.yml +++ b/.github/workflows/push-server-to-docker.yml @@ -21,9 +21,9 @@ jobs: fetch-depth: 0 - name: Build and push id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: true - platforms: 'linux/amd64' + platforms: linux/amd64 tags: mitre/heimdall2:latest diff --git a/.github/workflows/release-lite-to-docker.yml b/.github/workflows/release-lite-to-docker.yml index 93f2b39ebb..988e78a1c9 100644 --- a/.github/workflows/release-lite-to-docker.yml +++ b/.github/workflows/release-lite-to-docker.yml @@ -8,8 +8,6 @@ jobs: docker: runs-on: ubuntu-22.04 steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Run string replace # remove the v from the version number before using it in the docker tag uses: frabert/replace-string-action@v2 id: format-tag @@ -18,19 +16,21 @@ jobs: string: '${{ github.event.release.tag_name }}' replace-with: '' flags: 'g' + - name: Checkout the Heimdall Repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Checkout the Heimdall Repository - uses: actions/checkout@v4 - name: Build and push id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: Dockerfile.lite push: true - platforms: 'linux/amd64' + platforms: linux/amd64 tags: mitre/heimdall-lite:release-latest,mitre/heimdall-lite:${{ steps.format-tag.outputs.replaced }} diff --git a/.github/workflows/release-server-to-docker.yml b/.github/workflows/release-server-to-docker.yml index ff925fa7b0..945094868a 100644 --- a/.github/workflows/release-server-to-docker.yml +++ b/.github/workflows/release-server-to-docker.yml @@ -13,13 +13,6 @@ jobs: docker: runs-on: ubuntu-22.04 steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Run string replace # remove the v from the version number before using it in the docker tag uses: frabert/replace-string-action@v2 id: format-tag @@ -30,13 +23,20 @@ jobs: flags: 'g' - name: Checkout the Heimdall Repository uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push id: docker_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: true - platforms: 'linux/amd64' + platforms: linux/amd64 tags: mitre/heimdall2:release-latest,mitre/heimdall2:${{ steps.format-tag.outputs.replaced }} - name: Get Docker SHA shell: bash diff --git a/CHANGELOG b/CHANGELOG index 8e597723d2..1c1a6ca267 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,189 @@ +v2.10.15 + +## Bug Fixes +- Remove passport openid @Amndeep7 (#6112) +- SBOM Mapper @charleshu-8 (#5986) + +## Dependency Updates +- Bump @aws-sdk/client-s3 from 3.632.0 to 3.633.0 @dependabot (#6113) +- Bump elliptic from 6.5.5 to 6.5.7 @dependabot (#6110) +- Bump @aws-sdk/client-config-service from 3.629.0 to 3.632.0 @dependabot (#6108) +- Bump @aws-sdk/client-s3 from 3.631.0 to 3.632.0 @dependabot (#6109) +- Bump @aws-sdk/client-sts from 3.631.0 to 3.632.0 @dependabot (#6107) +- Bump cypress from 13.13.2 to 13.13.3 @dependabot (#6105) +- Bump @aws-sdk/client-s3 from 3.629.0 to 3.631.0 @dependabot (#6102) +- Bump winston from 3.14.1 to 3.14.2 @dependabot (#6104) +- Bump @types/node from 22.2.0 to 22.3.0 @dependabot (#6101) + +v2.10.14 + +## Bug Fixes + +- Twistlock Mapper Tweaks @charleshu-8 (#6054) + +## Dependency Updates + +- Bump tailwindcss from 3.4.9 to 3.4.10 @dependabot (#6099) +- Bump axios from 1.7.3 to 1.7.4 @dependabot (#6100) +- Bump @nestjs/testing from 10.4.0 to 10.4.1 @dependabot (#6096) +- Bump @nestjs/platform-express from 10.3.10 to 10.4.1 @dependabot (#6095) +- Bump @nestjs/common from 10.4.0 to 10.4.1 @dependabot (#6098) +- Bump @nestjs/core from 10.4.0 to 10.4.1 @dependabot (#6097) +- Bump @nestjs/testing from 10.3.10 to 10.4.0 @dependabot (#6089) +- Bump @aws-sdk/client-s3 from 3.627.0 to 3.629.0 @dependabot (#6091) +- Bump @nestjs/common from 10.3.10 to 10.4.0 @dependabot (#6090) +- Bump @nestjs/core from 10.3.10 to 10.4.0 @dependabot (#6088) +- Bump @aws-sdk/client-config-service from 3.624.0 to 3.629.0 @dependabot (#6094) +- Bump eslint-plugin-cypress from 3.4.0 to 3.5.0 @dependabot (#6093) +- Bump @aws-sdk/client-sts from 3.624.0 to 3.629.0 @dependabot (#6087) +- Bump winston from 3.13.1 to 3.14.1 @dependabot (#6081) +- Bump tsx from 4.16.5 to 4.17.0 @dependabot (#6080) +- Bump @types/node from 22.1.0 to 22.2.0 @dependabot (#6084) +- Bump @aws-sdk/client-s3 from 3.626.0 to 3.627.0 @dependabot (#6079) +- Bump @nestjs/cli from 10.4.2 to 10.4.4 @dependabot (#6085) +- Bump tailwindcss from 3.4.8 to 3.4.9 @dependabot (#6078) +- Bump tailwindcss from 3.4.7 to 3.4.8 @dependabot (#6077) +- Bump @aws-sdk/client-s3 from 3.624.0 to 3.626.0 @dependabot (#6076) + +v2.10.13 + +- Docker improvements @Amndeep7 (#6075) +- Convert Microsoft Secure Score to OHDF @meme112233 (#6007) + +## Dependency Updates + +- Bump core-js from 3.37.1 to 3.38.0 @dependabot (#6072) +- Bump @aws-sdk/client-s3 from 3.623.0 to 3.624.0 @dependabot (#6071) +- Bump luxon from 3.4.4 to 3.5.0 @dependabot (#6068) +- Bump ts-jest from 29.2.3 to 29.2.4 @dependabot (#6058) +- Bump @aws-sdk/client-config-service from 3.623.0 to 3.624.0 @dependabot (#6069) +- Bump apexcharts from 3.51.0 to 3.52.0 @dependabot (#6073) +- Bump lerna from 8.1.7 to 8.1.8 @dependabot (#6070) +- Bump @aws-sdk/client-sts from 3.623.0 to 3.624.0 @dependabot (#6067) +- Bump @aws-sdk/client-s3 from 3.622.0 to 3.623.0 @dependabot (#6063) +- Bump @types/node from 22.0.2 to 22.1.0 @dependabot (#6065) +- Bump tsx from 4.16.3 to 4.16.5 @dependabot (#6057) +- Bump @aws-sdk/client-config-service from 3.621.0 to 3.623.0 @dependabot (#6062) +- Bump cypress from 13.13.1 to 13.13.2 @dependabot (#6049) +- Bump axios from 1.7.2 to 1.7.3 @dependabot (#6059) +- Bump @aws-sdk/client-sts from 3.622.0 to 3.623.0 @dependabot (#6064) +- Bump rexml from 3.2.8 to 3.3.3 in /libs/inspecjs @dependabot (#6061) +- Bump @aws-sdk/client-s3 from 3.621.0 to 3.622.0 @dependabot (#6055) +- Bump tsx from 4.16.2 to 4.16.3 @dependabot (#6051) +- Bump @types/node from 22.0.0 to 22.0.2 @dependabot (#6050) +- Bump @aws-sdk/client-s3 from 3.620.1 to 3.621.0 @dependabot (#6048) + +v2.10.12 + +- Hdf2ckl severity @kemley76 (#5866) +- checklist metadata input validation on export @kemley76 (#5902) +- gosec Mapper Rework @charleshu-8 (#5982) +- Trufflehog mapper @andytang99 (#6013) +- Format error message when validating checklist metadata @kemley76 (#6023) +- gosec Mapper Rework @charleshu-8 (#5982) +- GoSec Mapper `impact` Fix @charleshu-8 (#5952) + +## Dependency Updates + +- Bump cypress-wait-until from 1.7.2 to 3.0.2 @dependabot (#6046) +- Bump @aws-sdk/client-config-service from 3.620.1 to 3.621.0 @dependabot (#6044) +- Bump @types/lodash from 4.17.5 to 4.17.7 @dependabot (#6001) +- Bump @types/node from 20.14.12 to 22.0.0 @dependabot (#6043) +- Bump @aws-sdk/client-config-service from 3.620.0 to 3.620.1 @dependabot (#6042) +- Bump csv-stringify from 6.5.0 to 6.5.1 @dependabot (#6041) +- Bump @aws-sdk/client-s3 from 3.620.0 to 3.620.1 @dependabot (#6039) +- Bump fast-xml-parser from 4.4.0 to 4.4.1 @dependabot (#6037) +- Bump sass-loader from 15.0.0 to 16.0.0 @dependabot (#6036) +- Bump html-loader from 5.0.0 to 5.1.0 @dependabot (#6034) +- Bump @aws-sdk/client-config-service from 3.616.0 to 3.620.0 @dependabot (#6033) +- Bump tailwindcss from 3.4.6 to 3.4.7 @dependabot (#6031) +- Bump @aws-sdk/client-s3 from 3.617.0 to 3.620.0 @dependabot (#6029) +- Bump chai and @types/chai @dependabot (#6032) +- Bump @aws-sdk/client-sts from 3.616.0 to 3.620.0 @dependabot (#6030) +- Bump eslint-plugin-cypress from 3.3.0 to 3.4.0 @dependabot (#6027) +- Bump @smithy/node-http-handler from 3.1.3 to 3.1.4 @dependabot (#6025) +- Bump yaml from 2.4.5 to 2.5.0 @dependabot (#6026) +- Bump @nestjs/schematics from 10.1.2 to 10.1.3 @dependabot (#6024) +- Bump @types/node from 20.14.11 to 20.14.12 @dependabot (#6020) +- Bump @aws-sdk/client-s3 from 3.616.0 to 3.617.0 @dependabot (#6017) +- Bump @e965/xlsx from 0.20.2 to 0.20.3 @dependabot (#6012) +- Bump sass-loader from 14.2.1 to 15.0.0 @dependabot (#6022) +- Bump apexcharts from 3.50.0 to 3.51.0 @dependabot (#6015) +- Bump express-rate-limit from 7.3.1 to 7.4.0 @dependabot (#6021) +- Bump typedoc from 0.26.4 to 0.26.5 @dependabot (#6014) +- Bump lerna from 8.1.6 to 8.1.7 @dependabot (#6016) +- Bump @aws-sdk/client-s3 from 3.614.0 to 3.616.0 @dependabot (#6010) +- Bump @aws-sdk/client-config-service from 3.614.0 to 3.616.0 @dependabot (#6009) +- Bump ts-jest from 29.2.2 to 29.2.3 @dependabot (#6008) +- Bump @aws-sdk/client-sts from 3.614.0 to 3.616.0 @dependabot (#6011) +- Bump eslint-plugin-prettier from 5.1.3 to 5.2.1 @dependabot (#6006) +- Bump tailwindcss from 3.4.5 to 3.4.6 @dependabot (#6003) +- Bump @types/node from 20.14.10 to 20.14.11 @dependabot (#6000) +- Bump cypress from 13.13.0 to 13.13.1 @dependabot (#6002) +- Bump semver from 7.6.2 to 7.6.3 @dependabot (#5999) +- Bump compare-versions from 6.1.0 to 6.1.1 @dependabot (#5998) +- Bump prettier from 3.3.2 to 3.3.3 @dependabot (#5997) +- Bump @smithy/node-http-handler from 3.1.2 to 3.1.3 @dependabot (#5996) +- Bump tailwindcss from 3.4.4 to 3.4.5 @dependabot (#5995) +- Bump @aws-sdk/client-config-service from 3.609.0 to 3.614.0 @dependabot (#5991) +- Bump winston from 3.13.0 to 3.13.1 @dependabot (#5989) +- Bump ts-jest from 29.2.0 to 29.2.2 @dependabot (#5990) +- Bump typedoc from 0.26.3 to 0.26.4 @dependabot (#5992) +- Bump @aws-sdk/client-s3 from 3.613.0 to 3.614.0 @dependabot (#5993) +- Bump @aws-sdk/client-sts from 3.613.0 to 3.614.0 @dependabot (#5988) +- Bump @aws-sdk/client-s3 from 3.609.0 to 3.613.0 @dependabot (#5983) +- Bump xml-formatter from 3.6.2 to 3.6.3 @dependabot (#5981) +- Bump xml-parser-xo from 4.1.1 to 4.1.2 @dependabot (#5980) +- Bump highlight.js from 11.9.0 to 11.10.0 @dependabot (#5978) +- Bump @nestjs/testing from 10.3.9 to 10.3.10 @dependabot (#5956) +- Bump @smithy/node-http-handler from 3.1.1 to 3.1.2 @dependabot (#5979) +- Bump ts-jest from 29.1.5 to 29.2.0 @dependabot (#5977) +- Bump tsx from 4.16.0 to 4.16.2 @dependabot (#5969) +- Bump @nestjs/cli from 10.4.0 to 10.4.2 @dependabot (#5973) +- Bump @types/node from 20.14.9 to 20.14.10 @dependabot (#5972) +- Bump lerna from 8.1.5 to 8.1.6 @dependabot (#5974) +- Bump apexcharts from 3.49.2 to 3.50.0 @dependabot (#5971) +- Bump @aws-sdk/client-config-service from 3.606.0 to 3.609.0 @dependabot (#5966) +- Bump eslint-plugin-vue from 9.26.0 to 9.27.0 @dependabot (#5967) +- Bump @aws-sdk/client-s3 from 3.608.0 to 3.609.0 @dependabot (#5964) +- Bump @nestjs/schematics from 10.1.1 to 10.1.2 @dependabot (#5968) +- Bump @aws-sdk/client-sts from 3.606.0 to 3.609.0 @dependabot (#5963) +- Bump @nestjs/cli from 10.3.2 to 10.4.0 @dependabot (#5965) +- Bump @nestjs/core from 10.3.9 to 10.3.10 @dependabot (#5960) +- Bump prettier-plugin-organize-imports from 3.2.4 to 4.0.0 @dependabot (#5958) +- Bump tsx from 4.15.7 to 4.16.0 @dependabot (#5959) +- Bump @nestjs/platform-express from 10.3.9 to 10.3.10 @dependabot (#5957) +- Bump cypress from 13.12.0 to 13.13.0 @dependabot (#5954) +- Bump @nestjs/common from 10.3.9 to 10.3.10 @dependabot (#5955) +- Bump @aws-sdk/client-s3 from 3.606.0 to 3.608.0 @dependabot (#5953) +- Bump typedoc from 0.26.2 to 0.26.3 @dependabot (#5947) +- Bump lru-cache from 10.2.2 to 10.3.0 @dependabot (#5948) +- Bump @aws-sdk/client-config-service from 3.600.0 to 3.606.0 @dependabot (#5950) +- Bump @aws-sdk/client-s3 from 3.600.0 to 3.606.0 @dependabot (#5946) +- Bump @smithy/node-http-handler from 3.1.0 to 3.1.1 @dependabot (#5945) +- Bump @aws-sdk/client-sts from 3.600.0 to 3.606.0 @dependabot (#5943) +- Bump apexcharts from 3.49.1 to 3.49.2 @dependabot (#5941) +- Bump @types/node from 20.14.8 to 20.14.9 @dependabot (#5942) +- Bump typedoc from 0.25.13 to 0.26.2 @dependabot (#5939) +- Bump lerna from 8.1.3 to 8.1.5 @dependabot (#5940) +- Bump tsx from 4.15.6 to 4.15.7 @dependabot (#5937) +- Bump @types/node from 20.14.7 to 20.14.8 @dependabot (#5938) +- Bump @types/node from 20.14.6 to 20.14.7 @dependabot (#5936) +- Bump @types/uuid from 9.0.8 to 10.0.0 @dependabot (#5935) +- Bump @types/node from 20.14.4 to 20.14.6 @dependabot (#5934) +- Bump @aws-sdk/client-config-service from 3.598.0 to 3.600.0 @dependabot (#5931) +- Bump cypress from 13.11.0 to 13.12.0 @dependabot (#5933) +- Bump @aws-sdk/client-s3 from 3.596.0 to 3.600.0 @dependabot (#5929) +- Bump @smithy/node-http-handler from 3.0.1 to 3.1.0 @dependabot (#5928) +- Bump @types/node from 20.14.2 to 20.14.4 @dependabot (#5924) +- Bump ts-jest from 29.1.4 to 29.1.5 @dependabot (#5925) +- Bump tsx from 4.15.5 to 4.15.6 @dependabot (#5926) +- Bump @aws-sdk/client-config-service from 3.596.0 to 3.598.0 @dependabot (#5922) +- Bump ws from 7.5.9 to 7.5.10 @dependabot (#5927) +- Bump @types/validator from 13.11.10 to 13.12.0 @dependabot (#5923) +- Bump @aws-sdk/client-sts from 3.596.0 to 3.598.0 @dependabot (#5920) +- Bump tsx from 4.15.2 to 4.15.5 @dependabot (#5919) + v2.10.10 - Revert "Bump tw-elements from 1.1.0 to 2.0.0" @charleshu-8 (#5894) diff --git a/Dockerfile b/Dockerfile index 3c9905c1fe..ee28db4914 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,25 +41,22 @@ WORKDIR /app RUN curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo && microdnf install -y yarn && microdnf clean all && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* -COPY --from=builder /src/package.json ./ -COPY --from=builder /src/apps/backend/package.json apps/backend/ +COPY --from=builder --chown=1001 /src/package.json ./ +COPY --from=builder --chown=1001 /src/apps/backend/package.json apps/backend/ -COPY --from=builder /src/apps/backend/node_modules apps/backend/node_modules -COPY --from=builder /src/apps/backend/.sequelizerc apps/backend/ -COPY --from=builder /src/apps/backend/db apps/backend/db -COPY --from=builder /src/apps/backend/config apps/backend/config -COPY --from=builder /src/apps/backend/migrations apps/backend/migrations -COPY --from=builder /src/apps/backend/seeders apps/backend/seeders +COPY --from=builder --chown=1001 /src/apps/backend/node_modules apps/backend/node_modules +COPY --from=builder --chown=1001 /src/apps/backend/.sequelizerc apps/backend/ +COPY --from=builder --chown=1001 /src/apps/backend/db apps/backend/db +COPY --from=builder --chown=1001 /src/apps/backend/config apps/backend/config +COPY --from=builder --chown=1001 /src/apps/backend/migrations apps/backend/migrations +COPY --from=builder --chown=1001 /src/apps/backend/seeders apps/backend/seeders -COPY --from=builder /src/libs/password-complexity/ libs/password-complexity +COPY --from=builder --chown=1001 /src/libs/password-complexity/ libs/password-complexity -COPY --from=builder /src/apps/backend/dist apps/backend/dist -COPY --from=builder /src/dist/ dist/ +COPY --from=builder --chown=1001 /src/apps/backend/dist apps/backend/dist +COPY --from=builder --chown=1001 /src/dist/ dist/ -RUN chown -R 1001 . - -COPY cmd.sh /usr/local/bin/ -RUN chmod 755 /usr/local/bin/cmd.sh +COPY --chmod=755 cmd.sh /usr/local/bin/ USER 1001 diff --git a/Dockerfile.lite b/Dockerfile.lite index 03ac89da0e..5a248acbab 100644 --- a/Dockerfile.lite +++ b/Dockerfile.lite @@ -1,7 +1,7 @@ ARG BUILD_CONTAINER=registry.access.redhat.com/ubi8/nodejs-18-minimal:1 ARG BASE_CONTAINER=nginx:alpine -FROM $BUILD_CONTAINER as builder +FROM $BUILD_CONTAINER AS builder ARG NODE_ENV=production ENV NODE_ENV=$NODE_ENV @@ -30,7 +30,7 @@ COPY libs ./libs RUN yarn frontend build -FROM $BASE_CONTAINER as production-stage +FROM $BASE_CONTAINER AS production-stage EXPOSE 80 diff --git a/VERSION b/VERSION index 324e02a203..62a765d8c1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v2.10.10 +v2.10.15 diff --git a/apps/backend/.env-example b/apps/backend/.env-example index 8bf9db4713..1a3d724fa2 100644 --- a/apps/backend/.env-example +++ b/apps/backend/.env-example @@ -38,6 +38,10 @@ DATABASE_SSL_CA= +## External interfaces +SPLUNK_HOST_URL= +TENABLE_HOST_URL= + # Authentication EXTERNAL_URL= diff --git a/apps/backend/config/app_config.ts b/apps/backend/config/app_config.ts index 44635051f5..b5066078a8 100644 --- a/apps/backend/config/app_config.ts +++ b/apps/backend/config/app_config.ts @@ -35,6 +35,24 @@ export default class AppConfig { return process.env[key] || this.envConfig[key]; } + getSplunkHostUrl(): string { + const splunk_host_url = this.get('SPLUNK_HOST_URL'); + if (splunk_host_url !== undefined) { + return splunk_host_url; + } else { + return ''; + } + } + + getTenableHostUrl(): string { + const tenable_host_url = this.get('TENABLE_HOST_URL'); + if (tenable_host_url !== undefined) { + return tenable_host_url; + } else { + return ''; + } + } + getDatabaseName(): string { const databaseName = this.get('DATABASE_NAME'); const nodeEnvironment = this.get('NODE_ENV'); diff --git a/apps/backend/package.json b/apps/backend/package.json index a80b1a154e..0a1a2590f0 100644 --- a/apps/backend/package.json +++ b/apps/backend/package.json @@ -1,6 +1,6 @@ { "name": "heimdall-server", - "version": "2.10.10", + "version": "2.10.15", "description": "", "license": "Apache-2.0", "author": "", @@ -64,7 +64,7 @@ "@types/js-levenshtein": "^1.1.0", "@types/ms": "^0.7.31", "@types/multer": "^1.4.5", - "@types/node": "^20.1.0", + "@types/node": "^22.0.0", "@types/passport-github": "^1.1.5", "@types/passport-jwt": "^4.0.0", "@types/passport-local": "^1.0.33", @@ -96,7 +96,6 @@ "passport-ldapauth": "^3.0.1", "passport-local": "^1.0.0", "passport-oauth2": "^1.5.0", - "passport-openid": "^0.4.0", "passport-openidconnect": "^0.1.1", "pg": "^8.2.1", "reflect-metadata": "^0.2.1", diff --git a/apps/backend/src/config/config.service.ts b/apps/backend/src/config/config.service.ts index 2275a9715f..3bef773e05 100644 --- a/apps/backend/src/config/config.service.ts +++ b/apps/backend/src/config/config.service.ts @@ -57,10 +57,20 @@ export class ConfigService { oidcName: this.get('OIDC_NAME') || '', ldap: this.get('LDAP_ENABLED')?.toLocaleLowerCase() === 'true' || false, registrationEnabled: this.isRegistrationAllowed(), - localLoginEnabled: this.isLocalLoginAllowed() + localLoginEnabled: this.isLocalLoginAllowed(), + tenableHostUrl: this.getTenableHostUrl(), + splunkHostUrl: this.getSplunkHostUrl() }); } + getSplunkHostUrl(): string { + return this.appConfig.getSplunkHostUrl(); + } + + getTenableHostUrl(): string { + return this.appConfig.getTenableHostUrl(); + } + getDbConfig(): SequelizeOptions { return this.appConfig.getDbConfig(); } diff --git a/apps/backend/src/config/dto/startup-settings.dto.ts b/apps/backend/src/config/dto/startup-settings.dto.ts index c6069b5597..6329e3c9ba 100644 --- a/apps/backend/src/config/dto/startup-settings.dto.ts +++ b/apps/backend/src/config/dto/startup-settings.dto.ts @@ -11,6 +11,8 @@ export class StartupSettingsDto implements IStartupSettings { readonly ldap: boolean; readonly registrationEnabled: boolean; readonly localLoginEnabled: boolean; + readonly tenableHostUrl: string; + readonly splunkHostUrl: string; constructor(settings: IStartupSettings) { this.apiKeysEnabled = settings.apiKeysEnabled; @@ -23,5 +25,7 @@ export class StartupSettingsDto implements IStartupSettings { this.ldap = settings.ldap; this.registrationEnabled = settings.registrationEnabled; this.localLoginEnabled = settings.localLoginEnabled; + this.tenableHostUrl = settings.tenableHostUrl; + this.splunkHostUrl = settings.splunkHostUrl; } } diff --git a/apps/backend/src/main.ts b/apps/backend/src/main.ts index 8b92c75b95..9d9ecf76d8 100644 --- a/apps/backend/src/main.ts +++ b/apps/backend/src/main.ts @@ -40,8 +40,10 @@ async function bootstrap() { 'connect-src': [ "'self'", 'https://api.github.com', - 'https://sts.amazonaws.com' - ] + 'https://sts.amazonaws.com', + configService.getTenableHostUrl(), + configService.getSplunkHostUrl() + ].filter((source) => source) } }) ); diff --git a/apps/backend/src/types/passport-openid/index.d.ts b/apps/backend/src/types/passport-openid/index.d.ts deleted file mode 100644 index 9b5d701c18..0000000000 --- a/apps/backend/src/types/passport-openid/index.d.ts +++ /dev/null @@ -1 +0,0 @@ -declare module 'passport-openid'; diff --git a/apps/frontend/package.json b/apps/frontend/package.json index bdf8514386..9f82bf8e40 100644 --- a/apps/frontend/package.json +++ b/apps/frontend/package.json @@ -1,6 +1,6 @@ { "name": "@mitre/heimdall-lite", - "version": "2.10.10", + "version": "2.10.15", "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", "repository": { "type": "git", @@ -44,7 +44,7 @@ "@types/lru-cache": "^7.10.10", "@types/luxon": "^3.3.1", "@types/mustache": "^4.1.1", - "@types/node": "^20.1.0", + "@types/node": "^22.0.0", "@types/prismjs": "^1.16.1", "@types/sanitize-html": "^2.3.1", "@types/triple-beam": "^1.3.2", @@ -69,14 +69,14 @@ "csv-stringify": "^6.4.1", "d3": "^7.2.0", "date-fns": "^3.0.0", - "diff": "^5.0.0", + "diff": "^7.0.0", "diff2html": "^3.1.7", "eslint-plugin-vue": "^9.15.0", "express": "^4.17.1", "file-saver": "^2.0.2", "highlight.js": "^11.0.0", "html-loader": "^5.0.0", - "inspecjs": "^2.10.8", + "inspecjs": "^2.10.13", "lodash": "4.17.21", "lru-cache": "^10.1.0", "luxon": "^3.0.1", @@ -87,7 +87,7 @@ "roboto-fontface": "*", "sanitize-html": "~2.13.0", "sass": "~1.32.6", - "sass-loader": "^14.0.0", + "sass-loader": "^16.0.0", "search-query-parser": "^1.5.5", "semver": "^7.6.0", "uuid": "^10.0.0", @@ -127,6 +127,11 @@ "ts-jest": "^29.1.0", "vue-jest": "^3.0.7" }, + "resolutions": { + "adm-zip": "0.5.12", + "@types/lru-cache/lru-cache@*": "^10.3.0", + "prismjs": "1.29.0" + }, "engines": { "node": "^18.19.0" }, diff --git a/apps/frontend/public/static/export/style.css b/apps/frontend/public/static/export/style.css index e3b9c6d307..4a940624b5 100644 --- a/apps/frontend/public/static/export/style.css +++ b/apps/frontend/public/static/export/style.css @@ -1 +1 @@ -/*! tailwindcss v3.4.4 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #e5e7eb;-webkit-box-sizing:border-box;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{-webkit-text-size-adjust:100%;-webkit-font-feature-settings:normal;font-feature-settings:normal;-webkit-tap-highlight-color:transparent;font-family:Roboto,sans-serif;font-variation-settings:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{-webkit-font-feature-settings:normal;font-feature-settings:normal;font-family:ui-monospace,monospace;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{-webkit-font-feature-settings:inherit;font-feature-settings:inherit;color:inherit;font-family:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#9ca3af;opacity:1}input::-moz-placeholder,textarea::-moz-placeholder{color:#9ca3af;opacity:1}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#9ca3af;opacity:1}input::-ms-input-placeholder,textarea::-ms-input-placeholder{color:#9ca3af;opacity:1}input::placeholder,textarea::placeholder{color:#9ca3af;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]{display:none}input[type=range]::-webkit-slider-thumb{appearance:none;-moz-appearance:none;-webkit-appearance:none;background:#3b71ca;border:0;border-radius:9999px;cursor:pointer;height:1rem;width:1rem}input[type=range]:disabled::-webkit-slider-thumb,input[type=range]:disabled:focus::-webkit-slider-thumb{background:#a3a3a3}input[type=range]:disabled:active::-webkit-slider-thumb{background:#a3a3a3}input[type=range]::-moz-range-thumb{appearance:none;-moz-appearance:none;-webkit-appearance:none;background:#3b71ca;border:0;border-radius:9999px;cursor:pointer;height:1rem;width:1rem}input[type=range]:disabled::-moz-range-thumb{background:#a3a3a3}input[type=range]::-moz-range-progress{background:#3061af}input[type=range]::-ms-fill-lower{background:#3061af}input[type=range]:focus{outline:none}input[type=range]:focus::-webkit-slider-thumb{background:#3061af}input[type=range]:active::-webkit-slider-thumb{background:#285192}*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::-ms-backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }.collapse{visibility:collapse}.relative{position:relative}.top-0{top:0}.z-10{z-index:10}.mx-2{margin-left:.5rem;margin-right:.5rem}.mx-4{margin-left:1rem;margin-right:1rem}.mx-6{margin-left:1.5rem;margin-right:1.5rem}.my-1{margin-bottom:.25rem;margin-top:.25rem}.my-2{margin-bottom:.5rem;margin-top:.5rem}.my-3{margin-bottom:.75rem;margin-top:.75rem}.my-4{margin-bottom:1rem;margin-top:1rem}.-mr-1{margin-right:-.25rem}.mb-0{margin-bottom:0}.mb-2{margin-bottom:.5rem}.ml-auto{margin-left:auto}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.block{display:block}.inline-block{display:inline-block}.flex{display:-webkit-box;display:-ms-flexbox;display:flex}.inline-flex{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}.table{display:table}.grid{display:grid}.hidden{display:none}.h-1{height:.25rem}.h-5{height:1.25rem}.h-6{height:1.5rem}.w-1\/2{width:50%}.w-24{width:6rem}.w-28{width:7rem}.w-32{width:8rem}.w-36{width:9rem}.w-40{width:10rem}.w-5{width:1.25rem}.w-56{width:14rem}.w-6{width:1.5rem}.w-64{width:16rem}.w-full{width:100%}.min-w-full{min-width:100%}.shrink{-ms-flex-negative:1;flex-shrink:1}.shrink-0{-ms-flex-negative:0;flex-shrink:0}.border-separate{border-collapse:separate}.border-spacing-x-2{--tw-border-spacing-x:0.5rem;border-spacing:var(--tw-border-spacing-x) var(--tw-border-spacing-y)}.rotate-\[-180deg\]{--tw-rotate:-180deg;-webkit-transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.grid-flow-row{grid-auto-flow:row}.grid-flow-col{grid-auto-flow:column}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.flex-wrap{-ms-flex-wrap:wrap;flex-wrap:wrap}.items-center{-webkit-box-align:center;-ms-flex-align:center;align-items:center}.justify-between{-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.gap-x-2{-webkit-column-gap:.5rem;-moz-column-gap:.5rem;column-gap:.5rem}.gap-x-6{-webkit-column-gap:1.5rem;-moz-column-gap:1.5rem;column-gap:1.5rem}.gap-y-1{row-gap:.25rem}.gap-y-2{row-gap:.5rem}.overflow-hidden{overflow:hidden}.whitespace-pre-line{white-space:pre-line}.whitespace-pre-wrap{white-space:pre-wrap}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.rounded{border-radius:.25rem}.rounded-full{border-radius:9999px}.rounded-xl{border-radius:.75rem}.rounded-t-xl{border-top-left-radius:.75rem;border-top-right-radius:.75rem}.border{border-width:1px}.border-4{border-width:4px}.border-b{border-bottom-width:1px}.border-r{border-right-width:1px}.border-black{--tw-border-opacity:1;border-color:rgb(0 0 0/var(--tw-border-opacity))}.border-gray-300{--tw-border-opacity:1;border-color:rgb(209 213 219/var(--tw-border-opacity))}.bg-gray-100{--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.bg-gray-300{--tw-bg-opacity:1;background-color:rgb(209 213 219/var(--tw-bg-opacity))}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.fill-\[\#336dec\]{fill:#336dec}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.px-4{padding-left:1rem;padding-right:1rem}.px-5{padding-left:1.25rem;padding-right:1.25rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.py-1{padding-bottom:.25rem;padding-top:.25rem}.py-2{padding-bottom:.5rem;padding-top:.5rem}.py-3{padding-bottom:.75rem;padding-top:.75rem}.py-4{padding-bottom:1rem;padding-top:1rem}.py-6{padding-top:1.5rem}.pb-6,.py-6{padding-bottom:1.5rem}.pl-3{padding-left:.75rem}.pl-4{padding-left:1rem}.pl-8{padding-left:2rem}.pr-1{padding-right:.25rem}.pt-1{padding-top:.25rem}.text-left{text-align:left}.text-center{text-align:center}.text-4xl{font-size:2.25rem;line-height:2.5rem}.text-base{font-size:1rem;line-height:1.5rem}.text-lg{font-size:1.125rem;line-height:1.75rem}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xl{font-size:1.25rem;line-height:1.75rem}.font-bold{font-weight:700}.font-medium{font-weight:500}.text-black{--tw-text-opacity:1;color:rgb(0 0 0/var(--tw-text-opacity))}.text-gray-400{--tw-text-opacity:1;color:rgb(156 163 175/var(--tw-text-opacity))}.text-red-700{--tw-text-opacity:1;color:rgb(185 28 28/var(--tw-text-opacity))}.underline{text-decoration-line:underline}.shadow-lg{--tw-shadow:0 10px 15px -3px rgba(0,0,0,.1),0 4px 6px -4px rgba(0,0,0,.1);--tw-shadow-colored:0 10px 15px -3px var(--tw-shadow-color),0 4px 6px -4px var(--tw-shadow-color);-webkit-box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow);box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.transition{-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.transition-transform{-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-property:-webkit-transform;transition-property:-webkit-transform;transition-property:transform;transition-property:transform,-webkit-transform;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.duration-200{-webkit-transition-duration:.2s;transition-duration:.2s}.ease-in-out{-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.\[overflow-anchor\:none\]{overflow-anchor:none}.odd\:bg-gray-100:nth-child(odd){--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.even\:bg-white:nth-child(2n){--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.hover\:z-\[2\]:hover{z-index:2}.focus\:z-\[3\]:focus{z-index:3}.focus\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:mr-0{margin-right:0}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:rotate-0{--tw-rotate:0deg;-webkit-transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:fill-\[\#212529\]{fill:#212529}@media (prefers-reduced-motion:reduce){.motion-reduce\:transition-none{-webkit-transition-property:none;transition-property:none}}@media (min-width:640px){.sm\:block{display:block}.sm\:grid{display:grid}.sm\:hidden{display:none}.sm\:w-40{width:10rem}.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.sm\:grid-cols-\[10\%_90\%\]{grid-template-columns:10% 90%}.sm\:break-words{overflow-wrap:break-word}.sm\:font-normal{font-weight:400}.sm\:no-underline{text-decoration-line:none}}@media (min-width:768px){.md\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}}@media (min-width:1024px){.lg\:sticky{position:sticky}.lg\:block{display:block}.lg\:grid{display:grid}.lg\:hidden{display:none}.lg\:w-32{width:8rem}.lg\:w-36{width:9rem}.lg\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.lg\:break-normal{overflow-wrap:normal;word-break:normal}.lg\:pl-9{padding-left:2.25rem}}@media (min-width:1280px){.xl\:w-52{width:13rem}.xl\:grid-flow-col{grid-auto-flow:column}.xl\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.xl\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}}@media print{.print\:block{display:block}.print\:hidden{display:none}.print\:border-none{border-style:none}.print\:border-black{--tw-border-opacity:1;border-color:rgb(0 0 0/var(--tw-border-opacity))}.print\:bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.print\:text-left{text-align:left}.print\:text-2xl{font-size:1.5rem;line-height:2rem}}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:bg-blue-200:not([data-te-collapse-collapsed]){--tw-bg-opacity:1;background-color:rgb(191 219 254/var(--tw-bg-opacity))}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:text-blue-900:not([data-te-collapse-collapsed]){--tw-text-opacity:1;color:rgb(30 58 138/var(--tw-text-opacity))}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:\[box-shadow\:inset_0_-1px_0_rgba\(229\2c 231\2c 235\)\]:not([data-te-collapse-collapsed]){-webkit-box-shadow:inset 0 -1px 0 #e5e7eb;box-shadow:inset 0 -1px 0 #e5e7eb}.\[\&\[data-te-dropdown-show\]\]\:grid[data-te-dropdown-show]{display:grid} \ No newline at end of file +/*! tailwindcss v3.4.10 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #e5e7eb;-webkit-box-sizing:border-box;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{-webkit-text-size-adjust:100%;-webkit-font-feature-settings:normal;font-feature-settings:normal;-webkit-tap-highlight-color:transparent;font-family:Roboto,sans-serif;font-variation-settings:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{-webkit-font-feature-settings:normal;font-feature-settings:normal;font-family:ui-monospace,monospace;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{-webkit-font-feature-settings:inherit;font-feature-settings:inherit;color:inherit;font-family:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}button,input:where([type=button]),input:where([type=reset]),input:where([type=submit]){-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#9ca3af;opacity:1}input::-moz-placeholder,textarea::-moz-placeholder{color:#9ca3af;opacity:1}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#9ca3af;opacity:1}input::-ms-input-placeholder,textarea::-ms-input-placeholder{color:#9ca3af;opacity:1}input::placeholder,textarea::placeholder{color:#9ca3af;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]{display:none}input[type=range]::-webkit-slider-thumb{appearance:none;-moz-appearance:none;-webkit-appearance:none;background:#3b71ca;border:0;border-radius:9999px;cursor:pointer;height:1rem;width:1rem}input[type=range]:disabled::-webkit-slider-thumb,input[type=range]:disabled:focus::-webkit-slider-thumb{background:#a3a3a3}input[type=range]:disabled:active::-webkit-slider-thumb{background:#a3a3a3}input[type=range]::-moz-range-thumb{appearance:none;-moz-appearance:none;-webkit-appearance:none;background:#3b71ca;border:0;border-radius:9999px;cursor:pointer;height:1rem;width:1rem}input[type=range]:disabled::-moz-range-thumb{background:#a3a3a3}input[type=range]::-moz-range-progress{background:#3061af}input[type=range]::-ms-fill-lower{background:#3061af}input[type=range]:focus{outline:none}input[type=range]:focus::-webkit-slider-thumb{background:#3061af}input[type=range]:active::-webkit-slider-thumb{background:#285192}*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::-ms-backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: ;--tw-contain-size: ;--tw-contain-layout: ;--tw-contain-paint: ;--tw-contain-style: }.collapse{visibility:collapse}.relative{position:relative}.top-0{top:0}.z-10{z-index:10}.mx-2{margin-left:.5rem;margin-right:.5rem}.mx-4{margin-left:1rem;margin-right:1rem}.mx-6{margin-left:1.5rem;margin-right:1.5rem}.my-1{margin-bottom:.25rem;margin-top:.25rem}.my-2{margin-bottom:.5rem;margin-top:.5rem}.my-3{margin-bottom:.75rem;margin-top:.75rem}.my-4{margin-bottom:1rem;margin-top:1rem}.-mr-1{margin-right:-.25rem}.mb-0{margin-bottom:0}.mb-2{margin-bottom:.5rem}.ml-auto{margin-left:auto}.mt-2{margin-top:.5rem}.mt-3{margin-top:.75rem}.block{display:block}.inline-block{display:inline-block}.flex{display:-webkit-box;display:-ms-flexbox;display:flex}.inline-flex{display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}.table{display:table}.grid{display:grid}.hidden{display:none}.h-1{height:.25rem}.h-5{height:1.25rem}.h-6{height:1.5rem}.w-1\/2{width:50%}.w-24{width:6rem}.w-28{width:7rem}.w-32{width:8rem}.w-36{width:9rem}.w-40{width:10rem}.w-5{width:1.25rem}.w-56{width:14rem}.w-6{width:1.5rem}.w-64{width:16rem}.w-full{width:100%}.min-w-full{min-width:100%}.shrink{-ms-flex-negative:1;flex-shrink:1}.shrink-0{-ms-flex-negative:0;flex-shrink:0}.border-separate{border-collapse:separate}.border-spacing-x-2{--tw-border-spacing-x:0.5rem;border-spacing:var(--tw-border-spacing-x) var(--tw-border-spacing-y)}.rotate-\[-180deg\]{--tw-rotate:-180deg;-webkit-transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.grid-flow-row{grid-auto-flow:row}.grid-flow-col{grid-auto-flow:column}.grid-cols-1{grid-template-columns:repeat(1,minmax(0,1fr))}.grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.flex-wrap{-ms-flex-wrap:wrap;flex-wrap:wrap}.items-center{-webkit-box-align:center;-ms-flex-align:center;align-items:center}.justify-between{-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.gap-x-2{-webkit-column-gap:.5rem;-moz-column-gap:.5rem;column-gap:.5rem}.gap-x-6{-webkit-column-gap:1.5rem;-moz-column-gap:1.5rem;column-gap:1.5rem}.gap-y-1{row-gap:.25rem}.gap-y-2{row-gap:.5rem}.overflow-hidden{overflow:hidden}.whitespace-pre-line{white-space:pre-line}.whitespace-pre-wrap{white-space:pre-wrap}.break-words{overflow-wrap:break-word}.break-all{word-break:break-all}.rounded{border-radius:.25rem}.rounded-full{border-radius:9999px}.rounded-xl{border-radius:.75rem}.rounded-t-xl{border-top-left-radius:.75rem;border-top-right-radius:.75rem}.border{border-width:1px}.border-4{border-width:4px}.border-b{border-bottom-width:1px}.border-r{border-right-width:1px}.border-black{--tw-border-opacity:1;border-color:rgb(0 0 0/var(--tw-border-opacity))}.border-gray-300{--tw-border-opacity:1;border-color:rgb(209 213 219/var(--tw-border-opacity))}.bg-gray-100{--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.bg-gray-300{--tw-bg-opacity:1;background-color:rgb(209 213 219/var(--tw-bg-opacity))}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.fill-\[\#336dec\]{fill:#336dec}.px-2{padding-left:.5rem;padding-right:.5rem}.px-3{padding-left:.75rem;padding-right:.75rem}.px-4{padding-left:1rem;padding-right:1rem}.px-5{padding-left:1.25rem;padding-right:1.25rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.py-1{padding-bottom:.25rem;padding-top:.25rem}.py-2{padding-bottom:.5rem;padding-top:.5rem}.py-3{padding-bottom:.75rem;padding-top:.75rem}.py-4{padding-bottom:1rem;padding-top:1rem}.py-6{padding-top:1.5rem}.pb-6,.py-6{padding-bottom:1.5rem}.pl-3{padding-left:.75rem}.pl-4{padding-left:1rem}.pl-8{padding-left:2rem}.pr-1{padding-right:.25rem}.pt-1{padding-top:.25rem}.text-left{text-align:left}.text-center{text-align:center}.text-4xl{font-size:2.25rem;line-height:2.5rem}.text-base{font-size:1rem;line-height:1.5rem}.text-lg{font-size:1.125rem;line-height:1.75rem}.text-sm{font-size:.875rem;line-height:1.25rem}.text-xl{font-size:1.25rem;line-height:1.75rem}.font-bold{font-weight:700}.font-medium{font-weight:500}.text-black{--tw-text-opacity:1;color:rgb(0 0 0/var(--tw-text-opacity))}.text-gray-400{--tw-text-opacity:1;color:rgb(156 163 175/var(--tw-text-opacity))}.text-red-700{--tw-text-opacity:1;color:rgb(185 28 28/var(--tw-text-opacity))}.underline{text-decoration-line:underline}.shadow-lg{--tw-shadow:0 10px 15px -3px rgba(0,0,0,.1),0 4px 6px -4px rgba(0,0,0,.1);--tw-shadow-colored:0 10px 15px -3px var(--tw-shadow-color),0 4px 6px -4px var(--tw-shadow-color);-webkit-box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow);box-shadow:var(--tw-ring-offset-shadow,0 0 #0000),var(--tw-ring-shadow,0 0 #0000),var(--tw-shadow)}.transition{-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter;transition-property:color,background-color,border-color,text-decoration-color,fill,stroke,opacity,box-shadow,transform,filter,backdrop-filter,-webkit-box-shadow,-webkit-transform,-webkit-filter,-webkit-backdrop-filter;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.transition-transform{-webkit-transition-duration:.15s;transition-duration:.15s;-webkit-transition-property:-webkit-transform;transition-property:-webkit-transform;transition-property:transform;transition-property:transform,-webkit-transform;-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.duration-200{-webkit-transition-duration:.2s;transition-duration:.2s}.ease-in-out{-webkit-transition-timing-function:cubic-bezier(.4,0,.2,1);transition-timing-function:cubic-bezier(.4,0,.2,1)}.\[overflow-anchor\:none\]{overflow-anchor:none}.odd\:bg-gray-100:nth-child(odd){--tw-bg-opacity:1;background-color:rgb(243 244 246/var(--tw-bg-opacity))}.even\:bg-white:nth-child(2n){--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.hover\:z-\[2\]:hover{z-index:2}.focus\:z-\[3\]:focus{z-index:3}.focus\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:mr-0{margin-right:0}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:rotate-0{--tw-rotate:0deg;-webkit-transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y));transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.group[data-te-collapse-collapsed] .group-\[\[data-te-collapse-collapsed\]\]\:fill-\[\#212529\]{fill:#212529}@media (prefers-reduced-motion:reduce){.motion-reduce\:transition-none{-webkit-transition-property:none;transition-property:none}}@media (min-width:640px){.sm\:block{display:block}.sm\:grid{display:grid}.sm\:hidden{display:none}.sm\:w-40{width:10rem}.sm\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.sm\:grid-cols-\[10\%_90\%\]{grid-template-columns:10% 90%}.sm\:break-words{overflow-wrap:break-word}.sm\:font-normal{font-weight:400}.sm\:no-underline{text-decoration-line:none}}@media (min-width:768px){.md\:grid-cols-3{grid-template-columns:repeat(3,minmax(0,1fr))}}@media (min-width:1024px){.lg\:sticky{position:sticky}.lg\:block{display:block}.lg\:grid{display:grid}.lg\:hidden{display:none}.lg\:w-32{width:8rem}.lg\:w-36{width:9rem}.lg\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}.lg\:break-normal{overflow-wrap:normal;word-break:normal}.lg\:pl-9{padding-left:2.25rem}}@media (min-width:1280px){.xl\:w-52{width:13rem}.xl\:grid-flow-col{grid-auto-flow:column}.xl\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}.xl\:grid-cols-4{grid-template-columns:repeat(4,minmax(0,1fr))}}@media print{.print\:block{display:block}.print\:hidden{display:none}.print\:border-none{border-style:none}.print\:border-black{--tw-border-opacity:1;border-color:rgb(0 0 0/var(--tw-border-opacity))}.print\:bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.print\:text-left{text-align:left}.print\:text-2xl{font-size:1.5rem;line-height:2rem}}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:bg-blue-200:not([data-te-collapse-collapsed]){--tw-bg-opacity:1;background-color:rgb(191 219 254/var(--tw-bg-opacity))}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:text-blue-900:not([data-te-collapse-collapsed]){--tw-text-opacity:1;color:rgb(30 58 138/var(--tw-text-opacity))}.\[\&\:not\(\[data-te-collapse-collapsed\]\)\]\:\[box-shadow\:inset_0_-1px_0_rgba\(229\2c 231\2c 235\)\]:not([data-te-collapse-collapsed]){-webkit-box-shadow:inset 0 -1px 0 #e5e7eb;box-shadow:inset 0 -1px 0 #e5e7eb}.\[\&\[data-te-dropdown-show\]\]\:grid[data-te-dropdown-show]{display:grid} \ No newline at end of file diff --git a/apps/frontend/public/static/samples/small_overrides_hdf.json b/apps/frontend/public/static/samples/small_overrides_hdf.json new file mode 100644 index 0000000000..105eabf3ce --- /dev/null +++ b/apps/frontend/public/static/samples/small_overrides_hdf.json @@ -0,0 +1,907 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "RHEL_9_STIG", + "version": "1", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "summary": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "license": "terms-of-use", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257777r925318_rule", + "gid": "V-257777", + "stig_id": "RHEL-09-211010", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Testing both N/A and overidden", + "severityoverride": "medium" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must be a vendor-supported release.", + "id": "V-257777", + "desc": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "descriptions": [ + { + "data": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "label": "check" + }, + { + "data": "Upgrade to a supported version of RHEL 9.", + "label": "fix" + } + ], + "impact": 0, + "code": "{\n \"status\": \"Not Applicable\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"medium\",\n \"severityjustification\": \"Testing both N/A and overidden\",\n \"vulnNum\": \"V-257777\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257777r925318_rule\",\n \"ruleVer\": \"RHEL-09-211010\",\n \"ruleTitle\": \"RHEL 9 must be a vendor-supported release.\",\n \"vulnDiscuss\": \"An operating system release is considered \\\"supported\\\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\\n\\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that the version or RHEL 9 is vendor supported with the following command:\\n\\n$ cat /etc/redhat-release \\n\\nRed Hat Enterprise Linux release 9.2 (Plow)\\n\\nIf the installed version of RHEL 9 is not supported, this is a finding.\",\n \"fixText\": \"Upgrade to a supported version of RHEL 9.\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257778r925321_rule", + "gid": "V-257778", + "stig_id": "RHEL-09-211015", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Example of overridden severity", + "severityoverride": "low" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "id": "V-257778", + "desc": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "descriptions": [ + { + "data": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "label": "check" + }, + { + "data": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "label": "fix" + } + ], + "impact": 0.3, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"low\",\n \"severityjustification\": \"Example of overridden severity\",\n \"vulnNum\": \"V-257778\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257778r925321_rule\",\n \"ruleVer\": \"RHEL-09-211015\",\n \"ruleTitle\": \"RHEL 9 vendor packaged system security patches and updates must be installed and up to date.\",\n \"vulnDiscuss\": \"Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\\n\\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\\n\\nCheck that the available package security updates have been installed on the system with the following command:\\n\\n$ dnf history list | more\\n\\n ID | Command line | Date and time | Action(s) | Altered \\n------------------------------------------------------------------------------- \\n 70 | install aide | 2023-03-05 10:58 | Install | 1 \\n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \\n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \\n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \\n\\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\\n\\nIf the system is in noncompliance with the organizational patching policy, this is a finding.\",\n \"fixText\": \"Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\\n\\n$ sudo dnf update\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "rid": "SV-257779r925324_rule", + "gid": "V-257779", + "stig_id": "RHEL-09-211020", + "cci": [ + "CCI-000048", + "CCI-001384", + "CCI-001385", + "CCI-001386", + "CCI-001387", + "CCI-001388" + ], + "nist": [ + "AC-8 a", + "AC-8 c 1", + "AC-8 c 2", + "AC-8 c 3" + ], + "severity": "critical", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Example high justification", + "severityoverride": "high" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "id": "V-257779", + "desc": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "descriptions": [ + { + "data": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "label": "fix" + } + ], + "impact": 1, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"high\",\n \"severityjustification\": \"Example high justification\",\n \"vulnNum\": \"V-257779\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000023-GPOS-00006\",\n \"ruleId\": \"SV-257779r925324_rule\",\n \"ruleVer\": \"RHEL-09-211020\",\n \"ruleTitle\": \"RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.\",\n \"vulnDiscuss\": \"Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\\n\\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\\n\\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\\n\\nCheck that a banner is displayed at the command line login screen with the following command:\\n\\n$ sudo cat /etc/issue\\n\\nIf the banner is set correctly it will return the following text:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\\n\\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\\n\\nEdit the \\\"/etc/issue\\\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"{\\n \\\"hdfSpecificData\\\": {\\n \\\"impact\\\": 1.0,\\n \\\"severity\\\": \\\"critical\\\"\\n }\\n}\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000191-GPOS-00080", + "rid": "SV-257780r939261_rule", + "gid": "V-257780", + "stig_id": "RHEL-09-211025", + "cci": [ + "CCI-001233" + ], + "nist": [ + "SI-2 (2)" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.", + "id": "V-257780", + "desc": "Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\n\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.", + "descriptions": [ + { + "data": "Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\n\nCheck that the following package has been installed:\n\n$ sudo rpm -qa | grep -i mcafeetp\n\nIf the \"mcafeetp\" package is not installed, this is a finding.\n\nVerify that the daemon is running:\n\n$ sudo ps -ef | grep -i mfetpd\n\nIf the daemon is not running, this is a finding.", + "label": "check" + }, + { + "data": "Install and enable the latest McAfee ENSLTP package.", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257780\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000191-GPOS-00080\",\n \"ruleId\": \"SV-257780r939261_rule\",\n \"ruleVer\": \"RHEL-09-211025\",\n \"ruleTitle\": \"RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.\",\n \"vulnDiscuss\": \"Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\\n\\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\\n\\nCheck that the following package has been installed:\\n\\n$ sudo rpm -qa | grep -i mcafeetp\\n\\nIf the \\\"mcafeetp\\\" package is not installed, this is a finding.\\n\\nVerify that the daemon is running:\\n\\n$ sudo ps -ef | grep -i mfetpd\\n\\nIf the daemon is not running, this is a finding.\",\n \"fixText\": \"Install and enable the latest McAfee ENSLTP package.\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001233\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257781r925330_rule", + "gid": "V-257781", + "stig_id": "RHEL-09-211030", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The graphical display manager must not be the default target on RHEL 9 unless approved.", + "id": "V-257781", + "desc": "Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.", + "descriptions": [ + { + "data": "Verify that RHEL 9 is configured to boot to the command line:\n\n$ systemctl get-default\n\nmulti-user.target\n\nIf the system default target is not set to \"multi-user.target\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.", + "label": "check" + }, + { + "data": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257781\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257781r925330_rule\",\n \"ruleVer\": \"RHEL-09-211030\",\n \"ruleTitle\": \"The graphical display manager must not be the default target on RHEL 9 unless approved.\",\n \"vulnDiscuss\": \"Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that RHEL 9 is configured to boot to the command line:\\n\\n$ systemctl get-default\\n\\nmulti-user.target\\n\\nIf the system default target is not set to \\\"multi-user.target\\\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.\",\n \"fixText\": \"Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\\n\\n$ sudo systemctl set-default multi-user.target\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257782r942961_rule", + "gid": "V-257782", + "stig_id": "RHEL-09-211035", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "low", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must enable the hardware random number generator entropy gatherer service.", + "id": "V-257782", + "desc": "The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \n\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).", + "descriptions": [ + { + "data": "Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\n\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\n\n$ systemctl is-active rngd\n\nactive\n\nIf the \"rngd\" service is not active, this is a finding.", + "label": "check" + }, + { + "data": "Install the rng-tools package with the following command:\n\n$ sudo dnf install rng-tools\n\nThen enable the rngd service run the following command:\n\n$ sudo systemctl enable --now rngd", + "label": "fix" + } + ], + "impact": 0.3, + "code": "{\n \"status\": \"Passed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257782\",\n \"severity\": \"low\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257782r942961_rule\",\n \"ruleVer\": \"RHEL-09-211035\",\n \"ruleTitle\": \"RHEL 9 must enable the hardware random number generator entropy gatherer service.\",\n \"vulnDiscuss\": \"The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \\n\\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).\",\n \"iaControls\": \"\",\n \"checkContent\": \"Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\\n\\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\\n\\n$ systemctl is-active rngd\\n\\nactive\\n\\nIf the \\\"rngd\\\" service is not active, this is a finding.\",\n \"fixText\": \"Install the rng-tools package with the following command:\\n\\n$ sudo dnf install rng-tools\\n\\nThen enable the rngd service run the following command:\\n\\n$ sudo systemctl enable --now rngd\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000269-GPOS-00103", + "rid": "SV-257783r925336_rule", + "gid": "V-257783", + "stig_id": "RHEL-09-211040", + "cci": [ + "CCI-001665" + ], + "nist": [ + "SC-24" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 systemd-journald service must be enabled.", + "id": "V-257783", + "desc": "In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.", + "descriptions": [ + { + "data": "Verify that \"systemd-journald\" is active with the following command:\n\n$ systemctl is-active systemd-journald\n\nactive\n\nIf the systemd-journald service is not active, this is a finding.", + "label": "check" + }, + { + "data": "To enable the systemd-journald service, run the following command:\n\n$ sudo systemctl enable --now systemd-journald", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Passed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257783\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000269-GPOS-00103\",\n \"ruleId\": \"SV-257783r925336_rule\",\n \"ruleVer\": \"RHEL-09-211040\",\n \"ruleTitle\": \"RHEL 9 systemd-journald service must be enabled.\",\n \"vulnDiscuss\": \"In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that \\\"systemd-journald\\\" is active with the following command:\\n\\n$ systemctl is-active systemd-journald\\n\\nactive\\n\\nIf the systemd-journald service is not active, this is a finding.\",\n \"fixText\": \"To enable the systemd-journald service, run the following command:\\n\\n$ sudo systemctl enable --now systemd-journald\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001665\"\n}", + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257784r925339_rule", + "gid": "V-257784", + "stig_id": "RHEL-09-211045", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.", + "id": "V-257784", + "desc": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\n\n$ grep -i ctrl /etc/systemd/system.conf\n\nCtrlAltDelBurstAction=none\n\nIf the \"CtrlAltDelBurstAction\" is not set to \"none\", commented out, or is missing, this is a finding.", + "label": "check" + }, + { + "data": "Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \"/etc/systemd/system.conf\" configuration file:\n\nCtrlAltDelBurstAction=none\n\nReload the daemon for this change to take effect.\n\n$ sudo systemctl daemon-reload", + "label": "fix" + } + ], + "impact": 0.7, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257784\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257784r925339_rule\",\n \"ruleVer\": \"RHEL-09-211045\",\n \"ruleTitle\": \"The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.\",\n \"vulnDiscuss\": \"A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\\n\\n$ grep -i ctrl /etc/systemd/system.conf\\n\\nCtrlAltDelBurstAction=none\\n\\nIf the \\\"CtrlAltDelBurstAction\\\" is not set to \\\"none\\\", commented out, or is missing, this is a finding.\",\n \"fixText\": \"Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \\\"/etc/systemd/system.conf\\\" configuration file:\\n\\nCtrlAltDelBurstAction=none\\n\\nReload the daemon for this change to take effect.\\n\\n$ sudo systemctl daemon-reload\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257785r925342_rule", + "gid": "V-257785", + "stig_id": "RHEL-09-211050", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.", + "id": "V-257785", + "desc": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\n\n$ sudo systemctl status ctrl-alt-del.target\n\nctrl-alt-del.target\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\nActive: inactive (dead)\n\nIf the \"ctrl-alt-del.target\" is loaded and not masked, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\n\n$ sudo systemctl disable --now ctrl-alt-del.target\n$ sudo systemctl mask --now ctrl-alt-del.target", + "label": "fix" + } + ], + "impact": 0.7, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257785\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257785r925342_rule\",\n \"ruleVer\": \"RHEL-09-211050\",\n \"ruleTitle\": \"The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.\",\n \"vulnDiscuss\": \"A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\\n\\n$ sudo systemctl status ctrl-alt-del.target\\n\\nctrl-alt-del.target\\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\\nActive: inactive (dead)\\n\\nIf the \\\"ctrl-alt-del.target\\\" is loaded and not masked, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\\n\\n$ sudo systemctl disable --now ctrl-alt-del.target\\n$ sudo systemctl mask --now ctrl-alt-del.target\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257786r943026_rule", + "gid": "V-257786", + "stig_id": "RHEL-09-211055", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 debug-shell systemd service must be disabled.", + "id": "V-257786", + "desc": "The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl status debug-shell.service\n\ndebug-shell.service\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\nActive: inactive (dead)\n\nIf the \"debug-shell.service\" is loaded and not masked, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl disable --now debug-shell.service\n$ sudo systemctl mask --now debug-shell.service", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257786\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257786r943026_rule\",\n \"ruleVer\": \"RHEL-09-211055\",\n \"ruleTitle\": \"RHEL 9 debug-shell systemd service must be disabled.\",\n \"vulnDiscuss\": \"The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\\n\\n$ sudo systemctl status debug-shell.service\\n\\ndebug-shell.service\\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\\nActive: inactive (dead)\\n\\nIf the \\\"debug-shell.service\\\" is loaded and not masked, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to mask the debug-shell systemd service with the following command:\\n\\n$ sudo systemctl disable --now debug-shell.service\\n$ sudo systemctl mask --now debug-shell.service\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000080-GPOS-00048", + "rid": "SV-257787r925348_rule", + "gid": "V-257787", + "stig_id": "RHEL-09-212010", + "cci": [ + "CCI-000213" + ], + "nist": [ + "AC-3" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must require a boot loader superuser password.", + "id": "V-257787", + "desc": "To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\n\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.", + "descriptions": [ + { + "data": "Verify the boot loader superuser password has been set and run the following command:\n\n$ sudo grep \"superusers\" /etc/grub2.cfg \n\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \n\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\n\n$ sudo cat /boot/grub2/user.cfg \n\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \n\nIf a \"GRUB2_PASSWORD\" is not set, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\n\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\n\n$ sudo grub2-setpassword\nEnter password:\nConfirm password:", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257787\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000080-GPOS-00048\",\n \"ruleId\": \"SV-257787r925348_rule\",\n \"ruleVer\": \"RHEL-09-212010\",\n \"ruleTitle\": \"RHEL 9 must require a boot loader superuser password.\",\n \"vulnDiscuss\": \"To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\\n\\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify the boot loader superuser password has been set and run the following command:\\n\\n$ sudo grep \\\"superusers\\\" /etc/grub2.cfg \\n\\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \\n\\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\\n\\n$ sudo cat /boot/grub2/user.cfg \\n\\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \\n\\nIf a \\\"GRUB2_PASSWORD\\\" is not set, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\\n\\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\\n\\n$ sudo grub2-setpassword\\nEnter password:\\nConfirm password:\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000213\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + } + ], + "sha256": "cd0150021884813f964483b2e543dd6458e106d0c6fa125852991525a9c1e0f8" + } + ], + "passthrough": { + "checklist": { + "asset": { + "role": "None", + "assettype": "Computing", + "hostname": "", + "hostip": "", + "hostmac": "", + "hostfqdn": "", + "marking": "CUI", + "targetcomment": "", + "techarea": "", + "targetkey": "5551", + "webordatabase": false, + "webdbsite": "", + "webdbinstance": "" + }, + "stigs": [ + { + "header": { + "version": "1", + "classification": "UNCLASSIFIED", + "customname": "", + "stigid": "RHEL_9_STIG", + "description": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "filename": "U_RHEL_9_STIG_V1R3_Manual-xccdf.xml", + "releaseinfo": "Release: 3 Benchmark Date: 24 Apr 2024", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "uuid": "47e1d7ee-1fe2-4f8b-9914-3aaa2b6ace72", + "notice": "terms-of-use", + "source": "STIG.DOD.MIL" + }, + "vulns": [ + { + "status": "Not Applicable", + "findingdetails": "", + "comments": "", + "severityoverride": "medium", + "severityjustification": "Testing both N/A and overidden", + "vulnNum": "V-257777", + "severity": "high", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257777r925318_rule", + "ruleVer": "RHEL-09-211010", + "ruleTitle": "RHEL 9 must be a vendor-supported release.", + "vulnDiscuss": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "iaControls": "", + "checkContent": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "fixText": "Upgrade to a supported version of RHEL 9.", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "low", + "severityjustification": "Example of overridden severity", + "vulnNum": "V-257778", + "severity": "medium", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257778r925321_rule", + "ruleVer": "RHEL-09-211015", + "ruleTitle": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "vulnDiscuss": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "iaControls": "", + "checkContent": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "fixText": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "high", + "severityjustification": "Example high justification", + "vulnNum": "V-257779", + "severity": "medium", + "groupTitle": "SRG-OS-000023-GPOS-00006", + "ruleId": "SV-257779r925324_rule", + "ruleVer": "RHEL-09-211020", + "ruleTitle": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "vulnDiscuss": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "iaControls": "", + "checkContent": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "fixText": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "{\n \"hdfSpecificData\": {\n \"impact\": 1.0,\n \"severity\": \"critical\"\n }\n}", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257780", + "severity": "medium", + "groupTitle": "SRG-OS-000191-GPOS-00080", + "ruleId": "SV-257780r939261_rule", + "ruleVer": "RHEL-09-211025", + "ruleTitle": "RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.", + "vulnDiscuss": "Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\n\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.", + "iaControls": "", + "checkContent": "Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\n\nCheck that the following package has been installed:\n\n$ sudo rpm -qa | grep -i mcafeetp\n\nIf the \"mcafeetp\" package is not installed, this is a finding.\n\nVerify that the daemon is running:\n\n$ sudo ps -ef | grep -i mfetpd\n\nIf the daemon is not running, this is a finding.", + "fixText": "Install and enable the latest McAfee ENSLTP package.", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-001233" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257781", + "severity": "medium", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257781r925330_rule", + "ruleVer": "RHEL-09-211030", + "ruleTitle": "The graphical display manager must not be the default target on RHEL 9 unless approved.", + "vulnDiscuss": "Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.", + "iaControls": "", + "checkContent": "Verify that RHEL 9 is configured to boot to the command line:\n\n$ systemctl get-default\n\nmulti-user.target\n\nIf the system default target is not set to \"multi-user.target\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.", + "fixText": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Passed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257782", + "severity": "low", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257782r942961_rule", + "ruleVer": "RHEL-09-211035", + "ruleTitle": "RHEL 9 must enable the hardware random number generator entropy gatherer service.", + "vulnDiscuss": "The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \n\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).", + "iaControls": "", + "checkContent": "Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\n\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\n\n$ systemctl is-active rngd\n\nactive\n\nIf the \"rngd\" service is not active, this is a finding.", + "fixText": "Install the rng-tools package with the following command:\n\n$ sudo dnf install rng-tools\n\nThen enable the rngd service run the following command:\n\n$ sudo systemctl enable --now rngd", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Passed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257783", + "severity": "medium", + "groupTitle": "SRG-OS-000269-GPOS-00103", + "ruleId": "SV-257783r925336_rule", + "ruleVer": "RHEL-09-211040", + "ruleTitle": "RHEL 9 systemd-journald service must be enabled.", + "vulnDiscuss": "In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.", + "iaControls": "", + "checkContent": "Verify that \"systemd-journald\" is active with the following command:\n\n$ systemctl is-active systemd-journald\n\nactive\n\nIf the systemd-journald service is not active, this is a finding.", + "fixText": "To enable the systemd-journald service, run the following command:\n\n$ sudo systemctl enable --now systemd-journald", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-001665" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257784", + "severity": "high", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257784r925339_rule", + "ruleVer": "RHEL-09-211045", + "ruleTitle": "The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.", + "vulnDiscuss": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\n\n$ grep -i ctrl /etc/systemd/system.conf\n\nCtrlAltDelBurstAction=none\n\nIf the \"CtrlAltDelBurstAction\" is not set to \"none\", commented out, or is missing, this is a finding.", + "fixText": "Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \"/etc/systemd/system.conf\" configuration file:\n\nCtrlAltDelBurstAction=none\n\nReload the daemon for this change to take effect.\n\n$ sudo systemctl daemon-reload", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257785", + "severity": "high", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257785r925342_rule", + "ruleVer": "RHEL-09-211050", + "ruleTitle": "The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.", + "vulnDiscuss": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\n\n$ sudo systemctl status ctrl-alt-del.target\n\nctrl-alt-del.target\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\nActive: inactive (dead)\n\nIf the \"ctrl-alt-del.target\" is loaded and not masked, this is a finding.", + "fixText": "Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\n\n$ sudo systemctl disable --now ctrl-alt-del.target\n$ sudo systemctl mask --now ctrl-alt-del.target", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257786", + "severity": "medium", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257786r943026_rule", + "ruleVer": "RHEL-09-211055", + "ruleTitle": "RHEL 9 debug-shell systemd service must be disabled.", + "vulnDiscuss": "The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl status debug-shell.service\n\ndebug-shell.service\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\nActive: inactive (dead)\n\nIf the \"debug-shell.service\" is loaded and not masked, this is a finding.", + "fixText": "Configure RHEL 9 to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl disable --now debug-shell.service\n$ sudo systemctl mask --now debug-shell.service", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257787", + "severity": "medium", + "groupTitle": "SRG-OS-000080-GPOS-00048", + "ruleId": "SV-257787r925348_rule", + "ruleVer": "RHEL-09-212010", + "ruleTitle": "RHEL 9 must require a boot loader superuser password.", + "vulnDiscuss": "To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\n\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.", + "iaControls": "", + "checkContent": "Verify the boot loader superuser password has been set and run the following command:\n\n$ sudo grep \"superusers\" /etc/grub2.cfg \n\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \n\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\n\n$ sudo cat /boot/grub2/user.cfg \n\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \n\nIf a \"GRUB2_PASSWORD\" is not set, this is a finding.", + "fixText": "Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\n\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\n\n$ sudo grub2-setpassword\nEnter password:\nConfirm password:", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000213" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/apps/frontend/src/App.vue b/apps/frontend/src/App.vue index b43bbc74c4..498c4cef15 100644 --- a/apps/frontend/src/App.vue +++ b/apps/frontend/src/App.vue @@ -5,8 +5,9 @@ v-if="classification" :style="classificationStyle" class="classification-footer" - >{{ classification }} + {{ classification }} + diff --git a/apps/frontend/src/components/cards/EvaluationInfo.vue b/apps/frontend/src/components/cards/EvaluationInfo.vue index 12bc92df52..2996ced499 100644 --- a/apps/frontend/src/components/cards/EvaluationInfo.vue +++ b/apps/frontend/src/components/cards/EvaluationInfo.vue @@ -102,7 +102,13 @@ export default class EvaluationInfo extends Vue { } get duration(): string | undefined { - return _.get(this.file_object, 'evaluation.data.statistics.duration'); + const duration = _.get( + this.file_object, + 'evaluation.data.statistics.duration' + ); + return duration === null || duration === undefined + ? undefined + : duration.toString(); } get evaluation(): IEvaluation | undefined { diff --git a/apps/frontend/src/components/cards/InfoCardRow.vue b/apps/frontend/src/components/cards/InfoCardRow.vue new file mode 100644 index 0000000000..88520ba536 --- /dev/null +++ b/apps/frontend/src/components/cards/InfoCardRow.vue @@ -0,0 +1,68 @@ + + + diff --git a/apps/frontend/src/components/cards/StatusCardRow.vue b/apps/frontend/src/components/cards/StatusCardRow.vue index f52a63adef..919e6326da 100644 --- a/apps/frontend/src/components/cards/StatusCardRow.vue +++ b/apps/frontend/src/components/cards/StatusCardRow.vue @@ -45,8 +45,9 @@ Filter to Errors + Filter to Errors + @@ -75,8 +76,9 @@ Filter to Waived + Filter to Waived + diff --git a/apps/frontend/src/components/cards/controltable/ControlRowCol.vue b/apps/frontend/src/components/cards/controltable/ControlRowCol.vue index 81d9a17639..e714ba070d 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowCol.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowCol.vue @@ -76,7 +76,12 @@ export default class ControlRowCol extends mixins(HtmlSanitizeMixin) { } get resultMessage(): string | undefined { - return this.result.message || this.result.skip_message; + // Check if either `skip_message` or `message` exist + // If one but not the other exists, display the individual message + // Otherwise display both messages in a joint string + return this.result.skip_message && this.result.message + ? `-Message-\n${this.result.message}\n\n-Skip Message-\n${this.result.skip_message}` + : this.result.message || this.result.skip_message; } } diff --git a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue index 3e73e447fe..9d16f36359 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowDetails.vue @@ -33,10 +33,10 @@ Caveat: {{ caveat }}
 - Justification: {{ justification }}
 - + + Justification: {{ justification }} +
+ Rationale: {{ rationale }}
 Comments: {{ comments }}
 @@ -202,7 +202,23 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { detailsMap.set('Caveat', this.control.hdf.descriptions.caveat); detailsMap.set('Desc', this.control.data.desc); detailsMap.set('Rationale', this.control.hdf.descriptions.rationale); - detailsMap.set('Severity', this.control.root.hdf.severity); + // default to showing severity tag, otherwise show the computed severity (based on impact or severityoverride) + detailsMap.set( + 'Severity', + _.get( + this.control.root.data.tags, + 'severity', + this.control.root.hdf.severity + ) + ); + detailsMap.set( + 'Severity Override', + _.get(this.control.root.data.tags, 'severityoverride') + ); + detailsMap.set( + 'Severity Override Justification', + _.get(this.control.root.data.tags, 'severityjustification') + ); detailsMap.set('Impact', this.control.data.impact); detailsMap.set('NIST Controls', this.control.hdf.rawNistTags.join(', ')); detailsMap.set('CCI Controls', this.cciControlString); @@ -219,7 +235,10 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { const sparseControl = _.omit(this.control, [ 'data.tags.nist', 'data.tags.cci', - 'data.tags.cwe' + 'data.tags.cwe', + 'data.tags.severity', + 'data.tags.severityoverride', + 'data.tags.severityjustification' ]); // Convert all tags to Details @@ -253,7 +272,7 @@ export default class ControlRowDetails extends mixins(HtmlSanitizeMixin) { } return Array.from(detailsMap, ([name, value]) => ({name, value})).filter( - (v) => v.value + (v) => v.value !== undefined ); } diff --git a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue index db88d9cf85..29186cfc0f 100644 --- a/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue +++ b/apps/frontend/src/components/cards/controltable/ControlRowHeader.vue @@ -41,23 +41,36 @@ @@ -79,25 +92,20 @@ - How to use Heimdall {{ instanceMode }} {{ version }} + + How to use Heimdall {{ instanceMode }} {{ version }} +
diff --git a/apps/frontend/src/components/global/SearchHelpModal.vue b/apps/frontend/src/components/global/SearchHelpModal.vue index 4b55cb36f0..7b484307f9 100644 --- a/apps/frontend/src/components/global/SearchHelpModal.vue +++ b/apps/frontend/src/components/global/SearchHelpModal.vue @@ -36,6 +36,9 @@

  • Inputs: input:disable_slow_controls

    • +
  • +

    Tags: tags:severityoverride

    +

    • Joining Queries

    @@ -47,15 +50,15 @@

    - status:"Failed,Not reviewed" severity:High title:"Ensure IAM" + status:"Failed,Not reviewed" severity:High title:"Ensure IAM" +

    - Close Window + + Close Window +     diff --git a/apps/frontend/src/components/global/upload_tabs/FileReader.vue b/apps/frontend/src/components/global/upload_tabs/FileReader.vue index c027c5e9da..4b7b8f4dc5 100644 --- a/apps/frontend/src/components/global/upload_tabs/FileReader.vue +++ b/apps/frontend/src/components/global/upload_tabs/FileReader.vue @@ -33,11 +33,13 @@
  • AWS Security Finding Format (ASFF)
  • Burp Suite
  • Checklist
    • +
  • CycloneDX Software Bill of Materials (SBOM)
  • DBProtect
  • Fortify
    • -
  • Golang Security Checker (GoSec)
    • +
  • Golang Security Checker (gosec)
  • Ion Channel
  • JFrog Xray
    • +
  • Microsoft Secure Score
  • Nessus
  • Netsparker
  • Nikto
    • @@ -47,6 +49,7 @@
  • Scoutsuite
  • Snyk
  • Tenable (API)
    • +
  • Trufflehog
  • Twistlock
  • Veracode
  • XCCDF Results (native OpenSCAP and SCC outputs)
    • diff --git a/apps/frontend/src/components/global/upload_tabs/SampleList.vue b/apps/frontend/src/components/global/upload_tabs/SampleList.vue index 0fec0a478f..9928ec7c6f 100644 --- a/apps/frontend/src/components/global/upload_tabs/SampleList.vue +++ b/apps/frontend/src/components/global/upload_tabs/SampleList.vue @@ -40,6 +40,7 @@ placeholder="file name" clearable hide-details="auto" + data-cy="fileSearchField" />
    { + if (!this.accesskey) { + SnackbarModule.failure('The Access Token (key) is required'); + this.$refs.access_Key.focus(); + return; + } else if (!this.secretkey) { + SnackbarModule.failure('The Secret Token (key) is required'); + this.$refs.secret_Key.focus(); + return; + } else if (!this.hostname) { + SnackbarModule.failure('The Tenable.Sc URL is required'); + this.$refs.hostname_value.focus(); + return; + } + + // If the protocol (https) is missing add it if (!/^https?:\/\//.test(this.hostname)) { this.hostname = `https://${this.hostname}`; } + // If the SSL/TLS port is missing add default 443 + if (!this.hostname.split(':')[2]) { + this.hostname = `${this.hostname}:443`; + } + const config: AuthInfo = { accesskey: this.accesskey, secretkey: this.secretkey, diff --git a/apps/frontend/src/components/global/upload_tabs/tenable/TenableReader.vue b/apps/frontend/src/components/global/upload_tabs/tenable/TenableReader.vue index 8bb165bf2c..b516071805 100644 --- a/apps/frontend/src/components/global/upload_tabs/tenable/TenableReader.vue +++ b/apps/frontend/src/components/global/upload_tabs/tenable/TenableReader.vue @@ -41,7 +41,7 @@
    - For connection instructions and further information, check here: + For connection instructions and further information, consult: status !== 'Waived' ) }; - controls = filterControlsBy(controls, controlFilters); + // Filter by tags + if (filter.tagFilter && filter.tagFilter.length > 0) { + controls = controls.filter((control) => { + if (filter.tagFilter) { + // every tag in the filter must be contained in the control's tags + const tags = Object.keys(control.data.tags).map((t) => + t.toLowerCase() + ); + return filter.tagFilter.every((tag) => { + return tags.includes(tag); + }); + } + }); + } + // Filter by overlay if (filter.omit_overlayed_controls) { controls = controls.filter( diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts index 3f420277d9..d3e11b43cd 100644 --- a/apps/frontend/src/store/report_intake.ts +++ b/apps/frontend/src/store/report_intake.ts @@ -5,19 +5,21 @@ import {InspecDataModule} from '@/store/data_store'; import Store from '@/store/store'; import {Tag} from '@/types/models'; -import {read_file_async} from '@/utilities/async_util'; +import {readFileAsync} from '@/utilities/async_util'; import { ASFFResults as ASFFResultsMapper, BurpSuiteMapper, ChecklistResults, ConveyorResults as ConveyorResultsMapper, + CycloneDXSBOMResults, DBProtectMapper, fingerprint, FortifyMapper, - GoSecMapper, + GosecMapper, INPUT_TYPES, IonChannelMapper, JfrogXrayMapper, + MsftSecureScoreResults, NessusResults, NetsparkerMapper, NiktoMapper, @@ -25,6 +27,7 @@ import { SarifMapper, ScoutsuiteMapper, SnykResults, + TrufflehogResults, TwistlockResults, VeracodeMapper, XCCDFResultsMapper, @@ -135,7 +138,7 @@ export class InspecIntake extends VuexModule { const filename = options.file?.name || options.filename || 'Missing Filename'; if (options.file) { - read = await read_file_async(options.file); + read = await readFileAsync(options.file); } else if (options.data) { read = options.data; } else { @@ -229,6 +232,8 @@ export class InspecIntake extends VuexModule { switch (typeGuess) { case INPUT_TYPES.JFROG: return new JfrogXrayMapper(convertOptions.data).toHdf(); + case INPUT_TYPES.MSFT_SEC_SCORE: + return new MsftSecureScoreResults(convertOptions.data).toHdf(); case INPUT_TYPES.ASFF: return Object.values( new ASFFResultsMapper(convertOptions.data).toHdf() @@ -270,7 +275,11 @@ export class InspecIntake extends VuexModule { case INPUT_TYPES.CHECKLIST: return new ChecklistResults(convertOptions.data).toHdf(); case INPUT_TYPES.GOSEC: - return new GoSecMapper(convertOptions.data).toHdf(); + return new GosecMapper(convertOptions.data).toHdf(); + case INPUT_TYPES.CYCLONEDX_SBOM: + return new CycloneDXSBOMResults(convertOptions.data).toHdf(); + case INPUT_TYPES.TRUFFLEHOG: + return new TrufflehogResults(convertOptions.data).toHdf(); default: return SnackbarModule.failure( `Invalid file uploaded (${filename}), no fingerprints matched.` diff --git a/apps/frontend/src/store/search.ts b/apps/frontend/src/store/search.ts index e4d43ddfff..1fb9ed0ea1 100644 --- a/apps/frontend/src/store/search.ts +++ b/apps/frontend/src/store/search.ts @@ -1,5 +1,5 @@ import Store from '@/store/store'; -import {Severity} from 'inspecjs'; +import {Severity, severities} from 'inspecjs'; import {parse} from 'search-query-parser'; import { Action, @@ -39,8 +39,6 @@ export const statusTypes = [ 'Waived' ]; -export const severityTypes = ['none', 'low', 'medium', 'high', 'critical']; - export function lowercaseAll(input: string | string[]): string | string[] { if (typeof input === 'string') { return input.toLowerCase(); @@ -52,7 +50,7 @@ export function lowercaseAll(input: string | string[]): string | string[] { } export function valueToSeverity(severity: string): Severity { - if (severityTypes.includes(severity.toLowerCase())) { + if (severities.find((severity) => severity === severity.toLowerCase())) { return severity as Severity; } else { return 'none'; @@ -74,6 +72,7 @@ class Search extends VuexModule implements ISearchState { statusFilter: ExtendedControlStatus[] = []; severityFilter: Severity[] = []; titleSearchTerms: string[] = []; + tagFilter: string[] = []; /** Update the current search */ @Action @@ -99,7 +98,8 @@ class Search extends VuexModule implements ISearchState { 'desc', 'description', 'code', - 'input' + 'input', + 'tags' ] }; const searchResult = parse(this.searchTerm, options); @@ -133,6 +133,9 @@ class Search extends VuexModule implements ISearchState { case 'code': this.addCodeFilter(lowercaseAll(include)); break; + case 'tags': + this.addTagFilter(lowercaseAll(include)); + break; case 'text': if (typeof include === 'string') { this.setFreesearch(include); @@ -159,6 +162,7 @@ class Search extends VuexModule implements ISearchState { this.context.commit('CLEAR_NIST'); this.context.commit('CLEAR_DESCRIPTION'); this.context.commit('CLEAR_CODE'); + this.context.commit('CLEAR_TAG'); this.context.commit('CLEAR_FREESEARCH'); } @@ -425,6 +429,25 @@ class Search extends VuexModule implements ISearchState { this.codeSearchTerms = []; } + // Tag filtering + + /** Adds code to filter */ + @Action + addTagFilter(tag: string | string[]) { + this.context.commit('ADD_TAG', tag); + } + + @Mutation + ADD_TAG(tag: string | string[]) { + this.tagFilter = this.tagFilter.concat(tag); + } + + /** Clears all code filters */ + @Mutation + CLEAR_TAG() { + this.tagFilter = []; + } + // Freetext search /** Sets the current fulltext search */ diff --git a/apps/frontend/src/store/server.ts b/apps/frontend/src/store/server.ts index 1298414cd3..c617028c8c 100644 --- a/apps/frontend/src/store/server.ts +++ b/apps/frontend/src/store/server.ts @@ -35,6 +35,8 @@ export interface IServerState { ldap: boolean; localLoginEnabled: boolean; userInfo: IUser; + tenableHostUrl: string; + splunkHostUrl: string; } interface LoginData { @@ -63,6 +65,8 @@ class Server extends VuexModule implements IServerState { enabledOAuth: string[] = []; allUsers: ISlimUser[] = []; oidcName = ''; + tenableHostUrl: string = ''; + splunkHostUrl: string = ''; /** Our currently granted JWT token */ token = ''; /** Provide a sane default for userInfo in order to avoid having to null check it all the time */ @@ -106,6 +110,8 @@ class Server extends VuexModule implements IServerState { this.oidcName = settings.oidcName; this.ldap = settings.ldap; this.localLoginEnabled = settings.localLoginEnabled; + this.tenableHostUrl = settings.tenableHostUrl; + this.splunkHostUrl = settings.splunkHostUrl; } @Mutation diff --git a/apps/frontend/src/utilities/async_util.ts b/apps/frontend/src/utilities/async_util.ts index c203bb20f3..6525f0e8cc 100644 --- a/apps/frontend/src/utilities/async_util.ts +++ b/apps/frontend/src/utilities/async_util.ts @@ -1,7 +1,7 @@ /* Provides async wrappers over various common functions/tasks */ /** Provides the resulting text of reading a file as a promise */ -export async function read_file_async(file: File): Promise { +export async function readFileAsync(file: File): Promise { const reader = new FileReader(); return new Promise((resolve, reject) => { reader.onerror = () => { diff --git a/apps/frontend/src/utilities/sample_util.ts b/apps/frontend/src/utilities/sample_util.ts index ac653ad741..69fb763b00 100644 --- a/apps/frontend/src/utilities/sample_util.ts +++ b/apps/frontend/src/utilities/sample_util.ts @@ -21,6 +21,7 @@ const rhel8ChecklistPath = '/static/samples/rhel_8_checklist.ckl'; const threeStigChecklistPath = '/static/samples/three_stig_checklist.ckl'; const ubuntuProfile = '/static/samples/ubuntu_profile.json'; const veracodeExecJson = '/static/samples/veracode.xml'; +const smallOverridesProfilePath = '/static/samples/small_overrides_hdf.json'; import axios from 'axios'; @@ -111,5 +112,9 @@ export const samples: Sample[] = [ { filename: 'Veracode Exec JSON', path: veracodeExecJson + }, + { + filename: 'Small Profile With Severity Overrides', + path: smallOverridesProfilePath } ]; diff --git a/apps/frontend/src/utilities/tenable_util.ts b/apps/frontend/src/utilities/tenable_util.ts index 7566f3af5e..10f195380a 100644 --- a/apps/frontend/src/utilities/tenable_util.ts +++ b/apps/frontend/src/utilities/tenable_util.ts @@ -1,5 +1,6 @@ import Zip from 'adm-zip'; import axios, {AxiosInstance} from 'axios'; +import {ServerModule} from '@/store/server'; import {createWinstonLogger} from '../../../../libs/hdf-converters/src/utils/global'; /** represents the information of the current used */ @@ -49,7 +50,7 @@ export class TenableUtil { () => reject( new Error( - 'Login timed out. Please check your CORS configuration or validate you have inputted the correct domain' + 'Login timed out. Please ensure the provided credentials and domain/URL are valid and try again.' ) ), 5000 @@ -64,21 +65,7 @@ export class TenableUtil { resolve(response.request.finished); }) .catch((error) => { - try { - if (error.code == 'ENOTFOUND') { - reject( - `Host: ${this.hostConfig.host_url} not found, check the Host Name (URL) or the network` - ); - } else if (error.response.data.error_code == 74) { - reject('Incorrect Access or Secret key'); - } else { - reject(error.response.data.error_msg); - } - } catch (e) { - reject( - `Possible network connection blocked by CORS policy. Received error: ${error}` - ); - } + reject(this.getRejectConnectionMessage(error)); }); } catch (e) { reject(`Unknown error: ${e}`); @@ -86,6 +73,63 @@ export class TenableUtil { }); } + // eslint-disable-next-line @typescript-eslint/no-explicit-any + getRejectConnectionMessage(error: any): string { + let rejectMsg = ''; + + if (error.response) { + // The request was made and the server responded with a status code + // that falls out of the range of 2xx + + if (error.response.data.error_code == 74) { + rejectMsg = 'Incorrect Access or Secret key'; + } else { + rejectMsg = `${error.name} : ${error.response.data.error_msg}`; + } + } else if (error.request) { + // The request was made but no response was received. + // `error.request` is an instance of XMLHttpRequest in the + // browser and an instance of http.ClientRequest in node.js + + if (error.code == 'ERR_NETWORK') { + // Check if the tenable url was provided - Content Security Policy (CSP) + const corsReject = `Access blocked by CORS or connection refused by the host: ${error.config.baseURL}. See Help for additional instructions.`; + const tenableUrl = ServerModule.tenableHostUrl; + if (tenableUrl) { + // If the URL is listed in the allows domains + // (.env variable TENABLE_HOST_URL) check if they match + if (!error.config.baseURL.includes(tenableUrl)) { + rejectMsg = `Hostname: ${error.config.baseURL} violates the Content Security Policy (CSP). The host allowed by the CSP is: ${tenableUrl}`; + } else { + // CSP url did match, check for port match - reject appropriately + const portNumber = parseInt(this.hostConfig.host_url.split(':')[2]); + if (portNumber != 443) { + rejectMsg = `Invalid SSL/TSL port number used: ${portNumber} must be 443.`; + } else { + rejectMsg = corsReject; + } + } + } else if (ServerModule.serverMode) { + // The URL is not listed in the allows domains (CSP) and Heimdall instance is a server + rejectMsg = + 'The Content Security Policy directive environment variable "TENABLE_HOST_URL" not configured. See Help for additional instructions.'; + } else { + rejectMsg = corsReject; + } + } else if (error.code == 'ENOTFOUND') { + rejectMsg = `Host: ${error.config.baseURL} not found, check the Hostname (URL) or the network.`; + } else if (error.code == 'ERR_CONNECTION_REFUSED') { + rejectMsg = `Received network connection refused by the host: ${error.config.baseURL}`; + } else { + rejectMsg = `${error.name} : ${error.message}`; + } + } else { + // Something happened in setting up the request that triggered an Error + rejectMsg = `${error.name} : ${error.message}`; + } + return rejectMsg; + } + /** * Gets the list of Scan Results. * Returned values are based on the fields requested: @@ -98,7 +142,7 @@ export class TenableUtil { () => reject( new Error( - 'Login timed out. Please check your CORS configuration or validate you have inputted the correct domain' + 'Login timed out. Please ensure the provided credentials and domain/URL are valid and try again.' ) ), 5000 @@ -113,11 +157,7 @@ export class TenableUtil { resolve(response.data.response.usable); }) .catch((error) => { - if (error.response.data.error_code == 74) { - reject('Incorrect Access or Secret key'); - } else { - reject(error.response.data.error_msg); - } + reject(`${error.name} : ${error.message}`); }); } catch (e) { reject(e); @@ -140,7 +180,7 @@ export class TenableUtil { () => reject( new Error( - 'Login timed out. Please check your CORS configuration or validate you have inputted the correct domain' + 'Login timed out. Please check your CORS configuration and validate that the hostname is correct.' ) ), 5000 diff --git a/apps/frontend/src/views/Compare.vue b/apps/frontend/src/views/Compare.vue index afecb61643..c8d7006f4a 100644 --- a/apps/frontend/src/views/Compare.vue +++ b/apps/frontend/src/views/Compare.vue @@ -342,6 +342,7 @@ export default class Compare extends Vue { nistIdFilter: SearchModule.NISTIdFilter, searchTerm: SearchModule.freeSearch, codeSearchTerms: SearchModule.codeSearchTerms, + tagFilter: SearchModule.tagFilter, omit_overlayed_controls: true }; } diff --git a/apps/frontend/src/views/Results.vue b/apps/frontend/src/views/Results.vue index 3cd4c65ea2..8a4d875dd4 100644 --- a/apps/frontend/src/views/Results.vue +++ b/apps/frontend/src/views/Results.vue @@ -99,6 +99,11 @@ @add-filter="addStatusSearch" @remove-filter="removeStatusFilter" /> + @@ -158,10 +163,7 @@ - + @@ -204,6 +206,7 @@ import EvaluationInfo from '@/components/cards/EvaluationInfo.vue'; import ProfileData from '@/components/cards/ProfileData.vue'; import SeverityChart from '@/components/cards/SeverityChart.vue'; import StatusCardRow from '@/components/cards/StatusCardRow.vue'; +import InfoCardRow from '@/components/cards/InfoCardRow.vue'; import StatusChart from '@/components/cards/StatusChart.vue'; import Treemap from '@/components/cards/treemap/Treemap.vue'; import UploadButton from '@/components/generic/UploadButton.vue'; @@ -248,6 +251,7 @@ import {compare_times} from '../utilities/delta_util'; components: { Base, StatusCardRow, + InfoCardRow, Treemap, ControlTable, StatusChart, @@ -370,6 +374,7 @@ export default class Results extends mixins(RouteMixin, ServerMixin) { nistIdFilter: SearchModule.NISTIdFilter, searchTerm: SearchModule.freeSearch || '', codeSearchTerms: SearchModule.codeSearchTerms, + tagFilter: SearchModule.tagFilter, treeFilters: this.treeFilters, omit_overlayed_controls: true, control_id: this.controlSelection || undefined @@ -386,6 +391,7 @@ export default class Results extends mixins(RouteMixin, ServerMixin) { titleSearchTerms: SearchModule.titleSearchTerms, descriptionSearchTerms: SearchModule.descriptionSearchTerms, codeSearchTerms: SearchModule.codeSearchTerms, + tagFilter: SearchModule.tagFilter, nistIdFilter: SearchModule.NISTIdFilter, ids: SearchModule.controlIdSearchTerms, fromFile: this.file_filter, @@ -419,6 +425,7 @@ export default class Results extends mixins(RouteMixin, ServerMixin) { SearchModule.statusFilter.length !== 0 || SearchModule.controlIdSearchTerms.length !== 0 || SearchModule.codeSearchTerms.length !== 0 || + SearchModule.tagFilter.length !== 0 || this.searchTerm || this.treeFilters.length ) { @@ -490,6 +497,10 @@ export default class Results extends mixins(RouteMixin, ServerMixin) { this.searchTerm = 'status:"Waived"'; } + showSeverityOverrides() { + this.searchTerm = 'tags:"severityoverride"'; + } + addStatusSearch(status: ExtendedControlStatus) { SearchModule.addSearchFilter({ field: 'status', diff --git a/apps/frontend/tests/unit/Results.spec.ts b/apps/frontend/tests/unit/Results.spec.ts index 2789bb6e56..5fbbc98439 100644 --- a/apps/frontend/tests/unit/Results.spec.ts +++ b/apps/frontend/tests/unit/Results.spec.ts @@ -52,8 +52,7 @@ describe('Datatable', () => { $router }, propsData: { - filter: (wrapper.vm as Vue & {all_filter: Filter}).all_filter, - showImpact: true + filter: (wrapper.vm as Vue & {all_filter: Filter}).all_filter } }); const expected = @@ -91,4 +90,30 @@ describe('Datatable', () => { .sort() ); }); + + it('it can properly filter overridden results', () => { + removeAllFiles(); + loadSample('Small Profile With Severity Overrides'); + controlTableWrapper = shallowMount(ControlTable, { + vuetify, + mocks: { + $router + }, + propsData: { + filter: { + ...(wrapper.vm as Vue & {all_filter: Filter}).all_filter, + tagFilter: ['severityoverride'] + } + } + }); + + expect( + ( + controlTableWrapper.vm as Vue & { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + items: Array; + } + ).items.length + ).toBe(3); // the file loaded includes 3 controls with severity override tags + }); }); diff --git a/lerna.json b/lerna.json index 8b57d5d058..73cc1d3131 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { "packages": ["apps/*", "libs/*", "test"], - "version": "2.10.10", - "npmClient": "yarn" + "version": "2.10.15", + "npmClient": "npx yarn" } diff --git a/libs/hdf-converters/.eslintrc.js b/libs/hdf-converters/.eslintrc.js index f6a0b20696..f7d4afc545 100644 --- a/libs/hdf-converters/.eslintrc.js +++ b/libs/hdf-converters/.eslintrc.js @@ -1,33 +1,39 @@ module.exports = { - parser: '@typescript-eslint/parser', - parserOptions: { - project: 'tsconfig.json', - sourceType: 'module', - }, - plugins: ['@typescript-eslint/eslint-plugin'], - extends: [ - 'plugin:@typescript-eslint/eslint-recommended', - 'plugin:@typescript-eslint/recommended', - 'prettier', - 'plugin:prettier/recommended', + parser: '@typescript-eslint/parser', + parserOptions: { + project: 'tsconfig.json', + sourceType: 'module' + }, + plugins: ['@typescript-eslint/eslint-plugin'], + extends: [ + 'plugin:@typescript-eslint/eslint-recommended', + 'plugin:@typescript-eslint/recommended', + 'prettier', + 'plugin:prettier/recommended' + ], + root: true, + env: { + node: true + }, + rules: { + '@typescript-eslint/naming-convention': [ + 'warn', + { + selector: 'interface', + format: ['PascalCase'], + custom: { + regex: '^I[A-Z]', + match: true + } + } ], - root: true, - env: { - node: true, - }, - rules: { - "@typescript-eslint/naming-convention": [ - "warn", - { - "selector": "interface", - "format": ["PascalCase"], - "custom": { - "regex": "^I[A-Z]", - "match": true - } - } - ], - 'object-curly-spacing': 'warn', - '@typescript-eslint/no-explicit-any': 'off', - }, + 'object-curly-spacing': 'warn', + '@typescript-eslint/no-explicit-any': 'off', + '@typescript-eslint/no-unused-vars': [ + 'warn', + { + argsIgnorePattern: '^_' + } + ] + } }; diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md index a58d64052a..b6f6e63e62 100644 --- a/libs/hdf-converters/README.md +++ b/libs/hdf-converters/README.md @@ -5,29 +5,34 @@ OHDF Converters supplies several methods to convert various types of security tool data to and from the OHDF standard. OHDF Converters can be used in a variety of tools, and is currently well integrated with Heimdall itself, and the [SAF CLI](https://github.com/mitre/saf). ## Supported Formats + 1. [**asff-mapper**] - AWS Security Finding Format JSON file, Prowler-derived AWS Security Finding Format results from concatenated JSON blobs, and Trivy-derived AWS Security Finding Format results from concatenated JSON blobs 2. [**aws-config-mapper**] - AWS Config 3. [**burpsuite-mapper**] - BurpSuite Pro XML file 4. [**caat-mapper**] - Compliance Assessment and Audit Tracking (CAAT) file 5. [**checklist-mapper**] - Checlist Mapper format 6. [**conveyor-mapper**] - Conveyor JSON file -7. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format -8. [**fortify-mapper**] - Fortify results FVDL file -9. [**ionchannel-mapper**] - SBOM data from Ion Channel -10. [**jfrog-xray-mapper**] - JFrog Xray results JSON file -11. [**nessus-mapper**] - Nessus XML results file -12. [**netsparker-mapper**] - Netsparker XML results file -13. [**nikto-mapper**] - Nikto results JSON file -14. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file -15. [**sarif-mapper**] - SARIF JSON file -16. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object -17. [**snyk-mapper**] - Snyk results JSON file -18. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API -19. [**splunk-mapper**] - Splunk instance -20. [**twistlock-mapper**] - Twistlock CLI output file -21. [**veracode-mapper**] - Veracode Scan Results XML file -22. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report -23. [**zap-mapper**] - OWASP ZAP results JSON +7. [**cyclonedx-sbom-mapper**] - CycloneDX SBOM JSON file +8. [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format +9. [**fortify-mapper**] - Fortify results FVDL file +10. [**gosec-mapper**] - gosec results JSON file +11. [**ionchannel-mapper**] - SBOM data from Ion Channel +12. [**jfrog-xray-mapper**] - JFrog Xray results JSON file +13. [**msft-secure-mapper**] - Microsoft Secure Score results file +14. [**nessus-mapper**] - Nessus XML results file +15. [**netsparker-mapper**] - Netsparker XML results file +16. [**nikto-mapper**] - Nikto results JSON file +17. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file +18. [**sarif-mapper**] - SARIF JSON file +19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object +20. [**snyk-mapper**] - Snyk results JSON file +21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API +22. [**splunk-mapper**] - Splunk instance +23. [**trufflehog-mapper**] - Trufflehog results json file +24. [**twistlock-mapper**] - Twistlock CLI output file +25. [**veracode-mapper**] - Veracode Scan Results XML file +26. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report +27. [**zap-mapper**] - OWASP ZAP results JSON ### NOTICE @@ -45,4 +50,4 @@ This software was produced for the U. S. Government under Contract Number HHSM-5 No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation. -For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000. +For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000. diff --git a/libs/hdf-converters/index.ts b/libs/hdf-converters/index.ts index b33c5370c4..80a4ec5545 100644 --- a/libs/hdf-converters/index.ts +++ b/libs/hdf-converters/index.ts @@ -4,6 +4,7 @@ export * from './src/burpsuite-mapper'; export * from './src/ckl-mapper/checklist-mapper'; export * from './src/ckl-mapper/checklistJsonix'; export * from './src/ckl-mapper/checklist-jsonix-converter'; +export * from './src/ckl-mapper/checklist-metadata-utils'; export * from './src/converters-from-hdf/asff/reverse-asff-mapper'; export * from './src/converters-from-hdf/caat/reverse-caat-mapper'; export * from './src/converters-from-hdf/html/reverse-html-mapper'; @@ -23,15 +24,18 @@ export * as NiktoNistMappingData from './src/mappings/NiktoNistMappingData'; export * as NistCciMappingData from './src/mappings/NistCciMappingData'; export * as OWaspNistMappingData from './src/mappings/OWaspNistMappingData'; export * as ScoutsuiteNistMappingData from './src/mappings/ScoutsuiteNistMappingData'; +export * from './src/msft-secure-score-mapper'; export * from './src/nessus-mapper'; export * from './src/netsparker-mapper'; export * from './src/nikto-mapper'; export * from './src/prisma-mapper'; export * from './src/sarif-mapper'; +export * from './src/cyclonedx-sbom-mapper'; export * from './src/scoutsuite-mapper'; export * from './src/snyk-mapper'; export * from './src/sonarqube-mapper'; export * from './src/splunk-mapper'; +export * from './src/trufflehog-mapper'; export * from './src/twistlock-mapper'; export * from './src/utils/attestations'; export * from './src/utils/compliance'; diff --git a/libs/hdf-converters/package.json b/libs/hdf-converters/package.json index a2d9fd607b..c1ab99bf11 100644 --- a/libs/hdf-converters/package.json +++ b/libs/hdf-converters/package.json @@ -1,6 +1,6 @@ { "name": "@mitre/hdf-converters", - "version": "2.10.8", + "version": "2.10.15", "license": "Apache-2.0", "description": "Converter util library used to transform various scan results into HDF format", "files": [ @@ -11,15 +11,15 @@ "main": "lib/index.js" }, "scripts": { - "prepack": "yarn build && node prepack.js", - "postpack": "run-script-os", - "postpack:darwin:linux": "mv package.json.orig package.json", - "postpack:win32": "move package.json.orig package.json", "build": "run-script-os", "build:darwin:linux": "../../node_modules/.bin/tsc -p ./tsconfig.build.json && cp -R ./data ./lib", "build:win32": "../../node_modules/.bin/tsc -p ./tsconfig.build.json && xcopy data lib", "lint": "eslint \"**/*.ts\" --fix", "lint:ci": "eslint \"**/*.ts\" --max-warnings 0", + "prepack": "yarn build && node prepack.js", + "postpack": "run-script-os", + "postpack:darwin:linux": "mv package.json.orig package.json", + "postpack:win32": "move package.json.orig package.json", "test": "jest", "csv2json": "tsx data/converters/csv2json.ts", "xml2json": "tsx data/converters/xml2json.ts" @@ -28,13 +28,16 @@ "@aws-sdk/client-config-service": "^3.95.0", "@e965/xlsx": "^0.20.0", "@mdi/js": "^7.0.96", + "@microsoft/microsoft-graph-types": "^2.40.0", "@mitre/jsonix": "^3.0.7", "@smithy/node-http-handler": "^3.0.0", "@types/csv2json": "^1.4.2", "@types/ms": "^0.7.31", "@types/mustache": "^4.1.2", "@types/papaparse": "^5.3.2", + "@types/revalidator": "^0.3.12", "@types/triple-beam": "^1.3.2", + "@types/validator": "^13.12.0", "@types/xml2js": "^0.4.9", "axios": "^1.3.5", "compare-versions": "^6.0.0", @@ -42,16 +45,18 @@ "fast-xml-parser": "^4.2.0", "html-entities": "^2.3.2", "htmlparser2": "^9.1.0", - "inspecjs": "^2.10.8", + "inspecjs": "^2.10.13", "lodash": "^4.17.21", "moment": "^2.29.1", "ms": "^2.1.3", "mustache": "^4.2.0", "papaparse": "^5.3.1", + "revalidator": "^0.3.1", "run-script-os": "^1.1.6", "semver": "^7.6.0", "tailwindcss": "^3.3.3", "tw-elements": "^1.0.0-beta2", + "validator": "^13.12.0", "winston": "^3.6.0", "xml-formatter": "^3.6.2", "xml-parser-xo": "^4.1.1", @@ -61,7 +66,7 @@ "devDependencies": { "@types/jest": "^27.0.0", "@types/lodash": "^4.14.161", - "@types/node": "^20.1.0", + "@types/node": "^22.0.0", "jest": "^27.0.6", "quicktype": "^23.0.170", "ts-jest": "^29.1.0", @@ -69,6 +74,13 @@ "typedoc": "^0.26.2" }, "jest": { + "moduleFileExtensions": [ + "js", + "json", + "ts", + "d.ts", + "node" + ], "moduleNameMapper": { "axios": "axios/dist/node/axios.cjs" }, diff --git a/libs/hdf-converters/sample_jsons/asff_reverse_mapper/restrictions-test-results.asff.json b/libs/hdf-converters/sample_jsons/asff_reverse_mapper/restrictions-test-results.asff.json index c60fdaf74a..727ed0897e 100644 --- a/libs/hdf-converters/sample_jsons/asff_reverse_mapper/restrictions-test-results.asff.json +++ b/libs/hdf-converters/sample_jsons/asff_reverse_mapper/restrictions-test-results.asff.json @@ -213,7 +213,7 @@ "Segment/code_desc/ senectus et netus et malesuada fames ac turpis egestas. Suspendisse maximus nunc nec odio semper aliquam. Donec vestibulum, magna et rhoncus condimentum, turpis libero tempor metus, et ornare nunc felis quis urna. Nulla pellentesque eget lacus nec finibus.In elementum, arcu at semper sagittis, ipsum nibh efficitur leo, quis convallis tellus enim at ligula. Vivamus ac risus euismod, eleifend metus sit amet, imperdiet sem. Cras volutpat, elit a convallis dictum, ligula lorem porttitor nunc, eget vulputate dolor felis quis lacus. Donec tincidunt sodales sapien at euismod. Etiam nec justo non purus cursus tempor. Sed a velit sed ante tincidunt facilisis. Mauris vel eros semper, pretium odio et, feugiat nisi. Nulla tincidunt eleifend ipsum. Donec a euismod lorem, non blandit nisl. Maecenas sit amet augue erat. Proin laoreet vehicula dui, ut egestas mauris. Vivamus vel turpis leo. Aliquam erat volutpat. Sed eu sollicitudin dolor. Nunc nibh libero, imperdiet a est sed, vestibulum dictum odio.Sed urna magna, ultricies vel sapien eget, tempus finibus felis. Cras elementum dui id libero lobortis, vel suscipit enim viverra. Mauris aliquam metus ac magna egestas, lacinia gravida dui vulputate. Curabitur molestie pretium faucibus. Suspendisse congue dui elit, id cursus eros dictum at. Integer lacinia varius diam, vitae fringilla nisi tempus quis. Fusce lacinia et quam et ullamcorper. Donec velit elit, blandit vestibulum justo ac, pretium placerat ex. Quisque ac imperdiet diam. Nam congue massa leo. Donec vitae convallis neque, ac imperdiet turpis. Ut in diam semper, volutpat enim sit amet, interdum quam. Ut vestibulum quam sed ante sodales, et molestie neque molestie. Mauris quis justo nulla. Pellentesque eu gravida quam.Curabitur quis lacus nisl. Pellentesque orci purus, ullamcorper sit amet feugiat nec, luctus vitae risus. Quisque egestas aliquet est, eget mattis turpis elementum nec. Mauris nec diam a elit molestie cursus. Praesent eget porttitor nibh, non dapibus arcu. Vestibulum pretium, neque a vulputate porttitor, mi nisi laoreet orci, malesuada malesuada dolor ante nec massa. Etiam a odio pellentesque tortor pulvinar tempus id semper odio.Aliquam lobortis id lectus eu luctus. Aenean mollis egestas risus pulvinar consequat. Fusce sed condimentum velit. Aenean sodales ac augue a congue. Etiam gravida, ligula ac interdum blandit, diam est luctus turpis, at venenatis tortor orci vitae sapien. Nam quis lacinia nibh, et lacinia neque. In arcu ligula, facilisis ut laoreet in, vehicula nec libero.Etiam luctus tellus tristique quam rhoncus vestibulum. Pellentesque gravida suscipit consequat. Cras sit amet auctor augue, eget convallis sapien. Duis enim velit, faucibus ullamcorper malesuada non, varius eu mi. Ut vulputate ante eu neque posuere, eget luctus magna dictum. Aenean quam purus, pulvinar non massa eget, faucibus varius mi. Quisque at urna risus. Fusce ut ex ultrices, mollis massa condimentum, vulputate quam. Ut commodo dui eu velit scelerisque, vel condimentum dui porttitor. Vivamus nibh justo, sollicitudin nec ante et, aliquam interdum nunc. Etiam non ornare tellus, eu euismod sapien. Pellentesque ornare ligula tristique arcu dictum placerat. Nam diam mi, commodo semper egestas interdum, aliquam in elit. Praesent varius nulla et diam consectetur dictum. Ut eget lectus mi.Integer aliquet quis mi viverra ultrices. Praesent aliquam congue tortor non porttitor. Fusce ut metus nec eros iaculis ornare. Cras placerat neque sit amet quam placerat, at fermentum lacus sagittis. Sed eu lacus non dui imperdiet ultricies. Aliquam mollis ex non metus porttitor, ut efficitur dui consequat. Mauris ante risus, luctus et nibh quis, venenatis vulputate nunc.Curabitur et aliquam ligula. Nunc vitae cursus sapien. Vestibulum facilisis imperdiet neque non sollicitudin. Curabitur placerat nunc quis elit sodales lobortis. Ut quis sapien vitae dolor molestie fermentum. Sed scelerisque gravida molestie. Nam vestibulum est ut elementum ultricies. Sed pretium augue eu tempor ornare. Aenean sed orci congue, ullamcorper turpis et, interdum nisl. Nullam in ante mattis, tincidunt felis id, fringilla est. Ut tincidunt laoreet dolor id tempus. Aenean cursus arcu eget egestas vehicula. Ut accumsan, dolor eget tempus posuere, nulla eros blandit urna, a volutpat urna eros eu leo. Integer molestie lacus urna, vitae eleifend ex molestie vitae. Cras sodales, sapien ultricies varius congue, dui nisi scelerisque tortor, non efficitur lacus lorem id diam. Nullam euismod tincidunt egestas.Proin dictum accumsan neque, quis euismod risus vulputate in. Aenean imperdiet metus vitae scelerisque elementum. Fusce semper nunc convallis tellus pellentesque gravida. Aliquam pharetra quam at auctor hendrerit. Nunc lacinia sed quam vel ultricies. Vestibulum egestas lorem magna, vel laoreet urna volutpat non. Duis dictum mi nibh, at luctus neque porttitor vel. Nunc mauris nulla, suscipit quis orci non, hendrerit dictum lacus. In ultrices nunc vel sem ultrices scelerisque. Vivamus vulputate nunc ac risus feugiat pulvinar.Nullam a lacus sed tellus egestas tincidunt et a risus. Maecenas id iaculis erat. In consequat quis massa a imperdiet. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Morbi posuere ultrices dui vel aliquet. Vestibulum et tellus et turpis gravida ullamcorper. Nunc mollis purus vitae arcu varius, a posuere ligula rutrum. Curabitur metus urna, imperdiet non metus vitae, posuere pretium risus. Interdum et malesuada fames ac ante ipsum primis in faucibus. Curabitur ullamcorper rutrum risus vitae tincidunt. Nam purus sem, tempor at nulla ut, viverra iaculis magna. Sed gravida hendrerit felis sit amet sollicitudin. Cras sodales dui eu purus consectetur posuere.Etiam at placerat metus. Proin neque risus, dictum a sapien id, auctor mattis lorem. Aenean consectetur eget urna quis gravida. Quisque urna enim, rutrum a rhoncus at, convallis quis tellus. Nam pulvinar ac nulla et accumsan. Suspendisse potenti. Cras sit amet interdum massa. Sed mollis placerat leo, vitae molestie nisl mollis id. Curabitur finibus felis vitae nibh accumsan dignissim vitae ut diam. Maecenas a pulvinar leo. Pellentesque euismod turpis orci, tristique fermentum diam egestas id. Mauris vel erat quis orci rutrum efficitur. Morbi eget tristique turpis, at mollis massa. Praesent eleifend ex eu est pharetra, eu bibendum eros maximus. Fusce in tellus ex. Pellentesque urna mauris, porta vel tellus et, tristique malesuada mi.Etiam posuere purus odio, id ultrices felis auctor vel. Nam eget elit vitae tellus ullamcorper efficitur ut et sem. Donec sed eros in quam fermentum semper. Praesent feugiat viverra pretium. Aenean quis erat non elit posuere vestibulum eu vel lacus. Pellentesque velit dolor, mollis quis risus in, aliquet ullamcorper augue. Vivamus auctor lectus in eros rutrum, eu finibus tortor consectetur. Cras vel libero malesuada, dapibus lorem a, congue dolor. Nullam imperdiet odio id purus porta imperdiet. Mauris sed vulputate libero. Ut semper magna vel efficitur ultrices.Phasellus vestibulum sapien vel leo semper, vitae ornare arcu dictum. Suspendisse sollicitudin libero a mattis consequat. Proin pulvinar ex at libero placerat ultrices. Aliquam quis nunc metus. Mauris id neque non augue euismod volutpat nec id nulla. Donec id velit pretium, consequat leo ut, congue arcu. Pellentesque vehicula fermentum turpis, vitae eleifend ex consectetur vel. Sed convallis fermentum aliquet. Aenean condimentum venenatis condimentum. In gravida imperdiet sapien quis suscipit.Nunc nec arcu tellus. Integer nec nunc fringilla, pulvinar arcu ac, semper felis. Praesent varius volutpat aliquet. Cras pellentesque sed justo ut posuere. Nulla sed finibus elit. Donec ut dui sit amet quam condimentum vestibulum. In eu dapibus ipsum, vel dignissim neque. Maecenas leo nisi, aliquam ac fringilla id, condimentum non lectus. Donec sed mi arcu. Integer at vestibulum nibh, ac convallis justo. Phasellus maximus in mi in vestibulum. Integer eu pulvinar elit. Suspendisse cursus sapien sit amet felis semper vehicula. Nunc lacinia semper bibendum. In non feugiat odio, sed viverra turpis.Duis fermentum in felis sed volutpat. Sed dolor odio, mattis in ex vitae, dignissim posuere tortor. Etiam suscipit mi in massa ultrices pretium. Donec aliquet justo sed mollis feugiat. Duis id pharetra turpis, nec accumsan nisi. Aliquam vulputate elit nec euismod sollicitudin. Curabitur ut mauris ipsum. Ut quis iaculis nulla. Nullam blandit efficitur ipsum at vestibulum. Praesent ultricies risus a nunc sagittis vestibulum. Etiam eget diam ut lorem eleifend facilisis. Aliquam vehicula nunc magna, non condimentum lacus hendrerit sit amet. Nullam mollis, velit ut commodo faucibus, nibh tortor ullamcorper leo, nec gravida nisi risus at tellus. Aliquam hendrerit arcu vitae magna porta fermentum.Ut congue nisi ut volutpat fringilla. Nam eleifend nunc in tortor bibendum iaculis. Aliquam a libero velit. Praesent faucibus quam non lacus tempor sollicitudin. Nullam quam augue, condimentum sed consectetur eget, egestas a lacus. Curabitur imperdiet odio at felis cursus maximus. Sed libero diam, tincidunt in nibh lobortis, consequat vehicula nisi. Morbi id aliquam lorem, eu iaculis lorem. Aliquam erat volutpat. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.Integer sagittis, metus eu ornare viverra, ligula lacus elementum nisi, a laoreet velit diam at enim. Donec pulvinar convallis metus, interdum dapibus nulla porta at. Ut vitae nisl cursus, congue urna id, blandit odio. Nam vitae nisl sit amet augue dignissim faucibus. Proin accumsan nulla sed quam scelerisque tristique. Suspendisse sit amet porta dui. Donec bibendum justo sed orci ornare, tincidunt interdum mi egestas. Morbi interdum quam velit, eu gravida odio consectetur venenatis.Maecenas blandit metus sem, vel interdum mauris hendrerit eu. Nullam sagittis dolor sed justo finibus bibendum id pellentesque nibh. Vestibulum sem dui, lobortis at gravida a, ultricies vel dui. Vivamus libero nisl, efficitur nec est ac, volutpat mollis lectus. Fusce consequat maximus ligula, ut facilisis nunc lacinia non. Sed venenatis tempor ante, rhoncus convallis purus sollicitudin vitae. Phasellus porta nec urna in interdum. Sed vehicula, risus vel dapibus rutrum, enim libero lobortis augue, ut eleifend arcu mi id est. Nam a lacinia felis. Mauris fermentum, enim id auctor hendrerit, nibh lacus facilisis lacus, sed iaculis ligula tortor nec elit. In ut est convallis, lacinia justo in, tincidunt sem. Praesent nec odio ac nibh viverra blandit et sit amet quam. Quisque commodo condimentum diam a finibus. Quisque ex erat, placerat a lacinia eget, cursus nec magna. Nulla varius nulla a arcu suscipit fermentum.Proin fermentum convallis quam at eleifend. Mauris varius nec magna ac mattis. Nulla sollicitudin mauris at dolor ultrices, non iaculis nulla pretium. Mauris blandit erat quis nunc pellentesque, vitae maximus enim porta. Integer ac eros dui. Donec vitae tortor metus. Donec fermentum congue enim. Vestibulum vitae elit libero. Sed convallis blandit lectus ac facilisis. Nullam condimentum risus ut sapien rutrum viverra. Etiam feugiat vel sapien at molestie. Nunc ornare viverra tellus eget imperdiet.Nam volutpat congue nulla. Vestibulum enim massa, vehicula a diam vitae, auctor tincidunt tortor. Vestibulum sed velit eget ligula porttitor rhoncus non quis turpis. Aliquam eros quam, sollicitudin nec nunc et, mollis pellentesque ipsum. Proin semper augue ac enim auctor, at tincidunt risus fermentum. In finibus risus elit, et venenatis velit tempor quis. Suspendisse vitae velit eget turpis imperdiet porta. Morbi nec lacus maximus, mollis tortor vehicula, finibus augue. Vestibulum ac lorem arcu. Integer malesuada tellus at odio mattis, ac vehicula quam gravida. Mauris a sapien accumsan, imperdiet diam fermentum, bibendum sapien.Aenean ut venenatis erat. Vestibulum vel blandit ipsum, a tincidunt est. Sed vel justo a lacus ullamcorper feugiat ac et quam. Etiam mollis quam eu blandit euismod. Nulla et diam sed enim aliquam scelerisque. Nam vitae dui eros. Praesent sit amet bibendum ante, eu dapibus ligula.Vestibulum sed nulla pulvinar, feugiat nibh ac, pellentesque ligula. Etiam elementum ipsum erat, vitae ornare risus facilisis nec. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Curabitur id ante sed urna tincidunt accumsan et nec sem. Quisque congue ut eros eu varius. Nullam placerat placerat consequat. Ut viverra quam id ipsum tempor lacinia. In tortor augue, tristique eu lacus et, facilisis tempor dui. Nam eu vehicula massa. Praesent a nisl vel dolor lacinia iaculis. Curabitur eget lacus sem.Nulla facilisi. Curabitur nisl lectus, hendrerit in risus eu, cursus porta felis. Sed venenatis justo varius risus tempor, et pretium sem dapibus. Sed porta commodo risus, et egestas augue tempus venenatis. Morbi ut nisi a justo efficitur molestie. Quisque ornare mauris a interdum efficitur. Vivamus ut facilisis erat. Nulla feugiat odio nunc, quis mollis leo rhoncus id. Donec elementum eu nisi eu fermentum.Donec porta vehicula tellus iaculis hendrerit. Etiam ut tortor libero. Nunc condimentum vulputate enim quis molestie. Nam porttitor eros non dapibus consequat. Aliquam blandit dolor eu nibh vestibulum venenatis. Vivamus aliquam diam vel efficitur vulputate. Phasellus a molestie nisl. Nunc et aliquet orci. Ut in ipsum venenatis, feugiat mauris at, volutpat mauris. Fusce iaculis egestas bibendum.Nam nibh nisl, blandit bibendum mauris non, efficitur venenatis nisl. Vestibulum sagittis rhoncus metus nec maximus. Etiam vitae sapien id sem tempus rutrum. Curabitur aliquet nunc at diam ornare facilisis. Suspendisse potenti. Phasellus in metus ut sem rhoncus ullamcorper quis a velit. In pharetra velit enim, et mollis sapien aliquam eu. Interdum et malesuada fames ac ante ipsum primis in faucibus.Aenean sed enim congue, consequat mi sit amet, sodales orci. Sed vel porta risus. Aenean faucibus tincidunt magna. Vivamus tortor urna, finibus sit amet eleifend non, porttitor at ipsum. In vel nibh quis leo varius vehicula. Cras pharetra arcu non libero accumsan eleifend. In hac habitasse platea dictumst. Sed vehicula augue in tellus ullamcorper convallis. Etiam quis sagittis metus. Donec vel lacinia neque.Ut facilisis massa at sem malesuada tincidunt a vel sapien. Fusce nec tellus sed odio dictum congue. Etiam vel ligula scelerisque, rutrum lectus ac, bibendum eros. Phasellus volutpat nunc id nulla molestie interdum. Duis bibendum urna et nulla gravida, at tempor arcu consectetur. Integer sed erat tincidunt, bibendum felis sagittis, dapibus lectus. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.Morbi sem ligula, semper ac est in, vestibulum ultricies enim. Curabitur pharetra leo neque, quis tincidunt arcu venenatis sed. Cras felis enim, finibus et iaculis id, tempor nec sapien. Nullam auctor erat eget eros condimentum rutrum. Donec ultrices a nunc non consequat. Praesent non elementum eros. Phasellus tempus porta placerat. Vivamus cursus nisl vitae lobortis fermentum. Nam ut lacus posuere, elementum felis ut, fringilla neque. Suspendisse egestas lacus a auctor tincidunt. Suspendisse eu pharetra tortor, nec gravida quam. Sed commodo, dolor ultrices cursus vestibulum, dui massa suscipit sem, non scelerisque arcu dui at nisl.In tempus pulvinar justo, eget porta felis posuere eu. Vestibulum turpis felis, posuere id bibendum ut, ornare a dui. Praesent eget hendrerit urna, sit amet viverra mi. Praesent vel eros eu est dictum convallis sit amet et sapien. Donec scelerisque lacus id vulputate hendrerit. Maecenas id nulla odio. Proin ac mauris rutrum, venenatis ligula vitae, laoreet tellus. Donec porttitor eros non purus pellentesque, quis gravida orci elementum. Integer urna urna, faucibus ac aliquam tristique, cursus nec elit. Vestibulum sed egestas ipsum. Etiam id efficitur elit. Pellentesque porta ligula ut urna sollicitudin, eget bibendum libero volutpat. Pellentesque semper dapibus commodo.Donec ultrices ultrices libero, non tempus ipsum dapibus non. Maecenas blandit tempus dui, sit amet finibus nibh scelerisque eget. Nullam ac lectus id eros faucibus posuere. Sed sodales venenatis elementum. Praesent molestie hendrerit turpis, id viverra sem vulputate vitae. Nulla sodales a magna sit amet ultricies. Etiam dictum sollicitudin dolor mollis molestie. Curabitur consequat non orci accumsan tincidunt. Nunc nec mattis enim, at lobortis lectus.Vivamus ut augue sed elit vulputate aliquam. Praesent sollicitudin lectus varius, commodo ipsum vitae, consequat est. Nunc sed consequat leo. In sit amet urna facilisis, posuere justo id, facilisis augue. Proin tellus quam, lobortis non cursus vitae, viverra quis ligula. Sed id sem dapibus, pellentesque urna sit amet, commodo libero. Curabitur luctus tincidunt libero id iaculis. Suspendisse sapien est, scelerisque quis pulvinar in, posuere vel turpis. Morbi sagittis, neque vel tristique cursus, ipsum tortor mattis libero, ac facilisis libero lacus sit amet felis. Cras in nibh tellus. Ut quis mi vitae metus auctor feugiat vitae id sem. Fusce bibendum libero et tellus molestie congue.Quisque viverra, nisi ac pretium gravida, metus lacus interdum velit, bibendum auctor neque nibh id arcu. Integer vulputate interdum velit quis malesuada. Fusce pharetra vehicula elit et lobortis. Phasellus eu eleifend mauris. Donec volutpat porttitor ligula, vel rutrum purus condimentum vitae. Sed lobortis, tortor ut iaculis pellentesque, nunc nisl tincidunt dolor, id congue mi justo a ex. Duis purus ligula, ultricies in iaculis facilisis, scelerisque vitae elit. Nam at ante suscipit, laoreet odio at, elementum lectus. Fusce non ante feugiat, gravida felis quis, consequat massa. Cras nec tellus sit amet risus gravida fermentum a nec magna. Mauris vel nulla tellus. Nunc ullamcorper porta dolor quis interdum. Vivamus posuere neque volutpat elit accumsan, sit amet commodo neque ornare.Nunc luctus velit sed leo elementum commodo. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Duis sit amet dictum velit. Proin laoreet egestas risus, non suscipit augue convallis sit amet. Quisque pulvinar diam eget lorem consectetur scelerisque. Morbi ac vulputate urna. Vivamus a augue placerat ipsum aliquam volutpat nec et mauris. Integer faucibus tortor porttitor massa blandit, quis tempor eros finibus. Suspendisse potenti. Aliquam nulla sem, pretium eget massa quis, porta condimentum lorem. Quisque dui purus, auctor non convallis a, pellentesque vel nibh. Quisque posuere laoreet nulla, et commodo tellus volutpat at. Suspendisse a felis tristique, vestibulum augue id, iaculis diam. Aenean nulla est, varius in dictum vel, convallis vel ex. Integer vitae dolor tortor.Vestibulum ac odio cursus, tempus risus id, feugiat dui. Vestibulum sapien nulla, rhoncus vitae convallis id, sodales sed urna. Ut dignissim felis odio, ut pretium augue gravida id. Integer feugiat in orci ut tristique. Aliquam mollis hendrerit elit vitae dapibus. Aenean dapibus arcu a ante condimentum, non vulputate purus sagittis. Aenean ut ullamcorper purus, sit amet posuere nibh. Cras accumsan velit eget interdum efficitur. Etiam tincidunt mauris urna, sit amet euismod felis pulvinar in. Nunc porttitor malesuada nibh vel semper. Aenean vel cursus diam, vitae commodo lorem. Nulla quis vulputate ligula, in maximus lectus.Mauris tempor sem semper vestibulum vestibulum. Nam ultrices felis non ligula mollis, nec egestas eros elementum. Cras eu purus odio. Aenean bibendum sapien sed consectetur cursus. Curabitur a cursus quam, non posuere dolor. Nullam rhoncus nisl nec felis consequat, vitae consequat tortor vestibulum. Pellentesque vitae odio ac metus elementum faucibus. Aenean purus neque, tincidunt vel magna ac, rhoncus ornare libero.Sed iaculis mi quis ornare bibendum. Duis vitae malesuada nunc. Sed vitae cursus ex. Cras vitae purus dapibus, suscipit odio pulvinar, volutpat tortor. Maecenas hendrerit quis lorem in varius. Suspendisse tristique, ante et scelerisque posuere, felis tellus consequat enim, vel porta arcu est vel nisi. Sed fermentum, nisi quis elementum efficitur, ligula ligula elementum massa, at finibus nibh libero nec urna. Ut eu ante lacus. Suspendisse potenti. Curabitur fermentum ornare sapien nec auctor. In pretium est quam, quis finibus sapien varius id.Donec quis mollis mauris, nec consequat erat. Vestibulum pulvinar auctor erat, iaculis vehicula nibh auctor eu. Sed eu pellentesque magna. In ut condimentum urna, et ultrices ligula. Sed placerat felis quis libero fermentum, vel ultrices tellus venenatis. Proin tincidunt lectus at commodo vestibulum. Nullam purus quam, pharetra ut cursus ut, fringilla quis orci. Donec massa justo, cursus eget auctor a, vestibulum vitae mi. In hac habitasse platea dictumst. Nullam ultrices nec magna volutpat ultrices. Fusce eu laoreet metus. Sed laoreet porta urna vitae rutrum. Nam interdum sagittis leo, et dapibus lorem cursus eget. In et pretium mi.Phasellus efficitur, nibh ut laoreet rutrum, odio lorem semper risus, ac sagittis lorem ante ac augue. Nunc nec quam tellus. Aenean iaculis vestibulum ex eu varius. Integer nec gravida purus. Ut et nisl facilisis eros elementum fringilla ac ac nulla. Maecenas pharetra ante urna, eget aliquet augue suscipit vel. Integer elementum metus sapien, at maximus metus sagittis ut.Nulla sollicitudin eleifend felis vitae consectetur. Ut vitae sodales odio. Suspendisse aliquet risus id eros commodo pulvinar. Proin congue bibendum neque vel fermentum. Morbi placerat ligula ac dapibus commodo. In dui elit, euismod in tortor eu, auctor condimentum justo. Maecenas sollicitudin, massa aliquet fermentum efficitur, lorem tortor dapibus dolor, scelerisque luctus risus ante eu ligula. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Fusce imperdiet placerat fermentum. Duis vulputate, urna sed tempor pellentesque, sapien odio commodo tellus, ac rhoncus leo eros ut turpis.Suspendisse potenti. Donec efficitur cursus nunc eget viverra. Nunc at eros a nibh dignissim rhoncus in vestibulum magna. Aenean et lectus quis ligula cursus efficitur a non lectus. Aenean ac urna sit amet neque ultrices cursus. Quisque consectetur nunc mattis lectus consequat congue. Morbi ac vehicula nisi, eu ornare velit. Integer scelerisque elementum massa, nec blandit dui tincidunt elementum.Integer dictum felis id erat rutrum pharetra. Duis in mollis risus, nec scelerisque sapien. Aenean porta, urna sit amet euismod euismod, nisi nisl vulputate nibh, ut molestie metus nisi at velit. Vestibulum molestie ornare convallis. Cras eu dui sit amet quam sodales ultricies et accumsan justo. Duis ac dignissim odio. Maecenas bibendum massa ac turpis pellentesque fermentum. Vestibulum ut lacus metus. Nullam elit nulla, tincidunt nec vehicula vel, commodo eu massa. Etiam lacinia scelerisque ultrices.Nulla id justo quis metus gravida porttitor. Integer fringilla justo ut luctus commodo. Sed ut enim nisi. Suspendisse et nunc in magna ornare lobortis. Fusce massa dui, tincidunt sit amet vulputate et, mattis ac enim. Vivamus eu odio ornare, aliquam mi ut, tempor dolor. Aenean risus lorem, aliquet ac feugiat a, tincidunt non nunc. Proin id maximus tortor. Nunc non est elit. Morbi eget ex et magna dapibus malesuada id vitae lorem. Aliquam est purus, blandit sed nisl in, posuere porttitor lacus. Maecenas sollicitudin congue aliquet.Mauris semper accumsan nibh et imperdiet. In egestas orci vel luctus congue. Sed ut nisl lacinia quam porta rhoncus sit amet id leo. Vestibulum tristique rhoncus turpis in eleifend. Nunc dignissim at nunc vel efficitur. Maecenas et sapien at mauris ultricies auctor. Ut non rhoncus sem. Interdum et malesuada fames ac ante ipsum primis in faucibus. Praesent dolor est, pulvinar a consequat at, tincidunt sit amet elit. Etiam congue diam vel mi ultricies, ac aliquet ante ullamcorper. Vestibulum consequat luctus arcu sed convallis. Praesent tincidunt a nunc quis aliquet. Aliquam luctus rhoncus tortor. Sed et mi sem. Phasellus vel dignissim lectus, eget tempor ex. Cras sed dignissim diam, sit amet dictum tellus.Sed bibendum arcu dui, id imperdiet ex lobortis accumsan. Proin luctus posuere tincidunt. Mauris placerat neque lectus, eu tincidunt ligula porttitor a. Etiam ornare, sapien nec euismod viverra, mauris tellus lobortis nisl, et rhoncus nulla elit vitae ante. Donec facilisis accumsan luctus. Curabitur sed hendrerit sapien. Donec id dictum nisl. Nullam rhoncus condimentum pretium. Proin condimentum commodo lorem id bibendum. Fusce ut pellentesque mauris. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.Phasellus bibendum facilisis lacus, at hendrerit felis venenatis eu. Fusce imperdiet risus a odio porttitor venenatis. Nunc vitae porttitor augue. Aenean mattis rutrum ultrices. Integer nec ligula augue. Suspendisse lacinia dignissim sollicitudin. Donec tortor augue, tincidunt nec aliquet non, tincidunt id odio. Nullam auctor facilisis bibendum. Etiam ipsum massa, viverra et felis sodales, pretium blandit arcu. Aenean ut lectus eu arcu dignissim fermentum nec a odio. Sed volutpat vestibulum urna ut suscipit. Vivamus eu nisl quis dui malesuada iaculis. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam sed facilisis massa. Duis vestibulum diam at tellus convallis vestibulum.Nulla volutpat consequat semper. Curabitur eu varius augue, eu posuere sapien. Praesent mollis cursus faucibus. Sed vulputate quam id nisi cursus eleifend. Etiam lacinia vitae ante eu aliquam. Aliquam venenatis nisl quis nisl bibendum, eget tempor odio laoreet. Donec scelerisque aliquet urna at ornare. Duis vestibulum scelerisque augue, suscipit ornare dolor lobortis vitae. Cras sed risus et diam iaculis ornare. Sed ut commodo mi. Vivamus sagittis imperdiet mauris, quis iaculis elit pretium ac. Donec nisi nisl, feugiat non ultrices in, dapibus eu nibh.Sed varius non ipsum vestibulum fermentum. Maecenas aliquet congue libero a semper. Donec dignissim dictum massa, sit amet interdum arcu dictum ut. Etiam pharetra lorem eu felis accumsan placerat. Integer sit amet orci nec purus finibus facilisis id in quam. Duis ultricies tortor justo, id tincidunt ante lobortis in. Integer volutpat ac urna in gravida. Quisque dignissim eros lorem, eget vehicula urna consectetur elementum.Aenean consectetur lorem eget finibus dapibus. Praesent rhoncus nibh justo. Integer eleifend sapien ut odio vulputate, eget lobortis est vestibulum. Quisque sagittis tortor non luctus feugiat. Cras eu molestie mi. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Etiam eros ante, pretium at dui eleifend, ullamcorper egestas urna. Nullam sit amet nisl et nunc rutrum tincidunt. Aenean vel metus sit amet ipsum cursus lacinia non a odio. Proin efficitur ex elementum orci ornare gravida. Mauris neque libero, placerat et enim nec, sodales dignissim elit. Maecenas id feugiat ligula.Maecenas sollicitudin sapien finibus, posuere ante ac, bibendum mi. Morbi eu sollicitudin tellus. Etiam in nisl a est eleifend ullamcorper nec eget nisi. Maecenas fringilla tincidunt purus a cursus. Duis mattis interdum nisi, id scelerisque turpis dignissim vitae. Interdum et malesuada fames ac ante ipsum primis in faucibus. Quisque tristique aliquet augue non vulputate.Quisque cursus leo ac justo eleifend malesuada. Nulla vulputate odio in purus fringilla congue sed a nulla. Interdum et malesuada fames ac ante ipsum primis in faucibus. Sed semper lectus nulla, vitae tristique tellus mollis et. Suspendisse sit amet elit enim. Donec tempus condimentum felis eget placerat. Curabitur nec varius urna. Duis aliquet mi justo, non finibus libero luctus sed.Integer volutpat ac lectus eget congue. Cras iaculis, mi sit amet viverra efficitur, lectus magna hendrerit sem, sed lacinia urna massa ut nisl. Sed mauris mi, dictum vitae efficitur et, aliquam quis lorem. In eu sem justo. In imperdiet, diam quis ultrices varius, eros ipsum euismod urna, et accumsan ante lorem at felis. Quisque efficitur ex at sem accumsan, nec maximus ipsum egestas. Cras a euismod massa.Phasellus mauris neque, feugiat eget vestibulum vitae, tincidunt eu risus. Mauris a maximus turpis. Nam ultrices quam vitae viverra blandit. Morbi cursus blandit magna. Nam convallis faucibus nulla. Morbi sapien dui, viverra at maximus vitae, iaculis sed neque. In at facilisis sem. In ut ligula arcu. Nam id justo volutpat, fermentum tellus et, cursus lacus. Nulla facilisi. Sed rutrum leo tortor, a varius elit varius vel.Nam a nisi lectus. Aenean orci est, finibus id elementum at, porta vitae odio. Donec euismod egestas eros, sit amet vulputate quam dapibus quis. Praesent ac augue sapien. Nullam porttitor lorem vitae rhoncus feugiat. Mauris iaculis cursus tempus. Fusce in tellus commodo, fermentum leo et, condimentum massa. Mauris vestibulum turpis non cursus consectetur.Duis eleifend ante velit, ut tempus erat vehicula eget. Etiam ultricies mi fringilla dui dignissim scelerisque. Donec fermentum lacinia magna eget faucibus. Duis nec lectus ac lacus suscipit malesuada. Etiam vehicula dapibus nunc, a pretium orci fermentum eget. Proin nec velit feugiat, iaculis justo in, tincidunt leo. Nam rutrum malesuada nisl vitae laoreet. Aenean faucibus sapien ac tellus porta maximus. Sed ut dolor sed libero tristique interdum ac ut nunc. Morbi et orci vitae leo lobortis porttitor in sit amet tortor. Sed vitae nisl ut felis porta gravida. Integer vitae tincidunt urna, et tristique lectus.Sed suscipit ante condimentum sapien ornare, id elementum turpis convallis. Vivamus egestas lectus lacus. Praesent condimentum orci mi, eget sodales nisl dictum bibendum. Phasellus euismod, arcu vel tincidunt ultrices, magna tellus convallis justo, fringilla placerat mi sem", "Segment/code_desc/ eget dolor. Nullam hendrerit sapien lobortis quam pharetra, nec cursus tortor bibendum. Integer a vestibulum sapien, id egestas nisl. Quisque eget faucibus tortor. Suspendisse potenti. Duis dictum neque vitae tincidunt faucibus.In a accumsan turpis. Sed tincidunt elementum justo, non dictum enim fermentum quis. Fusce tristique, nunc non facilisis venenatis, massa odio rhoncus ex, quis varius risus nulla a sem. Vivamus fermentum viverra turpis sit amet vulputate. Donec quis ullamcorper libero, egestas laoreet est. Praesent non dolor quis odio ultricies eleifend. Maecenas egestas vehicula massa, quis imperdiet massa mollis sit amet. Integer ullamcorper massa sit amet erat egestas rutrum. Proin semper, magna pharetra maximus auctor, ex nisi ultrices purus, eget cursus odio velit ut elit. Donec scelerisque commodo ornare. Donec interdum laoreet neque. Proin ac pellentesque lectus, quis dignissim enim.Cras faucibus dolor non arcu porttitor finibus. Curabitur sed eros lacus. Phasellus rutrum suscipit felis a blandit. Praesent varius elit nec ligula dapibus consequat. Duis ullamcorper fringilla commodo. Mauris aliquam at est in fermentum. Vivamus a nisl at lacus efficitur eleifend et vitae lorem. Maecenas pharetra lacus vel iaculis gravida. Sed aliquam, turpis et efficitur dapibus, erat orci rhoncus metus, et lobortis sapien quam a enim. Morbi in fringilla turpis, ac imperdiet velit. Duis vel porttitor risus, at bibendum mauris.Maecenas quis orci et est laoreet dictum et a ipsum. Phasellus tempus pretium dolor quis cursus. Nullam nisi tellus, suscipit a condimentum quis, vehicula eu felis. Curabitur mollis ipsum in dui tincidunt, rhoncus consectetur nisl luctus. Proin diam felis, finibus id mi sit amet, fermentum porta sapien. Praesent ultricies hendrerit vulputate. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Vivamus eleifend, elit nec iaculis sodales, lacus massa imperdiet nulla, in sagittis sem ex aliquet risus. Integer lacus odio, consectetur at tempor et, sodales id massa.Quisque pharetra mauris ut nibh suscipit, eu vulputate elit pulvinar. Vestibulum quis varius velit, eget sagittis mauris. Cras sed purus at mi tristique imperdiet. Nulla mollis ornare auctor. Duis suscipit efficitur porttitor. In ultricies lobortis lectus vitae pellentesque. Curabitur iaculis, nisl et euismod viverra, odio diam convallis est, non vestibulum ligula ligula a nibh. Ut purus ex, finibus vel commodo eget, auctor at est. Donec bibendum tempus urna, vel cursus nisl consectetur ullamcorper.Nam vitae metus quam. Cras vulputate eleifend sapien, vitae luctus mauris tristique nec. Nunc ac metus sapien. In vulputate dolor a sagittis posuere. Duis ultrices commodo justo ut ultricies. Curabitur maximus imperdiet quam, quis hendrerit enim tempus id. Integer et tristique arcu. Proin imperdiet ex a nisl bibendum, et congue tellus iaculis. Nulla bibendum massa velit, ut vestibulum sem aliquet at. Sed lobortis neque efficitur nisl elementum, a tempus odio tincidunt. Etiam nulla nisl, ultrices et tellus ac, iaculis pharetra ligula. Integer id volutpat mauris. Vivamus ut nunc leo. Suspendisse et augue id magna euismod mattis a a lorem. Donec risus elit, imperdiet aliquet ante vel, iaculis tincidunt metus. Proin erat odio, fermentum ut eros eu, bibendum ultrices augue.Praesent consectetur dapibus eleifend. Donec convallis arcu ut mauris hendrerit, ut iaculis urna facilisis. Nam eleifend neque sit amet ante luctus bibendum. Aliquam erat volutpat. Donec tincidunt, nunc et dictum rutrum, tortor orci faucibus tortor, sed imperdiet erat nulla eget mi. Sed venenatis turpis ac neque egestas cursus. Vivamus dignissim dapibus dui, aliquet iaculis mauris consequat suscipit. Vivamus sit amet elementum nisl, sit amet luctus sem. Maecenas vitae varius orci. Sed et eros orci. Morbi malesuada eget ipsum at feugiat.Nunc dui magna, finibus vel urna et, volutpat ullamcorper nulla. Quisque ac malesuada nibh. Etiam congue magna ut quam mollis, euismod volutpat metus tristique. Nulla eget velit pharetra, facilisis lorem sit amet, suscipit nunc. Aliquam varius quam ac est pulvinar venenatis. Nunc nec tincidunt arcu, non porttitor lacus. Donec a pellentesque orci. Curabitur fringilla odio urna, quis blandit augue elementum ac. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Phasellus blandit vestibulum diam eget congue. Morbi quis nisi quis dui congue condimentum. Ut blandit, diam vitae porta dictum, felis magna rhoncus ligula, id facilisis felis nisi placerat orci. Suspendisse vel turpis a ex ullamcorper elementum et sit amet elit.Donec gravida mauris sit amet turpis semper, a facilisis quam consequat. Aenean aliquam viverra eros et euismod. Nam lobortis sagittis finibus. Nam at rhoncus ligula. Ut tincidunt ut est lobortis semper. Fusce tempus turpis vitae elit vulputate sagittis. Sed faucibus non magna quis lacinia. Aliquam pretium tincidunt magna a tempus. Quisque id dui et quam facilisis laoreet. Phasellus massa tellus, aliquet id mi et, viverra ornare felis. Proin condimentum magna in ultricies mollis.In hac habitasse platea dictumst. Aenean porttitor semper est, non feugiat nisl mattis ut. Nulla condimentum dictum nisl nec dictum. Suspendisse non purus felis. Nullam aliquet ullamcorper mauris ac pretium. Curabitur ac viverra sapien. Donec lectus mauris, aliquam sed facilisis nec, pellentesque eu risus. Proin semper nibh nisl. Suspendisse potenti. Aliquam erat volutpat. In eu ex velit.Phasellus justo sem, aliquet eget interdum id, faucibus id augue. Donec ut elementum ligula, id ullamcorper risus. Sed nec scelerisque felis. Vivamus quis consectetur velit, vel ornare neque. Nulla feugiat vulputate egestas. Sed commodo consectetur sapien, in vulputate ante scelerisque ac. Nunc lobortis, mi consequat fringilla ultrices, erat dolor tempus elit, sed volutpat ante nisi in tortor. Suspendisse id nisi a sem pellentesque tincidunt at tincidunt elit. Fusce est tortor, fringilla eget massa congue, interdum scelerisque odio. Praesent at ex consectetur, fermentum urna tincidunt, accumsan diam. Pellentesque sem nunc, imperdiet bibendum ante tristique, vestibulum aliquam est. Proin blandit mi non metus varius cursus. Morbi felis nibh, auctor eu dignissim ut, bibendum ut tortor. Praesent facilisis est et nulla ultrices scelerisque.Nam quam enim, fringilla at risus a, pulvinar sagittis dolor. Maecenas id sagittis massa, ut mollis orci. Sed sollicitudin, ligula eget convallis euismod, orci dolor porttitor odio, ac commodo arcu nisl vitae magna. Nunc quis sapien non lectus efficitur gravida id hendrerit lorem. Curabitur tristique finibus urna, nec mattis risus ornare vitae. Aliquam ipsum urna, egestas at hendrerit a, sodales ac eros. Donec non quam dapibus, condimentum mauris a, condimentum ante. Praesent in felis sem. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Aenean orci tortor, vulputate sit amet quam ultricies, varius rutrum purus. Pellentesque quam quam, ornare at diam et, pharetra lacinia purus. Nullam arcu diam, cursus in pellentesque maximus, dapibus non nisl. Sed et dignissim velit. Nunc lectus arcu, scelerisque sed dictum eget, hendrerit vel felis.Morbi volutpat quam a libero aliquet, quis feugiat tellus porta. Donec et maximus felis. Vestibulum nec quam ultricies, consequat tortor a, rhoncus ex. Donec sed posuere lectus. Nullam tempor urna vitae odio pretium, sit amet mattis diam bibendum. Curabitur ut diam non urna semper semper. Nulla faucibus, purus at finibus imperdiet, ante elit tristique purus, et elementum diam enim sit amet neque. Pellentesque placerat vel arcu eget blandit. Ut sed tincidunt tellus, et convallis ante. Donec vel augue at justo efficitur consequat quis vel neque. Suspendisse potenti.Integer elementum imperdiet iaculis. Vivamus sagittis quam nec erat tempus, vel feugiat tortor dictum. Vestibulum venenatis eget enim nec tristique. Etiam sit amet turpis id diam auctor consectetur. Vestibulum elementum, tellus sit amet sodales lacinia, quam mauris auctor lorem, vel fermentum magna enim in ante. Curabitur porttitor metus in lectus tempus ultricies. Mauris gravida quam id quam congue suscipit. Sed est lectus, fringilla vel finibus in, pharetra vitae libero. Sed vestibulum vel nisi vitae sodales. Aliquam felis arcu, aliquet a nulla ut, imperdiet eleifend eros. Etiam in leo eu felis pharetra iaculis vitae vitae nibh.Phasellus eros tortor, scelerisque vitae ultricies in, tristique eget mi. Donec augue diam, ultrices et tincidunt eu, venenatis et est. Cras ut lacinia odio, sit amet mattis quam. Vivamus vitae magna ac eros semper lobortis ut in enim. Sed sit amet imperdiet tellus, vel condimentum purus. Proin luctus eu tortor sed suscipit. In vulputate porttitor enim a iaculis. In at placerat velit. Aenean maximus dolor sed tortor imperdiet, in auctor ex dapibus. Duis nibh tellus, elementum sit amet eros id, convallis pretium turpis. Donec quis ligula et nisi viverra feugiat. Nulla ac aliquet libero, id fringilla enim.Mauris erat felis, sagittis sed lorem nec, viverra sodales sapien. Proin ultricies, massa non consectetur posuere, nisl nulla finibus velit, a pretium magna orci in tortor. Praesent tincidunt auctor nibh, ut aliquam elit finibus vel. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Etiam turpis ipsum, placerat et porta tincidunt, mollis a tortor. Integer sed commodo ligula. Curabitur quis eleifend ex. Nulla tempor maximus odio eu porttitor. Aliquam eget hendrerit nibh. Maecenas turpis neque, placerat eu tincidunt et, pretium vitae libero. Sed sollicitudin quam eget finibus dictum.Morbi mauris dolor, sollicitudin quis vehicula eu, consequat ut leo. Vivamus sagittis purus vel libero luctus efficitur. Duis fringilla in libero ac pharetra. Etiam lobortis eget eros id placerat. Donec placerat iaculis mi. Vivamus id lectus dictum ligula fringilla iaculis eu eu ante. Maecenas eget lorem sit amet tellus tincidunt iaculis. Curabitur lobortis aliquam rutrum. Maecenas in lobortis mauris. Aenean justo justo, vestibulum at eleifend nec, venenatis eu sem. Duis non elit ac ex porta placerat et auctor augue. Cras feugiat mi ex, id luctus lorem rutrum volutpat. Donec faucibus rhoncus nunc, id dignissim metus mattis nec. Orci varius natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Pellentesque ante magna, scelerisque sed lacus sit amet, molestie tempor elit. Maecenas facilisis dui vel ipsum placerat, elementum imperdiet erat imperdiet.Cras pellentesque consectetur quam, nec suscipit metus commodo quis. Integer eleifend nisi augue, ac dapibus orci semper sit amet. Ut cursus vestibulum mi, a luctus augue aliquet eget. Nunc ultrices, leo in laoreet scelerisque, est elit elementum ex, quis consequat erat eros sed odio. Nullam sed velit gravida, bibendum nisi finibus, eleifend nisl. Aliquam condimentum nulla a varius ultrices. Integer viverra eleifend dapibus. Vestibulum dolor velit, consequat eu aliquam vitae, ornare eget metus. Morbi tempus, est non congue sodales, purus mauris eleifend elit, in vulputate velit neque ac sapien. Vivamus tincidunt mattis aliquet. Nulla facilisi. Nam porta, ipsum sed pulvinar tempor, odio dui laoreet justo aenean. .regetni te neipas a sumaviV .otsuj cen rotittrop eitselom teeroal orebil eativ maid eativ tU .cen euqsirelecs anru tnudicnit euqitsirt ,angam ucra sitrobol euqsetnelleP .oido tare tema tis siuD.sore a oel tile repmes siuq ,mine suirav assam oel ,rotittrop arterahp siuq anru ,rotcua maitE .muiterp repmes murtur alluN .maid arterahp di ,silef tauqesnoc tema tis rutibaruC .siprut eativ ruticiffe ,di sitrobol tema tis allignirf ,sucal lsin siuD .cnun missingid tnudicnit ,eativ oel cen repmes ,mine tile sullesahP .mutnemref merol mauqila non ,atrop euqen sisilicaf oido ainical cenoD .murtur siuq etna dnefiele silucai deS .mes murtur nasmucca ,a mauq te odommoc ,neipas muspi mauqilA .im tema tis sillavnoc ,a mutnemidnoc ni nasmucca ,ucra allun mulubitseV.muiterp domsiue sucal ta sore adauselam ibroM .iud neipas des euqsetnelleP .arterahp supmet ta sutcel sutcul siuD .oel euqsirelecs ,siuq tse eitselom ,tnudicnit alugil sittam alluN .tare adivarg ni sumaviV .tare adauselam ,tege tare tidnalb ,tarecalp anru a mauqilA .etatupluv missingid tile susruc ca ,sore sitrobol teidrepmi maN .mutnemele alucihev euqen susruc sillom tnesearP .eativ rotittrop silef teuqila siuq ,isin ucra niduticillos sarC .sisilicaf tu merol cen tirerdneh mulubitseV .euqitsirt tilev sumixam tege ,tnudicnit mauq a cnun sumixam tU .sucal sumixam ,cen sullet subicuaf ,sittigas siprut ca cnuN .taptulov lev sullet lev tipicsus euqsiuQ .arterahp secirtlu neipas cen icro di euqsetnelleP .cnun merol di malluN.ni niduticillos xe subicuaf non ,sullet sore teuqila cenoD .tidnalb maid odommoc di ,sillavnoc im siuq sore sittigas cenoD .sullet sillavnoc ue cnuN .etatupluv silucai silucai tU .tauqesnoc susruc maid non assam lev ibroM .taptulov tare mauqilA .tnudicnit sillavnoc mine tege tare rutetcesnoc mulubitseV .allun sumixam eativ cenoD .cen tirerdneh ucra teeroal siuq ,mes oel taiguef niorP .subinif silucai non icro taptulov ibroM .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .domsiue tarecalp ta sutem muiterp euqsetnelleP .surup mauqila eativ essidnepsuS .ranivlup ue lsin di teeroal malluN .alucihev mudnebib te maid teeroal deS .sore tege murtur ,cen mudretni eativ sitanenev ,hbin rolod deS.niduticillos adauselam ucra ue siprut ca nI .ropmet missingid siruam tema tis isin eativ euqsiuQ .tidnalb mudretni eitselom euqsetnelleP .sullet mutnemele ,ca mine nasmucca ,sitanenev orebil ue nI .tsmutcid aetalp essatibah cah nI .eugua non arreviv ,ue mulubitsev siuq ainical ,eugua siprut saneceaM .orebil teuqila eitselom sumaviV .otsuj a sitanenev ,non tnudicnit sillom euqsetnellep ,silef mes niorP .xe te allignirf ,di subipad ca rotittrop ,anru tse cenoD .tirerdneh euqsetnellep euqitsirt maitE.mauq eativ tema tis tipicsus arreviv mes siuq sucal des cenoD .susruc sullet subipad ca ,rotittrop eugua cen icro muiterp essidnepsuS .iud subicuaf non ,etna silucai tege tU .maid adauselam teidrepmi ,ni mudnebib te euqsirelecs ,siprut sutcel sarC .neipas etatupluv des ,ucra seicirtlu ranivlup regetnI .angam mutnemref euqsetnellep ,a teeroal siuq reprocmallu ,oido isin maitE .taptulov sumixam allignirf euqsetnelleP .isin di susir sutem euqitsirt ta ,silef eugnoc orebil tilev ,euqitsirt mutnemele di etna ,taptulov nI .etatupluv subinif cnun te muspi eugnoc essidnepsuS .sutcel atrop mutnemidnoc ,des isin ta murtur ,neipas assam saneceaM .secirtlu cnun sumixam ta ,rotcua im ta mes atrop ibroM.tare te suirav ,ta subipad te repmes ,angam muspi naeneA .alugil sucnohr mutcid ecsuF .assam ca eativ missingid sucnohr allun des sullet tege sullesahP .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .euqsetnellep cen rolod di adivarg saneceaM .mulubitsev sumixam suirav euqsetnelleP .taptulov tare mauqilA.ni teidrepmi tile ainical di ,icro mes rotcua euqsiuQ .rolod otsuj non deS .tare subicuaf adauselam ,lev isin a teidrepmi ,cnun isin cnuN .tipicsus suirav te sutem mulubitsev saneceaM .lsin domsiue cen euqsiuQ .tipicsus tema tis anru ainical tnudicnit cnuN .rutetcesnoc ni ucra repmes euqsirelecs ibroM .arterahp ropmet sutcel ue icro lev nI .nasmucca euqsetnellep ucra ni rolod mudnebib rutibaruC.xe sumixam sillom ,a euqen lev susruc ,isin sutcel mauqilA .sutcel tema tis tidnalb ,tu mudnebib tu alucihev ,maid susir malluN .ropmet cen orebil sisilicaf adivarg euqsetnelleP .tile rutetcesnoc tema tis ainical alucihev anru non angam te deS .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .sillavnoc mutnemidnoc sucal ta cnun a saneceaM .muspi ue tu eranro tnudicnit rolod ranivlup sullet tu ecsuF .ucra sitanenev lev niorP.iud lev xe allun secirtlu tege ,silef mulubitsev cnun sucal ,adauselam missingid ta otsuj ,domsiue saneceaM .etatupluv subinif sitanenev maid mutnemref rutibaruC .dnefiele ca neipas atrop eugnoc ibroM .arreviv taptulov cen anru domsiue sumaviV .tege sitrobol ucra eugnoc di ,maid iud atrop tU .sutem reprocmallu non ,assam selados lev sarC .taptulov eativ allun a tirerdneh siuD .seicirtlu eranro xe tema tis siruam des saneceaM .etatupluv tu neipas seicirtlu rotcua ecsuF .euqen teuqila reprocmallu ,lev mauqila cen alucihev ,euqen allun euqsetnelleP.siprut domsiue non saneceaM .muspi satsege ue tnesearP .rutetcesnoc sittigas euqsirelecs tnesearP .surup satsege a ibroM .ruticiffe tema tis maid adauselam odommoc ibroM .a atrop siruam etatupluv ni ,muspi arreviv tnudicnit regetnI .muspi ue susruc ,sillavnoc sitrobol di nasmucca ,sutcel im mauqilA .maid seicirtlu subinif ,ca tse di niduticillos ,sucal otsuj cenoD .suirav tnudicnit ranivlup sarC .adivarg mudnebib etna cen tilev domsiue mauqilA .mudnebib non alugil ni subicuaf malluN .odommoc taiguef alugil lev maid lev siruaM.lev arterahp anru rotittrop lev ,hbin tse reprocmallu malluN .odommoc arterahp subicuaf ecsuF .etna eitselom ,cen tse mutnemele ,sittam lsin rotittrop sarC .isin subinif teidrepmi sarC .niduticillos tema tis alugil reprocmallu arterahp ecsuF .euqen cen satsege ,ta tipicsus siuq sisilicaf ,siruam im siuD .neipas lev sutem mine murtur non ,susir sittam assam siprut ,euqitsirt suirav ue isin ,adauselam niorP .tege sucnohr assam mudnebib des ,ucra tauqesnoc eugnoc maitE .mes alugil tema tis sullesahP .mauq atrop tema tis niorP .cnun tege selados ,ni niduticillos adauselam tnudicnit ,angam euqen cnuN.silef euqsetnellep eugnoc ,ta oido cen euqsirelecs ,orebil siruam tU .icro tema tis siprut anru mudnebib eativ ,euqen teeroal sutcel assam ,ropmet mudnebib non allun ,ruticiffe niorP .sullet sucnohr tidnalb ,ni siprut lev silucai ,xe alugil sarC .taiguef euqitsirt sutcel siuq ucra lev sumaviV .merol subicuaf tu ,siruam suirav te nI .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .sumixam mauqila lev surup sumixam naeneA .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .orebil ainical ,cen merol sittam ,mutnemele tare cen mulubitseV.missingid tege im sittigas dnefiele malluN .tare eativ arreviv ,siuq sittigas des sucnohr ,siprut tilev mulubitseV .sillavnoc muiterp tilev di angam mutcid siuD .neipas non ni supmet mulubitsev icro tu sutem non cnuN .allun eativ muiterp ,lev tipicsus a adivarg ,tse allun mulubitseV .tse ta ca tauqesnoc ropmet alugil tege maid tema tis maitE .mauq mutcid mutnemref ,te iud des satsege ,sullet eugua mauqilA .subipad adauselam ta tile sittigas sarC .orebil ta neipas siruam eugnoc tu ,euqen muiterp rotrot tare ,euqsetnellep mudretni sitrobol sore ,taptulov deS .tege ranivlup etna subipad non ,eugua mutnemele dnefiele cnuN .sucal cnun des ibroM .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL.mine etatupluv di ,ucra atrop cen alluN .angam satsege teidrepmi ,ni merol te etatupluv ,merol im regetnI .merol selados mauqila ,tege euqen ue mulubitsev ,mauq lsin saneceaM .secirtlu cen rolod mutnemidnoc etatupluv sullesahP .rotittrop ca mes subipad etatupluv essidnepsuS .euqsirelecs rotittrop oel lev iud tauqesnoc euqsiuQ .missingid merol mauqila te ,sittigas merol cen siprut murtur ecsuF .ereusop tu siprut tema tis muiterp tnesearP .ucra secirtlu ,a xe sisilicaf ,tauqesnoc lsin tege malluN .tu mutcid mes tirerdneh des ,tse domsiue subinif essidnepsuS .ucra sillavnoc lev tarecalp sittam rotrot ta mauq eativ maN .sittam niduticillos des rotrot rotittrop alluN .euqsetnellep silucai eativ silef sitrobol alluN .icro subipad eitselom ,a mine tirerdneh ropmet ,sullet im tnesearP.tilev cen ca mudnebib sillavnoc sutem ni rolod a sullesahP .tarecalp tarecalp lsin ni tilev lev deS .teidrepmi tirerdneh teeroal ibroM .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .adivarg repmes cen sullet reprocmallu nI .tilev mauq cen malluN .tipicsus hbin rotittrop ta ,tipicsus angam te maid sittigas sullesahP .sutcel taiguef reprocmallu ,ca rotrot nasmucca sucnohr ,lsin rotrot naeneA .itnetop essidnepsuS .mudnebib etatupluv susir ca siprut tu cenoD.mutcid suirav oel ni alugil tnudicnit deS .tidnalb sitrobol sutcel tu tile a mulubitseV .mine mutnemidnoc sucal silef murtur eativ ,isin subicuaf siruam sucal ,reprocmallu ranivlup dnefiele tilev ,selados saneceaM .secirtlu silucai sitanenev rutibaruC .sillavnoc eativ anru tidnalb adivarg mulubitseV .sittigas susruc eugua ca ucra non sumaviV .assam ta xe silef ruticiffe tema tis ,susir alucihev tse rotrot ,sittigas arreviv ta etna ,taptulov sumaviV .eugua eativ tse lsin dnefiele ca ,ucra sittam surup im ,teuqila rutetcesnoc te sutem ,ropmet essidnepsuS.secirtlu muiterp tnudicnit niorP .di satsege etna tidnalb ni ,tilev sitanenev tirerdneh ibroM .mine mutnemele tege rutibaruC .iud tauqesnoc ,non tare tarecalp ,sutcul merol non regetnI .niduticillos silucai sillavnoc essidnepsuS .siruam icro ca mauqilA .ta subipad mes tirerdneh non ,sutcel selados reprocmallu rutibaruC .angam tu euqen tse atrop tege ,isin adauselam isin sucal ,subicuaf sucnohr tema tis tare ,susruc malluN .eugua ereusop tu naeneA .odommoc teidrepmi angam siuq neipas sitanenev malluN .otsuj eitselom mutnemidnoc ,ca assam di sittam ,mine anru siuD .allun taptulov tema tis ,euqen ainical eativ siuD.tu sillom anru sittigas ni ,mes silef sitanenev naeneA .isilicaf alluN .sutcel teeroal ,eativ im susruc ,mutnemidnoc cnun supmet sullesahP .isin sutcul mudretni ,siuq rolod lev arreviv ,euqen tse sumaviV .otsuj domsiue ni deS .isilicaf alluN .tile sisilicaf ,cen maid murtur ,ruticiffe anru tege siuD.oido mulubitsev ni ,cnun mauqila ca cenoD .lsin ruticiffe ue cenoD .siuq mauqila mine mudretni sisilicaf ,sullet lsin tnudicnit siruaM .dnefiele arreviv silucai ibroM .hbin a ucra sore subicuaf siuq ,im etatupluv allun sullet ,eugnoc sittam tu sucal ,adauselam deS .supmet sisilicaf cen sutem reprocmallu siuD .oel ue niduticillos ,ue teidrepmi lev taiguef ,euqen rolod mulubitseV .atrop rotrot atrop eativ ,secirtlu mine ta im sillavnoc cenoD .sillavnoc des tse repmes sittam euqsiuQ .mine sore non regetnI .etatupluv sore allignirf ca ,rotittrop rolod des angam allignirf sullesahP .non tnudicnit isin sittam ta ,orebil tile eugnoc cnuN.subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .a mauqila sore sitrobol te ,sore mutnemidnoc odommoc saneceaM .tile taptulov eranro ,di maid eativ tnudicnit ,assam allun cnuN .rotrot cen ue silucai suirav sullet siuq anru ni deS .tege suirav tile satsege ni ,cnun eugnoc repmes saneceaM .muspi di mutcid ,ni ruticiffe des sittam ,iud siprut cnuN .selados mauqila taiguef siuD .tilev ranivlup ,non euqen taptulov ,odommoc tare tema tis malluN .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .sillom ca sutem tu ranivlup maN .atrop eativ alugil di eitselom essidnepsuS .anru non otsuj neipas sitrobol mulubitsev ,eugua mutcid susir muspi ,teidrepmi ranivlup tege xe ,subinif malluN .isin te non supmet euqitsirt im tege mes eativ ibroM .icro ereusop siuq euqsetnelleP .tse tu tege atrop tnudicnit neipas siuq sutem di ibroM.mudnebib des tile ni sumixam maN .allun ue adauselam ,di domsiue lev sittigas ,iud allun mulubitseV .ucra hbin lev maitE .euqen lev sittigas ,ni subicuaf des arreviv ,angam susir naeneA ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .atrop euqsetnellep mudnebib sarC .cnun alugil non cenoD.allignirf siuq icro te eranro regetnI .im tnudicnit ta ,susir eitselom ca euqsiuQ .sitanenev mudnebib taiguef mulubitseV .repmes tu sutem tege mutcid euqsiuQ .non eugnoc merol ruticiffe tu ,orebil mine tnudicnit siuD .eitselom tege orebil ni tirerdneh mulubitseV .eugua muiterp non ,sullet reprocmallu tu euqsetnelleP .tipicsus silucai sore di cnun tema tis essidnepsuS .cen eitselom sutem sisilicaf non ,siruam tilev euqsetnellep nI .cnun euqitsirt tema tis tnesearP .atrop lev tilev des nasmucca nI .eugua tema tis sutcel mauq tirerdneh siuq ,siruam ropmet tse assam ,tnudicnit allignirf sitrobol hbin ,allignirf regetnI .etna repmes ,te eugua teeroal ,ereusop xe ue malluN.mauq a lev euqsirelecs missingid ucra non ucra des cenoD .sutcul reprocmallu tse ue cnun mutnemele niorP .tauqesnoc rotittrop hbin tege alugil dnefiele rutibaruC .oel des oido euqen ropmet non ,eugua nasmucca mauq tilev ,tarecalp taiguef eativ lsin ,subicuaf euqsetnelleP .merol non tile siprut eugnoc a ,otsuj tauqesnoc icro otsuj ,tirerdneh euqsetnellep des angam ,teuqila mulubitseV .selados euqsetnellep ta sutem repmes essidnepsuS .sitanenev cen sucal dnefiele tnudicnit naeneA .rotrot etatupluv lev ,merol mudretni ca sarC .neipas adivarg ,di allun murtur ,rutetcesnoc mes arreviv nI .rotrot ue sitrobol ,te ainical ca mudnebib ,eugua surup nI .sittam eranro assam sutcul teidrepmi ,rolod rutetcesnoc subicuaf rutibaruC .tu muiterp orebil sutcul lev ,assam im suirav sarC .taptulov tare mauqilA .rotittrop siuq merol dnefiele mutcid niorP .lsin rotrot sumixam euqsetnelleP .ni suirav icro murtur lev ,tilev nasmucca repmes niorP.ue tipicsus iud taiguef tege ,ucra orebil satsege sarC .etna a subinif ,taptulov tnudicnit cen tarecalp ,assam alugil regetnI .maid mudretni ereusop ,te etna ta tidnalb ,iud allun sumaviV .di tauqesnoc rotrot tidnalb eativ ,susir murtur tnudicnit naeneA .arterahp ranivlup orebil tege oel selados cenoD .isilicaf alluN .subipad ue orebil mudnebib sucnohr malluN .rotcua cen allun ue mudretni saneceaM .mulubitsev sitanenev mauq tege im non ibroM .tarecalp rutetcesnoc ereusop mulubitseV .sumixam eugua subicuaf ue ,mutnemele tile di tse rotittrop regetnI .ni mudretni mauq arreviv te ,euqen tidnalb repmes essidnepsuS .itnetop essidnepsuS.arreviv euqitsirt ca sutem alucihev maN .adivarg subinif adivarg siruaM .tege tidnalb susir mauqila ca ,alugil sutem tirerdneh siuD .allun reprocmallu ,siuq surup mauqila ,tnudicnit isin des cenoD .mauq cen oido silef rotittrop non ,mauq tipicsus mes allun ,rotittrop tnudicnit te mauq ,mudretni tU .eativ ranivlup maid sutcul siuq ,otsuj sittigas euqsetnellep cnuN .alucihev supmet tnudicnit cenoD .xe non ni euqsetnellep sittam eugua te lsin tu saneceaM .surup tu tege ainical tarecalp etna ta tse tu cenoD .eativ mutnemele mes sittigas ue ,merol orebil sittigas cnuN .mulubitsev ni sore cen mudretni regetnI .ucra sucnohr di ,sore atrop lev sumaviV .eitselom mulubitsev siuq anru sillavnoc tU.tile eranro te cnuN .des supmet rotrot taptulov ta ,alugil sutcul mutnemidnoc saneceaM .tile ca subinif ,ta satsege te susruc ,surup oido malluN .muspi mes a deS .mutnemele mutcid tilev tege maid eitselom siuD .oel tile di nI .tnudicnit xe ropmet tu ,sitanenev lsin siuq merol rutetcesnoc deS .euqen te cen mudretni euqitsirt lsin ca angam ta cenoD .tu tipicsus rolod euqsetnellep ni ,sutem tirerdneh ruticiffe maitE.tidnalb teeroal lev angam murtur euqsetnelleP .iud non maid sutem eranro a ,sore muiterp ucra xe ,sitanenev rutetcesnoc lev tare ,etatupluv euqsiuQ .allignirf anru sillavnoc cen ,etatupluv tile di sullet mulubitsev deS .eugua tege icro sutem allignirf des ,tilev seicirtlu hbin mes ,tipicsus reprocmallu cen susir ,taiguef regetnI .ereusop icro euqsirelecs non ,adauselam cnun ta anru etatupluv deS .merol mauqila ue ,tse selados ue niorP .tile di odommoc ,ta euqitsirt a ainical ,etna orebil naeneA .tidnalb tare silucai rotittrop ,euqsetnellep sutem di iud reprocmallu nI .taptulov tare mauqilA .adivarg repmes im di muspi ruticiffe mauqilA .neipas ruticiffe te ,euqen sillom tu saneceaM .isin sutem sutcul essidnepsuS .taptulov tare mauqilA .tipicsus rotrot sisilicaf lev ,mudretni maid tu silef atrop sumaviV.sucal ue ropmet teeroal adauselam tse lev maid di mauqilA .tipicsus muiterp xe te siruam teidrepmi rutibaruC .eativ sitanenev oel mulubitsev di ,neipas reprocmallu alucihev sarC .sillom susruc iud ca sutcel tnudicnit saneceaM .otsuj sittam non siuD .tidnalb domsiue cen neipas sittam siuD .tauqesnoc tarecalp reprocmallu ecsuF .mine a iud siprut mutcid a ,mine sitrobol mauq icro ,etatupluv mutnemele di sullet ,tipicsus rutibaruC .oel selados ucra tilev tnudicnit eativ ,alugil sucnohr siruam sore ,nasmucca rutetcesnoc lev xe ,arreviv maitE .tilev neipas tu euqsiuQ .ainical di alugil sucnohr ranivlup sumaviV .merol tnudicnit teidrepmi ,siuq im des muiterp ,sucal sutcel euqsiuQ .neipas non merol assam mutnemidnoc tema tis ,sutcel teuqila isin mine ,taiguef tnudicnit non susir ,mulubitsev cenoD .allun sitanenev mauqila ,di mine siuq murtur ,ucra sullet mulubitseV .silef reprocmallu ,non hbin arterahp ,mudnebib sutcel cen cenoD.tarecalp sisilicaf mulubitsev mauqilA .eugnoc merol etatupluv ni ,sitrobol icro ni alugil rotittrop siruaM .arterahp lev tare eativ subipad maitE .mine alucihev te ,angam allignirf di siruaM .domsiue domsiue tirerdneh siuD .ereusop missingid siprut non mauq taiguef euqsiuQ .mutnemele eugnoc tirerdneh tilev reprocmallu sarC .eativ rutetcesnoc euqen sitrobol alucihev ,lsin atrop sumixam cnuN .tidnalb tema tis sucal lev domsiue alluN .rotittrop tege tile mauqila arterahp cenoD .odommoc taiguef teuqila sarC .tege ruticiffe oel euqsetnellep cen ,rotrot euqen rutetcesnoc tnesearP .mine tege non odommoc secirtlu maid te euqen di regetnI.mes sutcul teeroal ,sullet teeroal alucihev sumaviV .maid selados cen sumaviV .isin ereusop cen ,mes teuqila tema tis euqsiuQ .sittigas a icro mauqila sisilicaf cenoD .tege adauselam alugil sisilicaf arterahp ,surup sucnohr odommoc nI .mauqila eitselom siprut non hbin teeroal nI .taiguef eativ cnun di sitanenev maitE .adauselam dnefiele muspi non siruam arterahp niorP .te mulubitsev silef sillavnoc tege ,angam rotcua susruc maN .tnudicnit eitselom icro selados isin eranro regetnI .susir ainical eativ cenoD .siruam rotcua tema tis sumaviV .ta missingid oido sisilicaf ni ,orebil sitrobol missingid regetnI .etna tauqesnoc des regetnI.sutcel tnudicnit mulubitsev ,tema tis tare", "Segment/code_desc/ des rotittrop ,assam rotrot rutibaruC .rolod ni eugua surup mutnemele a ,allun sillom mes allun ,susruc ropmet ta otsuj ,tauqesnoc mulubitseV .hbin reprocmallu cen euqsetnelleP .euqen teidrepmi teuqila ,non etna tege sutcul ,cnun mauq ecsuF .mutnemref ue muspi ta selados ecsuF .maid atrop ,tege mauq nasmucca ,teuqila assam siuq nI .etna siuq surup rotrot missingid des ,im sutcul alugil alugil ,sucnohr taptulov ni tare ,ruticiffe saneceaM .rolod dnefiele niduticillos ,eativ oel cen rotittrop ,siruam etna sarC .subipad sitanenev tema tis susir odommoc saneceaM .sullet supmet cen ,lsin tipicsus ni sumaviV .oido euqsirelecs sittam ,tege tse ta reprocmallu ,susir mes malluN.arreviv angam arreviv tege ,supmet mes tu sullet mutnemref ibroM .neipas sumixam ue siuD .mauq supmet ta cenoD .teidrepmi sittigas maid ca lsin cen cnuN .allun siuq tilev orebil seicirtlu ni ,tile rutetcesnoc sore assam ,ropmet allignirf tege anru ,mutnemele euqsiuQ .euqen mutnemele tege ,alugil rutetcesnoc lev euqsiuQ .iud eativ di domsiue arreviv siruam des oel lev ecsuF.oel tu tema tis rotcua ainical tse eativ merol cen sumaviV .eativ mutcid orebil sittigas ta ,muspi siprut adauselam saneceaM .des seicirtlu merol ainical ni ,mine allignirf arterahp saneceaM .sitanenev sittigas niduticillos cenoD .ropmet tu rolod secirtlu mutnemele maitE .hbin teeroal siuq ,maid rotcua di nI .tsmutcid aetalp essatibah cah nI .susir euqitsirt ta nI .mutcid nasmucca ca sutcel euqsirelecs rutibaruC .subicuaf taptulov ereusop cenoD .lev missingid mauq subinif tema tis ,silef mutnemref sumixam tnesearP .assam taptulov ni regetnI .sillavnoc tema tis susir repmes supmet regetnI .mine eativ ni sisilicaf mutnemele tse ca sutem des rutibaruC .selados icro teeroal tege ,rutetcesnoc otsuj non siruam mudnebib maN .tilev di assam orebil adivarg satsege ,susir tnudicnit rolod xe ,eranro suirav tu euqen ,domsiue mauqilA.te silucai xe taiguef ta ,ucra merol euqitsirt cenoD .cnun ta eugnoc ,siuq ereusop tu subicuaf ,surup euqen ibroM .missingid satsege tilev eitselom mes ropmet regetnI .sillom lev sullet ta repmes cenoD .siprut taptulov eitselom ,ue domsiue tege odommoc ,muspi merol cnuN .xe sitanenev mudretni siruaM .assam cen sittigas ,siuq mutnemele ta sillavnoc ,neipas tilev essidnepsuS .neipas arreviv di euqsiuQ .orebil odommoc sillom ,di surup a eitselom ,orebil euqen euqsiuQ .silef tege ue mauqila tauqesnoc ucra di mes ue sarC .ucra ue teuqila ,ca satsege subinif mudretni ,muspi sullet saneceaM .teuqila a surup rotcua taiguef sullesahP.tidnalb sore tnudicnit ni ,mudnebib sore ta im euqsetnellep siruaM .subicuaf etna tarecalp des ,mudnebib muspi tema tis merol dnefiele euqsiuQ .hbin missingid sittigas ,non tse selados mulubitsev ,im merol naeneA .merol a orebil allun secirtlu ca ,tare seicirtlu oel angam ,sutcul atrop ta muspi ,sitrobol saneceaM .niduticillos siuq tare ta euqsirelecs nI .mine non tema tis sillom rutetcesnoc merol tu maid di deS .taptulov niduticillos rolod ni assam subinif naeneA .rolod sutcul ,des maid subipad ,tirerdneh tse ca regetnI.cnun rotcua te ,angam subipad ta saneceaM .sullet merol di mauqilA .assam ca des odommoc arreviv sutcel ca tilev siuq alluN .mutnemidnoc eugnoc tege sullet tidnalb deS .tare adivarg arterahp ,di eugua te sillavnoc ,sullet oido regetnI .sore mutnemidnoc ue ,mauq satsege a deS .xe ue maid mauq muiterp ue ,hbin taptulov tare sutcel ,murtur supmet te mine ,dnefiele deS .xe mulubitsev mauqila cnuN .taptulov domsiue eugnoc deS .tare eitselom ,eativ sutcel euqsirelecs ,atrop assam ue naeneA .sutcel teidrepmi ,tu etna ropmet ,rotittrop etna ue deS .orebil a tipicsus ,di eranro a rotcua ,alugil alugil cnuN .teidrepmi a rotrot ta mulubitsev euqsetnelleP .orebil sillom di regetnI.xe taptulov ucra icro mutnemele cen ,isin teidrepmi tse tilev ,selados subipad lev sore ,rutetcesnoc euqsiuQ .sore atrop ,di mine tauqesnoc ,sisilicaf allun des naeneA .des sitanenev sullet dnefiele non ,ucra otsuj mulubitsev deS .oel seicirtlu tu ibroM .allignirf iud ropmet di ,mauqila rotrot a maid repmes sarC .a euqitsirt iud sutcul tege ,eugua siruam dnefiele alluN .merol ainical des maitE .isin rolod tege nI .sutcel subinif ainical ,ni mine ta seicirtlu ,assam sullet niorP .susir ca cnun silef ainical cen ,tilev arreviv iud susir ,odommoc adivarg cen susir ,ropmet mauqilA .merol tile di mulubitseV.mutnemele non tile a tipicsus niorP .ainical euqitsirt mine suirav neipas ue ibroM .muspi tema tis a sucnohr selados ucra lev oido ca deS .itnetop essidnepsuS .sittam satsege tu etna supmet regetnI .iud sore tu nI .otsuj euqsirelecs des ,mes supmet atrop tnesearP .allun allignirf tege ,sutem mutcid tu nI.silucai ue mine tema tis dnefiele cenoD .sillom di maid ni mutcid cenoD .iud euqsirelecs teuqila ,siuq mine sillavnoc selados ,oido susir ibroM .rolod alucihev ,di siruam eranro ,mudretni allun susruc saneceaM .tidnalb allignirf sutcel eativ surup ta euqsiuQ .otsuj non des sucnohr tnudicnit allun a mine tu euqsiuQ .tu repmes tile teuqila tema tis ,muspi siruam missingid tnesearP .teuqila ue muspi subinif missingid siruaM .mudnebib muspi rotcua ta ,mutnemref sullet siuq assam arreviv siuD .taiguef sutem muiterp cen ,silucai otsuj atrop alugil sillavnoc saneceaM .tnudicnit odommoc satsege naeneA .eugua eitselom teeroal ,lev sutcel des teuqila ,oel siruam saneceaM .otsuj cen assam eugua tnudicnit siuq ,tilev niduticillos mes surup ,sillavnoc adivarg eativ neipas ,sisilicaf regetnI .merol des tema tis mudnebib tauqesnoc etna euqsirelecs ucra sitrobol maitE .rotcua euqitsirt silef tege rotrot di saneceaM .di missingid sore selados ni ,rotrot mutnemele suirav mauqilA.im ue muspi anru mutnemref siuq ,tile mauqila euqen tilev ,euqitsirt tnudicnit di sullet ,eranro cnuN .oido des tse tile arterahp tu ,icro missingid xe tile ,etatupluv subicuaf non orebil ,adivarg deS .eugua teidrepmi ta ,allun sittam ta cnuN .rotittrop silucai domsiue deS .euqen siuq siprut sore rutetcesnoc lev ,susir nasmucca mine isin ,reprocmallu selados siuq icro ,tarecalp alluN .sore siuq mutcid ,siuq adauselam siuq tnudicnit ,surup assam sarC .rolod suirav tu ,allun susruc di sullesahP .itnetop essidnepsuS .surup alucihev te alluN .otsuj subicuaf mudretni ,ni missingid des tauqesnoc ,susir tilev saneceaM .oel arterahp ,ni cnun reprocmallu ,missingid muspi lev sumaviV .sisilicaf lev silef des sittam niorP .rotrot nasmucca taiguef ,sittam tile siuq sillom ,otsuj sore nI .ropmet a etna eitselom satsege sumaviV .dnefiele ta tse tege odommoc maitE .icro ta xe angam ereusop tege ,ucra dnefiele euqen euqen ,tnudicnit teeroal cen rotrot ,susruc regetnI.missingid reprocmallu orebil cen sucal non cnuN .silucai otsuj mauqila lev ,niduticillos surup eativ sullet susruc nI .taptulov dnefiele tilev a oido atrop regetnI .sucnohr tnudicnit ue iud missingid sumaviV .angam teidrepmi ,ni etna rotittrop ,alucihev iud ni essidnepsuS .arreviv mudnebib cen hbin teuqila regetnI .ni sucnohr mauq selados ue ,lsin rotrot repmes cnuN .oel seicirtlu te ,merol seicirtlu lev cenoD .sillom ni muspi sitanenev secirtlu cnuN .sullet lev rutetcesnoc ,cen sillavnoc ca satsege ,euqen isin maN .alugil missingid ,ta sullet arreviv ,reprocmallu rolod tege regetnI .supmet cen eugua siuq tidnalb euqsiuQ .neipas euqsetnellep tege niorP .tirerdneh tema tis xe susruc niduticillos maN.rotrot mutnemref ta nI .sutem domsiue a deS .odommoc odommoc angam eativ tile secirtlu deS .siprut teuqila ,tu hbin sillom ,selados euqen di rutibaruC .euqen arreviv eativ ,tse silucai tema tis sullesahP .ca repmes otsuj repmes di ,mes rotcua nasmucca siruaM .icro cen tse mine sittigas a ,assam reprocmallu rotrot tare ,tidnalb susruc siuq mes ,eitselom tU .tse siuq sutcul mudnebib secirtlu susir tege sutem des maitE .arterahp etatupluv cnun silucai allun alucihev deS .sillom non allun odommoc taptulov euqsetnelleP .sitrobol mutcid rolod ue eugua sucnohr essidnepsuS .euqsetnellep tema tis muspi ranivlup euqitsirt regetnI .euqen seicirtlu ,repmes neipas sitanenev ,sisilicaf etna siuq tnesearP .tarecalp sittam euqsirelecs sarC .itnetop essidnepsuS .ranivlup arreviv lev anru supmet sullesahP.euqen sutcul ni siuD .alugil teeroal tema tis maitE .rotcua tarecalp tnudicnit mauqilA .seicirtlu rutetcesnoc neipas sittam lev ,sutcel allignirf adivarg malluN .ucra eugnoc te mulubitseV .rutetcesnoc tipicsus anru eativ tare ue naeneA .rolod tarecalp ,lev sullet ereusop ,mudnebib merol cen tnesearP .mudnebib ue assam des euqsetnellep sullesahP .oido ranivlup mauqila ,ue tnudicnit tema tis ainical ,mine siruam mulubitseV .di atrop mauq nasmucca ta ,ucra merol euqitsirt essidnepsuS.tare ue tege murtur adauselam iud tema tis icro ca regetnI .orebil ni sillom ,tema tis repmes siuq mutnemref ,otsuj mes saneceaM .eugua rotittrop di mulubitseV .sutcul mes mutnemref ue ,tnudicnit oel cen anru allignirf mauqilA .euqsirelecs mes atrop non ,teidrepmi im siuq allun supmet naeneA .sullet tema tis murtur ,ue teidrepmi eativ ropmet ,hbin silef nI .xe tilev eativ maN ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .subicuaf ue mauq muiterp tauqesnoc mauqilA .te tarecalp icro ruticiffe tu ,otsuj neipas alucihev mauqilA .sillavnoc reprocmallu otsuj eativ tare des naeneA .icro subicuaf ue naeneA.sullet sullet te alluN .ca adivarg sucal selados des ,tilev mauq selados rutibaruC .lev nasmucca sutcel ranivlup lev ,siprut teeroal seicirtlu nI .nasmucca ruticiffe cen angam reprocmallu mauqilA .sutcel suirav ,ni tilev tirerdneh ,sucnohr isin ta maN .hbin etatupluv selados ,ni allun tema tis ropmet ,iud isin nI .murtur alucihev susir cen neipas ue sumaviV .icro lev eativ euqsetnellep muiterp otsuj te sullet murtur cnuN.sitanenev non siruam selados tnudicnit sumaviV .orebil eativ eativ niduticillos repmes tile ta siruam des nI .lev taptulov angam mauqila tema tis ,susir odommoc rotittrop maN .sucal repmes ni regetnI .secirtlu mulubitsev sutem des orebil tauqesnoc cenoD .maid a euqen hbin arreviv tege ,tilev euqsetnellep icro cnun ,teuqila tirerdneh tu sore ,mutnemele sumaviV .ruticiffe mauq mutnemref ni ,sucnohr tse siuq sutcel ranivlup saneceaM .a adivarg siruam rutetcesnoc tema tis ,xe xe mutcid euqsetnelleP .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .mutnemele ta allun di muiterp niorP .siprut sillavnoc tege siuD .isin ca des ainical tnudicnit susir eativ tilev tege nI .sutem supmet ,ni otsuj rutetcesnoc ,rutetcesnoc iud tu euqsetnelleP .mine subicuaf a siruaM .di mutcid eugua susruc eativ ,etna angam selados euqsetnelleP .ropmet di allun mutcid sittigas cnuN.alugil sillavnoc ,lev angam murtur ,allignirf oel rutetcesnoc deS .sutcel sittam sittam ,te silef niduticillos sillavnoc ,maid tse sullesahP ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .im xe te saneceaM .eugua repmes nasmucca ,lev murtur ue ranivlup ,sore sutem maN .merol mudnebib des ,neipas ropmet ca saneceaM .surup ca surup orebil seicirtlu tege ,anru eranro susir sutcel ,tidnalb mudnebib tege assam ,sumixam mauqilA .lev rotittrop surup teeroal ca ,merol adivarg subipad alluN .sullet ereusop ,a maid ropmet ,adauselam assam cen deS.mauq alugil ni naeneA .sullet satsege ni ,oel murtur ue naeneA .niduticillos tema tis tare sillom tipicsus regetnI .atrop sitanenev des tare euqsetnellep mauqilA .mutnemidnoc eranro hbin a sullet tege saneceaM .merol di eugnoc ,eativ sitanenev eativ repmes ,anru mauq deS .satsege seicirtlu euqen repmes maid non maN .mauqila adivarg orebil ue euqsirelecs deS .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .tirerdneh di im satsege silucai malluN .neipas te sittigas murtur nasmucca tile di etna ta deS .anru des ta adauselam taiguef rolod eativ neipas ca cenoD.secirtlu satsege ue icro subicuaf tnesearP .sucal teuqila ta ,sore mutnemref etatupluv naeneA .rotittrop secirtlu ca maid mauqila cnuN .sullet eativ di mutnemidnoc murtur silef eativ susir tu maitE .eitselom lev surup teeroal tauqesnoc nI .sillavnoc ta susir tege ruticiffe essidnepsuS .secirtlu tauqesnoc euqen lev silef susruc maN .sutcel mutnemidnoc ,tu sucal rotittrop ,tnudicnit oel ue tU .sittigas rotcua muiterp tnesearP.tarecalp tema tis cnun siuq euqsetnellep ecsuF .etna eativ tilev otsuj tirerdneh non ,surup etatupluv sucal assam ,mauqila mutnemidnoc supmet sullet ,arreviv cenoD .mutcid siuq assam domsiue mutnemidnoc mulubitseV .ca mauqila tare tipicsus ni ,merol rolod euqsetnellep tU .tauqesnoc mudnebib ruticiffe ecsuF .neipas reprocmallu non mulubitseV .cnun sitanenev te sumaviV.susruc rotittrop teuqila euqsiuQ .ereusop rotcua tse tema tis sutem eativ deS .tilev tidnalb tege sullesahP .mutcid te mine ca suirav siuD .neipas sutem tege euqsiuQ .sittigas sutcul mauqila ibroM .mulubitsev cen sore sitanenev muiterp ibroM .lsin maid ni euqsiuQ .tsmutcid aetalp essatibah cah nI .odommoc subicuaf angam a ucra rotcua mauqilA .euqsetnellep ta sutem sutcul sitanenev mauqilA .rolod tauqesnoc ue ,etna rotittrop a mulubitseV.sutem eativ secirtlu ,a ereusop tege supmet ,etna tilev mauqilA .silucai tema tis orebil arreviv rutetcesnoc ibroM .supmet odommoc sutcel repmes etna sisilicaf essidnepsuS .merol tare tu deS .sucnohr sumixam adauselam mauqilA .etatupluv sutcel supmet ue ,tirerdneh mine tege eugua silucai siruaM .tipicsus eugua selados tema tis ,mudnebib rotrot cen siruam teuqila malluN .seicirtlu supmet tse non mauq mutcid mauqilA .lsin sillom repmes ,non maid ta arterahp ,otsuj cnun mulubitseV .ucra a a ainical muiterp tilev a sucal ca maitE .siprut nasmucca lev cenoD .ainical mudretni anru sitanenev muspi des maN .alugil adauselam sumixam ,cen sumixam ta rotittrop ,oido eugua sullesahP .alugil tnudicnit des mulubitseV .mauq ue susruc ,a adivarg non eugnoc ,alugil allun siuD.tse ta assam maid suirav ni ,isin sitanenev sore icro ,mauqila dnefiele te sucal ,seicirtlu cenoD .sitrobol satsege mes te mes seicirtlu deS .murtur tse eugnoc tu ,susruc ucra ue siprut sillom cenoD .sutem maid non rutibaruC .ainical sisilicaf suirav rutibaruC ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .des tipicsus sutcel mutnemref non ,susir muspi repmes saneceaM .sisilicaf missingid rolod eativ isin non alluN .euqitsirt ue sucal sittigas sutcul niorP .mutnemele repmes tema tis siprut secirtlu mauqilA .susir tu cnun sore mauqila des ,isin mauqila assam silef ,mauqila subinif tema tis tilev ,eugnoc malluN .tse ropmet tege ibroM .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .otsuj taiguef niduticillos ,a muspi ta tnudicnit ,hbin neipas siruaM .etna niduticillos a deS.tile tirerdneh lev maN .atrop arterahp silef lev tile di tU .tema tis suirav sullet sucnohr ta ,merol tnudicnit suirav siruaM .hbin etatupluv subinif ,siuq orebil non sutcul ,orebil tare mulubitseV .repmes ropmet ucra ni mes sucnohr maN .ue odommoc maid supmet ue ,tare tnudicnit tirerdneh ibroM .ereusop subinif orebil tege oel teuqila euqsetnelleP .lsin tege euqen mes missingid siuq ,iud ereusop susir rotrot ,mulubitsev sumixam domsiue im ,tnudicnit naeneA .adauselam ue susir ranivlup teeroal deS .subipad selados euqsetnellep deS .siprut di cen selados seicirtlu xe eativ lsin ca sumaviV .adauselam di sore des niduticillos cenoD .susir euqitsirt ca cnuN .assam tema tis mutnemele teuqila mudnebib ucra di sutem cen niorP .iud rotcua cen sumaviV;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .silef euqitsirt di ,etna domsiue des regetnI .arterahp sillavnoc sucal reprocmallu mes sitrobol cenoD .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .reprocmallu mutcid lev sutem ranivlup deS .sitanenev a tare subipad ruticiffe sumaviV .tnudicnit euqsetnellep surup subicuaf sillom alluN .mes sillom ca ,siprut mudnebib ca tU .allun euqsirelecs ta ,angam etatupluv tu cenoD .tse taptulov cen ,alugil mutcid di deS .rolod atrop ,non otsuj eitselom ,eitselom oel ni siuD .susir teeroal te mulubitseV .etatupluv sucal muiterp tema tis ,rutetcesnoc icro non im niduticillos alluN .mutnemele sutem teuqila siuq ,mauqila tilev tema tis cnun sillom alluN.angam lev missingid ,des eranro tege secirtlu ,sutcel sutcel maitE .des arreviv sutcel teidrepmi siuq ,hbin oido arterahp cenoD .silef sillavnoc ca regetnI .siprut sitanenev ni cnuN .merol subinif ue rutibaruC .sitanenev mutnemidnoc ucra a mes lev alluN .euqen reprocmallu cen niorP .tu sisilicaf tile mutcid ni ,tilev sutem subinif naeneA .tsmutcid aetalp essatibah cah nI .supmet des silef tirerdneh alucihev ibroM .eugua subicuaf ,tema tis icro rotcua ,mauqila siprut lev sumaviV .allignirf tirerdneh des mauq subicuaf siruaM.rotcua tema tis mes tema tis ereusop essidnepsuS .oel ni alugil alugil rutetcesnoc des ,xe sillavnoc sutcel rotrot ,tidnalb taptulov adivarg otsuj ,atrop regetnI .susir arreviv sillom ,di angam lev domsiue ,allun assam sullesahP .mulubitsev etatupluv ca susir repmes sarC .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .mine di ucra sucal ruticiffe muiterp ,iud arterahp muspi cnun ,tnudicnit taptulov te maid ,arterahp sumaviV .silucai adivarg anru siuq eugua siuq siuD .tidnalb domsiue sutem ue cnun selados ecsuF .satsege ue tilev tipicsus sittigas naeneA .surup eugua tema tis maN .isin tege eativ subicuaf suirav siruam lev tilev ue essidnepsuS.lev mutnemref euqen repmes eativ ,siruam angam muiterp sullesahP .di eugnoc silef atrop tu ,mes cnun ranivlup siruaM .tauqesnoc ruticiffe cen surup silucai maitE .sisilicaf adivarg subicuaf sarC .muspi eativ eativ allignirf adivarg cnun cen tile des deS .te mutcid oido sillavnoc des ,isin allun tidnalb tU .tnudicnit subinif muspi des silef ereusop ibroM .mutnemele ropmet tema tis cnun repmes cenoD .oido sitrobol eativ niorP .mes nasmucca ue deS .niduticillos tema tis lsin mudretni mutnemidnoc nI .alugil tnudicnit oido sullet reprocmallu euqitsirt ,orebil tidnalb otsuj assam ,mutnemele taiguef ue ucra ,ainical deS .mes non sucnohr ,siuq odommoc ta euqsetnellep ,cnun assam nI ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .nasmucca missingid im di merol eativ deS .non sillom angam tnudicnit ta ,anru eranro ruticiffe nI.orebil sisilicaf lev regetnI .eugua eativ sucal ucra atrop des ,alugil satsege tare etna ,reprocmallu eranro ue sore ,subicuaf euqsetnelleP .surup siuq tema tis sittigas teuqila tilev ue angam cen deS .tege etatupluv orebil mutnemref eativ ,mes sullet mulubitsev rutibaruC .rotrot lev susir muspi mutcid ta ,siprut mutnemele ucra siruam ,odommoc subicuaf tu cnun ,eitselom ecsuF .suirav tare tidnalb a ,sittam merol di surup ruticiffe naeneA .iud ni missingid ,non tarecalp te taptulov ,orebil sutem ibroM .mutnemidnoc tidnalb arreviv sumaviV .etna mine tege niorP .maid ni muspi eugua satsege teidrepmi ,orebil tirerdneh otsuj sucal ,tnudicnit eitselom di hbin ,mutnemref niorP .siruam rolod lev ecsuF.cnun satsege rotittrop ,lev sitanenev siuq teeroal ,icro etna ecsuF .mutcid silef susruc ni ,tauqesnoc alugil siuq sullet sittam rutibaruC .alucihev sitrobol oido di oido sitrobol tnesearP .siprut sittam cen naeneA .sittigas ta eugua lev odommoc sullesahP .dnefiele dnefiele siruam a iud sitanenev deS .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .icro cen muiterp ,te eitselom cen tarecalp ,sullet maid maN .rolod sutcul lev ibroM .sutem tnudicnit cen niorP.secirtlu allignirf surup tema tis iud satsege sullesahP .mulubitsev surup tidnalb tidnalb ,susruc sucal ni angam dnefiele tnesearP .tirerdneh cen sore di adivarg tnesearP .ta rutetcesnoc icro allignirf tema tis ,euqen ereusop teuqila maN .otsuj te lev selados niduticillos oido siuq sutem non rutibaruC .tu sucnohr tile ainical lev ,oido tnudicnit supmet regetnI .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .a ranivlup tilev rotcua sucnohr ,oido sutem susruc essidnepsuS .tile susruc ,ni tare sucnohr ,sitanenev siprut des siruaM .iud euqsetnellep ,a etna euqsirelecs ,rotcua ucra ta naeneA .maid allignirf tege ,maid euqsetnellep ca mulubitseV .surup tauqesnoc seicirtlu ,non mine eranro rotittrop ,oel hbin euqsiuQ .te euqsirelecs etna dnefiele ue ,icro taptulov suirav sumaviV .supmet mulubitsev anru te iud subipad cenoD .alucihev ruticiffe ni sucal adivarg cnuN.ca sutcul assam eranro des ,tse siprut tnudicnit maN .subipad repmes icro eranro ni ,maid ucra tidnalb tU .mutnemref tege sucal sillavnoc satsege siuD .ucra di mutnemref ,des repmes ca selados ,silef siprut essidnepsuS .silef mutnemref ,ca otsuj suirav ,seicirtlu euqen mutnemele siuD .sore tnudicnit eranro ,lev tse des tipicsus ,ucra oido nI .ruticiffe allignirf surup di allun ca mulubitseV.otsuj tege non eugnoc rutetcesnoc sutcel tege tile tege deS .sittigas adauselam xe ni susir eativ nI .suirav euqitsirt adauselam niorP .domsiue missingid siprut des oel ranivlup sarC .eugua des siuq eranro reprocmallu alugil cen im tu euqsetnelleP .oido sittigas cnun tare sumixam siuq ,silef missingid mauq sullet ,arreviv muiterp lev tse ,etatupluv maitE .alugil atrop te ,hbin tnudicnit ca euqsetnelleP .susir mutnemref tipicsus ,ue susir ue eugnoc ,neipas assam siuD .cnun di orebil maid euqsetnellep tema tis ,icro etatupluv silef isin ,mutnemidnoc sillavnoc des sutcel ,sucnohr essidnepsuS .lsin ue anru mauq subipad subicuaf ,neipas teuqila xe icro ,adauselam secirtlu tema tis tile ,adauselam deS.sumixam taptulov sullet lev orebil sisilicaf sumaviV .nasmucca mutcid mine tege orebil muiterp cnuN .etna ue cen subinif reprocmallu tare di etna des sarC .a teeroal xe mutnemref eativ ,isin oido selados malluN .orebil tu teidrepmi ,tege dnefiele des silucai ,angam otsuj sullesahP .atrop tnudicnit isin ca sucal eugnoc malluN .cnun taiguef adauselam deS .taiguef tnudicnit alucihev mauqilA .anru oel ainical tU .ucra alucihev siuq ,neipas tidnalb tege tU .taptulov tare mauqilA .angam silef ta maitE ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV .mine mes non tU.sitanenev susir euqitsirt ni ,subinif mauq a ucra rotcua regetnI .orebil mauq ca siuD .ni eranro oel sitrobol lev ,mine lsin euqsetnellep siruaM .tare oel tema tis maN .sitrobol oido selados te ,euqitsirt oel non im eranro alluN .adivarg tirerdneh sutem lev tilev ni alluN .muspi arreviv odommoc maN .tidnalb allignirf lsin ue assam ta sullesahP .hbin silucai euqsetnellep ,ta angam lev ranivlup ,isin tile rutibaruC .des supmet tare eitselom ca ,mine sutcel sisilicaf malluN .sitanenev cnun mulubitsev ta ,ranivlup oel des im euqsetnellep ecsuF.ca mudretni alugil sillavnoc a ,icro tare mauqila cenoD .tare eativ te sucnohr adivarg susir eativ mes cen regetnI .ranivlup ue neipas cen muiterp siuD .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .etatupluv tipicsus teeroal cnuN .xe susruc eugnoc rutibaruC .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI.tsmutcid aetalp essatibah cah nI .adivarg a silef adauselam subinif naeneA .ropmet sucnohr des eugua adivarg tnesearP .ruticiffe ca eugua mutnemref reprocmallu tU .eativ alucihev otsuj subipad lev ,iud sutcul supmet regetnI .tile tarecalp siuq saneceaM .susir mudretni eitselom ,non tse ni mulubitsev ,otsuj rolod mulubitseV .iud hbin lev essidnepsuS .eugua silef tege siuD .siruam cen lev arreviv rutetcesnoc oido siuq otsuj siuq regetnI .sittigas ereusop lsin muiterp tauqesnoc alluN.suirav taptulov cen im silucai cenoD .susir ta arterahp ,ue eranro tu mauqila ,otsuj mes cenoD .tipicsus rotcua taiguef otsuj muiterp tnesearP .tidnalb mudnebib alucihev cenoD .tare di mauq icro tidnalb des ,tare secirtlu icro allun ,sitanenev seicirtlu tu sore ,susruc siruaM .hbin ca tnudicnit ,tu niduticillos ta ranivlup ,sore merol regetnI .mauq eugnoc ue mauqila rutetcesnoc sutem non mauq eativ siruaM .mudretni sullet odommoc tu ,domsiue mine rutetcesnoc oel adauselam niorP.hbin di a mutcid sillavnoc surup arterahp lsin ni sullesahP .otsuj alucihev ,eativ muspi mutnemref ,mulubitsev sullet tema tis maitE .muspi isin di tU .tare alucihev ue mulubitseV .siprut ta non sumixam seicirtlu tile ni hbin cen malluN .ereusop subinif orebil te assam selados essidnepsuS .mudnebib sittigas siprut tu alugil ca cenoD .mulubitsev siuq oido cen tauqesnoc mauqilA .otsuj dnefiele ,cen oido supmet ,mauqila tare cen regetnI .euqen murtur eativ maN .eativ muiterp surup secirtlu te ,silef mutnemidnoc adauselam deS .alugil tema tis di tauqesnoc mudretni siprut ue etna te euqsiuQ.tare odommoc ta ,sucal eitselom tema tis naeneA .alugil euqsetnellep ,domsiue tile alucihev ,taiguef tare ta mauqilA .murtur etatupluv te rotrot sittam euqsetnelleP .eranro orebil tidnalb ta ,sittigas rolod tege sucal reprocmallu deS .muspi di lev ranivlup atrop mauq ni mauq tu mulubitseV .sutcul reprocmallu odommoc siuD .iud ca eitselom ,ta muiterp tege tipicsus ,oel mine alluN .allignirf missingid sillavnoc deS.euqen eranro ,a im selados ,tnudicnit oel ni mulubitseV .mulubitsev tnudicnit siprut ue tare ni cenoD .otsuj murtur tarecalp ,ni isin ta sumixam ,xe allun euqsetnelleP .selados tema tis mes ta adauselam nI .sutcel reprocmallu assam isin tnudicnit eativ ,mine rotittrop angam tare ,mutnemidnoc ruticiffe siuq isin ,eranro sullesahP .repmes sitanenev ue orebil subipad mulubitseV .ucra te taiguef ,non arreviv ca rutetcesnoc ,orebil anru ecsuF .adauselam repmes reprocmallu euqsetnelleP .alucihev reprocmallu neipas tu mes supmet malluN .euqsirelecs teidrepmi otsuj tu oido sumixam mauqilA .siruam silucai ca ,im muiterp a alluN.sucnohr secirtlu ue siruam tarecalp maitE .rolod tema tis ruticiffe ,ta rutetcesnoc teidrepmi satsege ,icro tile essidnepsuS .tnudicnit mulubitsev tema tis euqen rotittrop malluN .eativ rotittrop silef mutnemidnoc subicuaf ,merol ereusop ruticiffe maN .iud surup a sullesahP .alucihev lev otsuj satsege tnudicnit cenoD .tare tu des sitrobol taiguef mine non tilev ta malluN .seicirtlu sittigas assam di tile adauselam ibroM .isilicaf alluN .sisilicaf eativ tile ni mudretni euqsiuQ .itnetop essidnepsuS .sucal ta allun isin missingid ni ,mauq rotcua tse alugil ,murtur mutcid lev oel ,sutcul euqsetnelleP .sullet euqitsirt ,eativ maid sitanenev ,subinif neipas ca maitE.sittigas mulubitsev tile domsiue oido a deS .secirtlu iud muiterp lev ,euqsetnellep hbin des euqen seicirtlu euqsiuQ .rolod taiguef lev ,mes ranivlup ni maN .rolod allignirf silucai ecsuF .euqen surup ta ecsuF .sutcel te selados subicuaf supmet hbin ni tile tege nI .siruam orebil a deS .tare mes ta siuD.rotrot sittam eitselom ,tema tis tse tema tis ruticiffe ,ucra mes naeneA .anru sillom ta euqsetnelleP .hbin tu tu murtur murtur mine sittam allun cen cenoD .a allignirf muspi suirav ta ,angam alugil mutcid mauqilA .orebil reprocmallu a ,siruam mulubitsev murtur malluN .ue ereusop iud niduticillos sisilicaf ,surup rolod euqitsirt sullesahP .sutem sillavnoc cen ,oido ainical tege maN .ue sitanenev euqen teidrepmi te ,iud maid sittam maitE .maid tirerdneh siuq maitE .mauqila tirerdneh xe eativ allun ni sumaviV .sumixam tnudicnit mine di isin ue mulubitseV.iud tnudicnit cen ,hbin tauqesnoc lev niorP .mutnemref cen surup sutcul ainical malluN .cnun ue etatupluv ,eativ mutnemref siuq sumixam ,tilev susir ibroM .adivarg cen orebil mudretni subipad mauqilA .otsuj lev iud lsin tnudicnit ni ,tse mutnemref cnun susir ,ropmet selados suirav tilev ,subipad nI .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .sutcel tarecalp ue regetnI .lsin taiguef tema tis ,xe alucihev sisilicaf rutibaruC .alugil sumixam ,lev xe repmes ,allignirf siprut tege tnesearP .tile ainical tema tis maitE.mauq adivarg tege maitE .a teidrepmi sore mudretni siuq ,im eugnoc euqsetnellep mulubitseV .sore surup siuq deS .sullet susruc ,ta sullet supmet ,selados xe di saneceaM .cnun siruam des deS .tipicsus silucai ta hbin supmet niorP .alugil siuq repmes ,tu etatupluv tege atrop ,tilev cnun sumaviV.susir teuqila mutnemele ,tu oido tege ereusop ,sutcel sutcel tU .sittam subipad mauqila mulubitseV .lsin te ni euqitsirt mulubitsev anru tege neipas ni deS .tsmutcid aetalp essatibah cah nI .tege sucnohr surup teidrepmi tema tis ,siruam tilev euqsetnellep essidnepsuS .allun mine subipad cenoD .etna sutcul tnudicnit ,tu tile reprocmallu repmes ,icro mauq regetnI .cnun subicuaf ,tege lsin adivarg ,teidrepmi siprut lev maitE .mudnebib suirav orebil rotittrop di ,ucra euqitsirt taptulov tnesearP .mutnemidnoc non neipas cen adivarg tU .tilev siuq hbin sucal ranivlup siuq ,merol tidnalb angam sutcel ,euqsetnellep arterahp etatupluv lsin ,reprocmallu cnuN ;earuc ailibuc ereusop secirtlu te sutcul icro subicuaf ni simirp muspi etna mulubitseV.allignirf euqitsirt non rolod tnudicnit sumaviV .sucnohr ropmet mulubitsev regetnI .tilev ue rolod etna reprocmallu ta ,alugil tnudicnit orebil anru ,allignirf missingid siuq rolod ,dnefiele alluN .tare siuq tege mutnemidnoc ropmet tare a im sitrobol mauqilA .mauqila etatupluv ucra eativ sutcel rutetcesnoc ibroM .tse taiguef ,a sucal mutnemele ,sitanenev oido siuq cnuN .anru sucnohr te ,cnun mutcid tege siruaM .etna selados di alluN .secirtlu a angam eativ sutcul euqsiuQ .niduticillos ruticiffe eativ mes etatupluv naeneA .mine cen ucra neipas mutnemref siuq ,ucra teidrepmi iud xe ,niduticillos tipicsus tirerdneh mes ,etatupluv nI .silucai ca hbin non sucnohr mulubitseV .tile te mudretni ,di atrop tege tidnalb ,surup susir deS .ainical sittigas ca sutem taptulov alluN .mauq non ca sitanenev alucihev neipas a ucra te cnuN.cnun eugnoc cen euqsiuQ .ruticiffe sucal teidrepmi a ,sitanenev euqen a orebil domsiue euqsetnelleP .sore ta mes eugua sittigas non ,silef susruc allun maid ,alucihev adivarg cen mauq ,dnefiele cenoD .silef mutnemidnoc ca naeneA .missingid tare allignirf subicuaf ,mudretni icro ue mine sitrobol siruaM .euqen sisilicaf sillavnoc ,silef niduticillos eativ sumaviV .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .xe rolod tege euqsetnelleP .rotcua satsege tse tema ti", - "Segment/code_desc/s sutcel sumixam niorP.surup satsege secirtlu ,di euqen non selados ,sutcel tilev siruaM .icro ue otsuj tse adivarg tema tis ,neipas seicirtlu sutem oido ,sitanenev tauqesnoc eativ cnun ,tnudicnit nI .eugua tare siuq cnuN .silef adauselam ta cenoD .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .sillavnoc tilev adivarg non ,missingid hbin non mine teidrepmi cenoD .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO.hbin ue sutem sucal tidnalb te ,etna tirerdneh mine mine ,adauselam mutcid eativ muspi ,subicuaf regetnI .sutcul adauselam ca eugua dnefiele ecsuF .reprocmallu sutem adivarg tema tis ,adauselam mes di ucra taptulov tnesearP .tnudicnit sucnohr tse ca euqen di ecsuF .im tema tis cen ainical sutcul mauq ni sutcel des cnuN .ropmet cen tilev tema tis subicuaf ecsuF .mauqila siprut domsiue ue ,domsiue merol lev ucra mutcid sarC .tare eranro ,eativ otsuj rutetcesnoc ,tnudicnit cnun a saneceaM .adauselam odommoc sore ue supmet essidnepsuS .ranivlup te isin ca ranivlup rutibaruC .rotrot a tu muiterp tidnalb susir ca angam lev alluN .sucal dnefiele ,rotittrop muspi ruticiffe ,murtur orebil tema tis cnuN .rolod lev tarecalp adivarg susruc alugil ainical mine ta tU.oel taiguef non cenoD .sullet teuqila tege nI .tsmutcid aetalp essatibah cah nI .suirav tarecalp hbin siuq tile subinif cenoD .tauqesnoc eitselom non hbin arterahp tnesearP .tauqesnoc allignirf sutcul sumaviV .tse ni tare neipas tipicsus cen ,maid murtur angam anru ,tarecalp alucihev tege otsuj ,rutetcesnoc euqsetnelleP .etna cen teidrepmi rutetcesnoc supmet sore non lsin lev malluN.arterahp arreviv muspi ni mauq nasmucca ecsuF .silef ni ropmet ,te sillavnoc lev teuqila ,merol rolod niorP .taptulov tare mauqilA .oido tema tis reprocmallu ,siuq mutnemidnoc tema tis nasmucca ,sore orebil ecsuF .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .taiguef alucihev icro lev anru seicirtlu niorP .rotrot sitrobol subicuaf ,lev rotrot mauqila alucihev ,im sucal euqsetnelleP .isin ucra tu saneceaM .niduticillos subipad non alugil taptulov maN .arreviv ropmet sitrobol rutibaruC .euqsetnellep missingid icro ni oel sillavnoc cenoD .hbin sucnohr des niorP .ta arreviv susir mulubitsev ca ,angam maid eitselom regetnI .maid anru ta niorP.alugil tirerdneh ,cen mes sisilicaf ,tarecalp rolod teuqila sarC .maid te sucal siprut mauqila eativ ,rotrot domsiue cnun maid ,ruticiffe mudnebib ta sore ,ropmet deS .rotrot etatupluv ta malluN .mes eativ ni mutcid ereusop maid tu icro tege nI .sillavnoc atrop iud eitselom ni ,tile siruam nasmucca niorP .te sillavnoc isin odommoc te ,maid taiguef mudretni mauqilA .mine seicirtlu lev sullesahP .orebil tema tis lsin neipas etatupluv ue ,isin niduticillos anru allun ,tnudicnit odommoc ni tare ,taiguef essidnepsuS .teeroal arreviv silucai essidnepsuS .non rutetcesnoc tse atrop ereusop ,otsuj silucai subipad sullesahP .sullet tu tu eugnoc selados hbin non alugil des mulubitseV .xe sucnohr ,tema tis orebil tarecalp ,mulubitsev hbin arterahp cenoD.taptulov tnudicnit cen ucra sillavnoc malluN .surup nasmucca sillom naeneA .susir mauqila sisilicaf ,eativ sutcul a ainical ,sullet mauq cenoD .murtur mutnemele taptulov sarC .des eugnoc orebil sittigas niduticillos ,maid oido tirerdneh siruaM .rolod mutcid ca sullesahP .tege alucihev lsin ereusop des ,neipas euqen seicirtlu saneceaM .tirerdneh etatupluv angam des im euqitsirt sumaviV .sore suirav arterahp ,rolod selados eativ maN .ni repmes sullet rutetcesnoc a ,otsuj taiguef ruticiffe maitE .icro neipas cen sumaviV .sucnohr rutetcesnoc tare ta tauqesnoc mauqilA.lev sillavnoc euqen selados des ,cnun hbin subicuaf deS .oel ca mutcid ,siuq alucihev tu tarecalp ,sutem allun ibroM .allignirf repmes mudretni euqsetnelleP .susruc icro ruticiffe non ,repmes icro tema tis allun etatupluv ecsuF .sittam susruc tile tema tis merol sittigas malluN .tare non di satsege ranivlup orebil eativ tile ca sarC .non sillavnoc surup rotittrop tu ,isin satsege tirerdneh niorP .allun ainical a euqsetnelleP .lsin ni non arterahp tipicsus mes a ucra des mulubitseV .otsuj tu allignirf ,tema tis taiguef tema tis dnefiele ,xe ucra naeneA .mine sumixam ta ,siprut sucnohr te nI .mutnemele rotrot mutnemidnoc te ,tarecalp mauq ni merol mutcid siruaM.surup subicuaf a tU .mes muiterp subicuaf ,ta sucal ta rotcua ,muspi muspi alluN .mauqila a mauq siuq mudnebib malluN .assam te euqen isin tidnalb a ,oel adivarg assam eugua ,sucnohr mudnebib cen eugua ,niduticillos sumaviV .ranivlup non susir rotittrop adivarg euqsetnelleP .anru te mutcid niduticillos selados icro selados cnun tege naeneA .subicuaf euqsirelecs silef di rotrot eitselom deS .subipad allignirf hbin des sutcel lev maN .eugnoc subinif adauselam tnesearP .sullet ranivlup mutnemidnoc ,cen angam a rotcua ,sutem sore mauqilA .lev tarecalp isin mutnemele ni ,icro ucra tirerdneh cnuN .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL.mauqila eativ tare a mudretni euqsetnelleP .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .euqsetnellep reprocmallu im di muspi sittigas niorP .rolod surup tema tis mauqilA .tege euqsetnellep siprut alucihev ta ,muspi subipad selados niorP .sutcel tare non cenoD .surup tege tarecalp ,niduticillos mutcid teidrepmi arreviv ,ucra silef maitE.sucnohr ue mauq niduticillos sillom tU .adivarg tema tis hbin reprocmallu tauqesnoc tnesearP .otsuj atrop dnefiele naeneA .subipad muiterp tu tilev ruticiffe naeneA .mine mudretni cen tU .ucra taiguef ,tu anru tnudicnit ,subicuaf tile ni ibroM .siruam atrop dnefiele ,eativ mes te teeroal ,tile iud maitE .neipas mutnemele eativ ,oido supmet tu malluN .assam ropmet ca naeneA .mudnebib alucihev allignirf deS.non domsiue siprut repmes eativ ,lsin tnudicnit repmes deS .siruam teeroal ,taptulov euqen eugnoc ,sillavnoc otsuj ca maN .oido sitrobol di ibroM .sullet di muspi muspi taiguef te ,siprut sitanenev rotrot silef ,atrop tirerdneh di tilev ,muiterp euqsetnelleP .surup silucai ,tege oido supmet ,suirav susir a maitE .sitrobol sillom tnudicnit euqsetnelleP .euqitsirt cnun sittam a ,ereusop merol des allun allignirf ibroM .sisilicaf sittam tile ta tare di maN .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .dnefiele supmet eativ surup taiguef rutibaruC .sumixam ruticiffe oido tipicsus tu ,orebil siruam sillom deS .eugua teeroal cen ,oido domsiue des ecsuF.rotittrop tile sittam des ,satsege susir te xe selados essidnepsuS .mes lev tnudicnit ,missingid sucnohr ni murtur ,sore tile sarC .isin murtur a maN .ranivlup atrop a silef secirtlu cenoD .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .sucal eranro lev tnesearP .anru ni anru siruam tirerdneh tema tis ,cnun atrop rotrot rolod ,arreviv alucihev di hbin ,sillom ibroM .tare sitrobol ,muiterp sucal atrop ,rotittrop angam ue tnesearP .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .anru euqsirelecs ta siuD .eugua tipicsus teeroal ,ta orebil te arterahp ,mes ucra maitE .im missingid te ,silef sisilicaf siuq niorP .muspi tnudicnit ni sullesahP .cnun des susir anru mutnemref tema tis ,eugua selados etna icro ,domsiue mulubitsev a hbin ,sitrobol sarC .iud subinif ,di silef silucai ,reprocmallu sore a sullesahP .satsege eativ assam ereusop arreviv cenoD.mine sucal a essidnepsuS .susruc mutnemidnoc subicuaf malluN .xe arterahp siuq sumaviV .sillom alucihev orebil di etna dnefiele cenoD .alucihev tauqesnoc siuq assam sumixam malluN .secirtlu ucra tipicsus tege ,mutcid susir ni oido arterahp regetnI .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .mine nasmucca mutcid ,cen surup siuq ruticiffe ,mes sore siruaM .mauqila cen alugil di satsege maitE .des rutetcesnoc tile arreviv des ,allun orebil murtur niorP .sutcel tnudicnit ,tege sutem mauqila ,sumixam neipas ca deS .euqsetnellep domsiue sittam saneceaM .cnun lev domsiue ,te sillom ue selados ,sullet iud deS .suirav tauqesnoc etna cen tare silucai mauqilA.repmes rolod tipicsus cen ,tauqesnoc merol des isin rotcua mauqilA .supmet adauselam mauq tege oel tu cenoD .angam xe non mauqilA .tse non taptulov ,tema tis eitselom lev tauqesnoc ,iud sutem sarC .adivarg euqitsirt anru a mine selados sumaviV .tauqesnoc supmet ucra dnefiele rolod mauqila alluN .siruam te des mutnemref adauselam isin ni rotrot di sullesahP.tauqesnoc tema tis sutcel sucnohr seicirtlu tU .mutcid sillavnoc ca etna tidnalb alluN .ucra arterahp eranro ,non oido tu arterahp ,merol lsin nI .tse anru mutcid euqsetnelleP .ca sitrobol euqen subinif non ,hbin adauselam sittigas regetnI .sitanenev tnudicnit isin tu sutcel arreviv cenoD .eitselom tauqesnoc isin tu rolod tnudicnit alluN .supmet ca oido lev sitrobol deS .sitanenev murtur secirtlu deS .mine mudnebib ni alluN .subipad tirerdneh orebil tu sore tipicsus tU .tsmutcid aetalp essatibah cah nI.orebil tu tnudicnit ,des tirerdneh a ropmet ,merol euqen deS .merol sitanenev sumixam ,cen rolod cen arreviv ,im icro tnesearP .isin cen adauselam ,rotcua allignirf a selados ,sucal assam mulubitseV .hbin silucai ,ue tse tauqesnoc ,arterahp neipas lev alluN .tse satsege siuq cnuN .subicuaf mutnemidnoc tege icro ranivlup ibroM .tare tidnalb surup sutcel subicuaf te ,merol atrop allun mine ,rotcua euqitsirt te siprut ,tarecalp siruaM .sutem ue tarecalp ,des ruticiffe des silucai ,cnun susir rutibaruC .mauq missingid lev rutibaruC.taiguef euqen tnudicnit a ,euqsirelecs maid di eugua dnefiele saneceaM .reprocmallu missingid di ", + "Segment/code_desc/s sutcel sumixam niorP.surup satsege secirtlu ,di euqen non selados ,sutcel tilev siruaM .icro ue otsuj tse adivarg tema tis ,neipas seicirtlu sutem oido ,sitanenev tauqesnoc eativ cnun ,tnudicnit nI .eugua tare siuq cnuN .silef adauselam ta cenoD .satsege siprut ca semaf adauselam te suten te sutcenes euqitsirt ibrom tnatibah euqsetnelleP .sillavnoc tilev adivarg non ,missingid hbin non mine teidrepmi cenoD .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO.hbin ue sutem sucal tidnalb te ,etna tirerdneh mine mine ,adauselam mutcid eativ muspi ,subicuaf regetnI .sutcul adauselam ca eugua dnefiele ecsuF .reprocmallu sutem adivarg tema tis ,adauselam mes di ucra taptulov tnesearP .tnudicnit sucnohr tse ca euqen di ecsuF .im tema tis cen ainical sutcul mauq ni sutcel des cnuN .ropmet cen tilev tema tis subicuaf ecsuF .mauqila siprut domsiue ue ,domsiue merol lev ucra mutcid sarC .tare eranro ,eativ otsuj rutetcesnoc ,tnudicnit cnun a saneceaM .adauselam odommoc sore ue supmet essidnepsuS .ranivlup te isin ca ranivlup rutibaruC .rotrot a tu muiterp tidnalb susir ca angam lev alluN .sucal dnefiele ,rotittrop muspi ruticiffe ,murtur orebil tema tis cnuN .rolod lev tarecalp adivarg susruc alugil ainical mine ta tU.oel taiguef non cenoD .sullet teuqila tege nI .tsmutcid aetalp essatibah cah nI .suirav tarecalp hbin siuq tile subinif cenoD .tauqesnoc eitselom non hbin arterahp tnesearP .tauqesnoc allignirf sutcul sumaviV .tse ni tare neipas tipicsus cen ,maid murtur angam anru ,tarecalp alucihev tege otsuj ,rutetcesnoc euqsetnelleP .etna cen teidrepmi rutetcesnoc supmet sore non lsin lev malluN.arterahp arreviv muspi ni mauq nasmucca ecsuF .silef ni ropmet ,te sillavnoc lev teuqila ,merol rolod niorP .taptulov tare mauqilA .oido tema tis reprocmallu ,siuq mutnemidnoc tema tis nasmucca ,sore orebil ecsuF .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .taiguef alucihev icro lev anru seicirtlu niorP .rotrot sitrobol subicuaf ,lev rotrot mauqila alucihev ,im sucal euqsetnelleP .isin ucra tu saneceaM .niduticillos subipad non alugil taptulov maN .arreviv ropmet sitrobol rutibaruC .euqsetnellep missingid icro ni oel sillavnoc cenoD .hbin sucnohr des niorP .ta arreviv susir mulubitsev ca ,angam maid eitselom regetnI .maid anru ta niorP.alugil tirerdneh ,cen mes sisilicaf ,tarecalp rolod teuqila sarC .maid te sucal siprut mauqila eativ ,rotrot domsiue cnun maid ,ruticiffe mudnebib ta sore ,ropmet deS .rotrot etatupluv ta malluN .mes eativ ni mutcid ereusop maid tu icro tege nI .sillavnoc atrop iud eitselom ni ,tile siruam nasmucca niorP .te sillavnoc isin odommoc te ,maid taiguef mudretni mauqilA .mine seicirtlu lev sullesahP .orebil tema tis lsin neipas etatupluv ue ,isin niduticillos anru allun ,tnudicnit odommoc ni tare ,taiguef essidnepsuS .teeroal arreviv silucai essidnepsuS .non rutetcesnoc tse atrop ereusop ,otsuj silucai subipad sullesahP .sullet tu tu eugnoc selados hbin non alugil des mulubitseV .xe sucnohr ,tema tis orebil tarecalp ,mulubitsev hbin arterahp cenoD.taptulov tnudicnit cen ucra sillavnoc malluN .surup nasmucca sillom naeneA .susir mauqila sisilicaf ,eativ sutcul a ainical ,sullet mauq cenoD .murtur mutnemele taptulov sarC .des eugnoc orebil sittigas niduticillos ,maid oido tirerdneh siruaM .rolod mutcid ca sullesahP .tege alucihev lsin ereusop des ,neipas euqen seicirtlu saneceaM .tirerdneh etatupluv angam des im euqitsirt sumaviV .sore suirav arterahp ,rolod selados eativ maN .ni repmes sullet rutetcesnoc a ,otsuj taiguef ruticiffe maitE .icro neipas cen sumaviV .sucnohr rutetcesnoc tare ta tauqesnoc mauqilA.lev sillavnoc euqen selados des ,cnun hbin subicuaf deS .oel ca mutcid ,siuq alucihev tu tarecalp ,sutem allun ibroM .allignirf repmes mudretni euqsetnelleP .susruc icro ruticiffe non ,repmes icro tema tis allun etatupluv ecsuF .sittam susruc tile tema tis merol sittigas malluN .tare non di satsege ranivlup orebil eativ tile ca sarC .non sillavnoc surup rotittrop tu ,isin satsege tirerdneh niorP .allun ainical a euqsetnelleP .lsin ni non arterahp tipicsus mes a ucra des mulubitseV .otsuj tu allignirf ,tema tis taiguef tema tis dnefiele ,xe ucra naeneA .mine sumixam ta ,siprut sucnohr te nI .mutnemele rotrot mutnemidnoc te ,tarecalp mauq ni merol mutcid siruaM.surup subicuaf a tU .mes muiterp subicuaf ,ta sucal ta rotcua ,muspi muspi alluN .mauqila a mauq siuq mudnebib malluN .assam te euqen isin tidnalb a ,oel adivarg assam eugua ,sucnohr mudnebib cen eugua ,niduticillos sumaviV .ranivlup non susir rotittrop adivarg euqsetnelleP .anru te mutcid niduticillos selados icro selados cnun tege naeneA .subicuaf euqsirelecs silef di rotrot eitselom deS .subipad allignirf hbin des sutcel lev maN .eugnoc subinif adauselam tnesearP .sullet ranivlup mutnemidnoc ,cen angam a rotcua ,sutem sore mauqilA .lev tarecalp isin mutnemele ni ,icro ucra tirerdneh cnuN .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL.mauqila eativ tare a mudretni euqsetnelleP .soeanemih sotpecni rep ,artson aibunoc rep tneuqrot arotil da uqsoicos iticat tnetpa ssalC .euqsetnellep reprocmallu im di muspi sittigas niorP .rolod surup tema tis mauqilA .tege euqsetnellep siprut alucihev ta ,muspi subipad selados niorP .sutcel tare non cenoD .surup tege tarecalp ,niduticillos mutcid teidrepmi arreviv ,ucra silef maitE.sucnohr ue mauq niduticillos sillom tU .adivarg tema tis hbin reprocmallu tauqesnoc tnesearP .otsuj atrop dnefiele naeneA .subipad muiterp tu tilev ruticiffe naeneA .mine mudretni cen tU .ucra taiguef ,tu anru tnudicnit ,subicuaf tile ni ibroM .siruam atrop dnefiele ,eativ mes te teeroal ,tile iud maitE .neipas mutnemele eativ ,oido supmet tu malluN .assam ropmet ca naeneA .mudnebib alucihev allignirf deS.non domsiue siprut repmes eativ ,lsin tnudicnit repmes deS .siruam teeroal ,taptulov euqen eugnoc ,sillavnoc otsuj ca maN .oido sitrobol di ibroM .sullet di muspi muspi taiguef te ,siprut sitanenev rotrot silef ,atrop tirerdneh di tilev ,muiterp euqsetnelleP .surup silucai ,tege oido supmet ,suirav susir a maitE .sitrobol sillom tnudicnit euqsetnelleP .euqitsirt cnun sittam a ,ereusop merol des allun allignirf ibroM .sisilicaf sittam tile ta tare di maN .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .dnefiele supmet eativ surup taiguef rutibaruC .sumixam ruticiffe oido tipicsus tu ,orebil siruam sillom deS .eugua teeroal cen ,oido domsiue des ecsuF.rotittrop tile sittam des ,satsege susir te xe selados essidnepsuS .mes lev tnudicnit ,missingid sucnohr ni murtur ,sore tile sarC .isin murtur a maN .ranivlup atrop a silef secirtlu cenoD .sum sulucidir rutecsan ,setnom tneirutrap sid singam te subitanep euqotan suirav icrO .sucal eranro lev tnesearP .anru ni anru siruam tirerdneh tema tis ,cnun atrop rotrot rolod ,arreviv alucihev di hbin ,sillom ibroM .tare sitrobol ,muiterp sucal atrop ,rotittrop angam ue tnesearP .subicuaf ni simirp muspi etna ca semaf adauselam te mudretnI .anru euqsirelecs ta siuD .eugua tipicsus teeroal ,ta orebil te arterahp ,mes ucra maitE .im missingid te ,silef sisilicaf siuq niorP .muspi tnudicnit ni sullesahP .cnun des susir anru mutnemref tema tis ,eugua selados etna icro ,domsiue mulubitsev a hbin ,sitrobol sarC .iud subinif ,di silef silucai ,reprocmallu sore a sullesahP .satsege eativ assam ereusop arreviv cenoD.mine sucal a essidnepsuS .susruc mutnemidnoc subicuaf malluN .xe arterahp siuq sumaviV .sillom alucihev orebil di etna dnefiele cenoD .alucihev tauqesnoc siuq assam sumixam malluN .secirtlu ucra tipicsus tege ,mutcid susir ni oido arterahp regetnI .tile gnicsipida rutetcesnoc ,tema tis rolod muspi meroL .mine nasmucca mutcid ,cen surup siuq ruticiffe ,mes sore siruaM .mauqila cen alugil di satsege maitE .des rutetcesnoc tile arreviv des ,allun orebil murtur niorP .sutcel tnudicnit ,tege sutem mauqila ,sumixam neipas ca deS .euqsetnellep domsiue sittam saneceaM .cnun lev domsiue ,te sillom ue selados ,sullet iud deS .suirav tauqesnoc etna cen tare silucai mauqilA.repmes rolod tipicsus cen ,tauqesnoc merol des isin rotcua mauqilA .supmet adauselam mauq tege oel tu cenoD .angam xe non mauqilA .tse non taptulov ,tema tis eitselom lev tauqesnoc ,iud sutem sarC .adivarg euqitsirt anru a mine selados sumaviV .tauqesnoc supmet ucra dnefiele rolod mauqila alluN .siruam te des mutnemref adauselam isin ni rotrot di sullesahP.tauqesnoc tema tis sutcel sucnohr seicirtlu tU .mutcid sillavnoc ca etna tidnalb alluN .ucra arterahp eranro ,non oido tu arterahp ,merol lsin nI .tse anru mutcid euqsetnelleP .ca sitrobol euqen subinif non ,hbin adauselam sittigas regetnI .sitanenev tnudicnit isin tu sutcel arreviv cenoD .eitselom tauqesnoc isin tu rolod tnudicnit alluN .supmet ca oido lev sitrobol deS .sitanenev murtur secirtlu deS .mine mudnebib ni alluN .subipad tirerdneh orebil tu sore tipicsus tU .tsmutcid aetalp essatibah cah nI.orebil tu tnudicnit ,des tirerdneh a ropmet ,merol euqen deS .merol sitanenev sumixam ,cen rolod cen arreviv ,im icro tnesearP .isin cen adauselam ,rotcua allignirf a selados ,sucal assam mulubitseV .hbin silucai ,ue tse tauqesnoc ,arterahp neipas lev alluN .tse satsege siuq cnuN .subicuaf mutnemidnoc tege icro ranivlup ibroM .tare tidnalb surup sutcel subicuaf te ,merol atrop allun mine ,rotcua euqitsirt te siprut ,tarecalp siruaM .sutem ue tarecalp ,des ruticiffe des silucai ,cnun susir rutibaruC .mauq missingid lev rutibaruC.taiguef euqen tnudicnit a ,euqsirelecs maid di eugua dnefiele saneceaM .reprocmallu missingid di", "HDF2ASFF-converter/warning/Not all information was captured in this entry. Please consult the original file for all of the information." ] }, diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json index 3740c4e6c5..33b2a33882 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf-with-raw.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { @@ -29,6 +29,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -69,6 +70,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -109,6 +111,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -149,6 +152,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -189,6 +193,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -229,6 +234,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -269,6 +275,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -309,6 +316,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -349,6 +357,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -389,6 +398,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -429,6 +439,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -469,6 +480,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -509,6 +521,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -549,6 +562,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -589,6 +603,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -629,6 +644,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -669,6 +685,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -709,6 +726,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -749,6 +767,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -789,6 +808,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -829,6 +849,7 @@ "nist": [ "SC-3" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -869,6 +890,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -909,6 +931,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -949,6 +972,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -989,6 +1013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1029,6 +1054,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1069,6 +1095,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1109,6 +1136,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1149,6 +1177,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1189,6 +1218,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1229,6 +1259,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1269,6 +1300,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1309,6 +1341,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1349,6 +1382,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1389,6 +1423,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1429,6 +1464,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1469,6 +1505,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1509,6 +1546,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1549,6 +1587,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1589,6 +1628,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1629,6 +1669,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1669,6 +1710,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1709,6 +1751,7 @@ "nist": [ "CM-3 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1749,6 +1792,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1789,6 +1833,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1829,6 +1874,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1869,6 +1915,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1909,6 +1956,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1949,6 +1997,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1989,6 +2038,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2029,6 +2079,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2069,6 +2120,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2109,6 +2161,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2149,6 +2202,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2189,6 +2243,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2229,6 +2284,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2269,6 +2325,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2309,6 +2366,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2349,6 +2407,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2389,6 +2448,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2429,6 +2489,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2469,6 +2530,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2509,6 +2571,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2549,6 +2612,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2589,6 +2653,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2629,6 +2694,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2669,6 +2735,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2709,6 +2776,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2749,6 +2817,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2789,6 +2858,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2829,6 +2899,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2869,6 +2940,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2909,6 +2981,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2949,6 +3022,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2989,6 +3063,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3029,6 +3104,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3069,6 +3145,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3109,6 +3186,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3149,6 +3227,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3189,6 +3268,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3229,6 +3309,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3269,6 +3350,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3309,6 +3391,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3349,6 +3432,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3389,6 +3473,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3429,6 +3514,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3469,6 +3555,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3509,6 +3596,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3549,6 +3637,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3589,6 +3678,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3629,6 +3719,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3669,6 +3760,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3709,6 +3801,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3749,6 +3842,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3789,6 +3883,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3829,6 +3924,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3869,6 +3965,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3909,6 +4006,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3949,6 +4047,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3989,6 +4088,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4029,6 +4129,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4069,6 +4170,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4109,6 +4211,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4149,6 +4252,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4189,6 +4293,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4229,6 +4334,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4269,6 +4375,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4309,6 +4416,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4349,6 +4457,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4389,6 +4498,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4429,6 +4539,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4469,6 +4580,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4509,6 +4621,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4549,6 +4662,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4589,6 +4703,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4629,6 +4744,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4669,6 +4785,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4709,6 +4826,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4749,6 +4867,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4789,6 +4908,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4829,6 +4949,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4869,6 +4990,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4909,6 +5031,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4949,6 +5072,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4989,6 +5113,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5029,6 +5154,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5069,6 +5195,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5109,6 +5236,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5149,6 +5277,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5189,6 +5318,7 @@ "nist": [ "AC-11 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5229,6 +5359,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5269,6 +5400,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5309,6 +5441,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5349,6 +5482,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5389,6 +5523,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5429,6 +5564,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5469,6 +5605,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5509,6 +5646,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5549,6 +5687,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5589,6 +5728,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5629,6 +5769,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5669,6 +5810,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5709,6 +5851,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5749,6 +5892,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5789,6 +5933,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5829,6 +5974,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5869,6 +6015,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5909,6 +6056,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5949,6 +6097,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5989,6 +6138,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6029,6 +6179,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6069,6 +6220,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6109,6 +6261,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6149,6 +6302,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6189,6 +6343,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6229,6 +6384,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6269,6 +6425,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6309,6 +6466,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6349,6 +6507,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6389,6 +6548,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6429,6 +6589,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6469,6 +6630,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6509,6 +6671,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6549,6 +6712,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6589,6 +6753,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6629,6 +6794,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6669,6 +6835,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6709,6 +6876,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6749,6 +6917,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6789,6 +6958,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6829,6 +6999,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6869,6 +7040,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6909,6 +7081,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6949,6 +7122,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6989,6 +7163,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7029,6 +7204,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7069,6 +7245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7109,6 +7286,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7149,6 +7327,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7189,6 +7368,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7229,6 +7409,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7269,6 +7450,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7309,6 +7491,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7349,6 +7532,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7389,6 +7573,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7429,6 +7614,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7469,6 +7655,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7509,6 +7696,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7549,6 +7737,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7589,6 +7778,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7629,6 +7819,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7669,6 +7860,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7709,6 +7901,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7749,6 +7942,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7789,6 +7983,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7829,6 +8024,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7869,6 +8065,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7909,6 +8106,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7949,6 +8147,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7989,6 +8188,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8029,6 +8229,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8069,6 +8270,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8109,6 +8311,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8149,6 +8352,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8189,6 +8393,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8229,6 +8434,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8269,6 +8475,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8309,6 +8516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8349,6 +8557,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8389,6 +8598,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8429,6 +8639,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8469,6 +8680,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8509,6 +8721,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8549,6 +8762,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8589,6 +8803,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8629,6 +8844,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8669,6 +8885,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8709,6 +8926,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8749,6 +8967,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8789,6 +9008,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8829,6 +9049,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8869,6 +9090,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8909,6 +9131,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8949,6 +9172,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8989,6 +9213,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9029,6 +9254,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9069,6 +9295,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9109,6 +9336,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9149,6 +9377,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9189,6 +9418,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9229,6 +9459,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9269,6 +9500,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9309,6 +9541,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9349,6 +9582,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9389,6 +9623,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9429,6 +9664,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9469,6 +9705,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9509,6 +9746,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9549,6 +9787,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9589,6 +9828,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9629,6 +9869,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9669,6 +9910,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9709,6 +9951,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9749,6 +9992,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9789,6 +10033,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9829,6 +10074,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9869,6 +10115,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9909,6 +10156,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9949,6 +10197,7 @@ "nist": [ "AU-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9989,6 +10238,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10029,6 +10279,7 @@ "nist": [ "AU-12 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10069,6 +10320,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10109,6 +10361,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10149,6 +10402,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10189,6 +10443,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10229,6 +10484,7 @@ "nist": [ "AU-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10269,6 +10525,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10309,6 +10566,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10349,6 +10607,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10389,6 +10648,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10429,6 +10689,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10469,6 +10730,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10509,6 +10771,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10549,6 +10812,7 @@ "nist": [ "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10589,6 +10853,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10629,6 +10894,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10669,6 +10935,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10709,6 +10976,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10749,6 +11017,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10789,6 +11058,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10829,6 +11099,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10869,6 +11140,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10909,6 +11181,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10949,6 +11222,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10989,6 +11263,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11029,6 +11304,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11069,6 +11345,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11109,6 +11386,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11149,6 +11427,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11189,6 +11468,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11229,6 +11509,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11269,6 +11550,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11309,6 +11591,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11349,6 +11632,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11389,6 +11673,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11429,6 +11714,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11469,6 +11755,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11509,6 +11796,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11549,6 +11837,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11589,6 +11878,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11629,6 +11919,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11669,6 +11960,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11709,6 +12001,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11749,6 +12042,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11789,6 +12083,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11829,6 +12124,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11869,6 +12165,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11909,6 +12206,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11949,6 +12247,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11989,6 +12288,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12029,6 +12329,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12069,6 +12370,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12109,6 +12411,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12149,6 +12452,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12189,6 +12493,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12229,6 +12534,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12269,6 +12575,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12309,6 +12616,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12349,6 +12657,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12389,6 +12698,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12429,6 +12739,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12469,6 +12780,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12509,6 +12821,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12549,6 +12862,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12589,6 +12903,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12629,6 +12944,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12669,6 +12985,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12709,6 +13026,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12749,6 +13067,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12789,6 +13108,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12829,6 +13149,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12869,6 +13190,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12909,6 +13231,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12949,6 +13272,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12989,6 +13313,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13029,6 +13354,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13069,6 +13395,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13109,6 +13436,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13149,6 +13477,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13189,6 +13518,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13229,6 +13559,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13269,6 +13600,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13309,6 +13641,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13349,6 +13682,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13389,6 +13723,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13429,6 +13764,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13469,6 +13805,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13509,6 +13846,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13549,6 +13887,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13589,6 +13928,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13629,6 +13969,7 @@ "nist": [ "AC-6 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13669,6 +14010,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13709,6 +14051,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13749,6 +14092,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13789,6 +14133,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13829,6 +14174,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13869,6 +14215,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13909,6 +14256,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13949,6 +14297,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13989,6 +14338,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14029,6 +14379,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14069,6 +14420,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14109,6 +14461,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14149,6 +14502,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14189,6 +14543,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14229,6 +14584,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14269,6 +14625,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14309,6 +14666,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14349,6 +14707,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14389,6 +14748,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14429,6 +14789,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14469,6 +14830,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14509,6 +14871,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14549,6 +14912,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14589,6 +14953,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14629,6 +14994,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14669,6 +15035,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14709,6 +15076,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14749,6 +15117,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14789,6 +15158,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14829,6 +15199,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14869,6 +15240,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14909,6 +15281,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14949,6 +15322,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14989,6 +15363,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15029,6 +15404,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15069,6 +15445,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15109,6 +15486,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15149,6 +15527,7 @@ "nist": [ "SI-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15178,7 +15557,7 @@ ] } ], - "sha256": "26f379f219eaff4c05580e7e4524d88f106f588d65426733aeeebb4e1ff6b3f1" + "sha256": "08034dcfc6ba3541b6d167c9cbaa8e4b67683e70414542af441959d2ee3be74c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json index 3740c4e6c5..33b2a33882 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/checklist-RHEL8V1R3-hdf.json @@ -1,9 +1,9 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { @@ -29,6 +29,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -69,6 +70,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -109,6 +111,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -149,6 +152,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -189,6 +193,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -229,6 +234,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -269,6 +275,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -309,6 +316,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -349,6 +357,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -389,6 +398,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -429,6 +439,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -469,6 +480,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -509,6 +521,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -549,6 +562,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -589,6 +603,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -629,6 +644,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -669,6 +685,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -709,6 +726,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -749,6 +767,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -789,6 +808,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -829,6 +849,7 @@ "nist": [ "SC-3" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -869,6 +890,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -909,6 +931,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -949,6 +972,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -989,6 +1013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1029,6 +1054,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1069,6 +1095,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1109,6 +1136,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1149,6 +1177,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1189,6 +1218,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1229,6 +1259,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1269,6 +1300,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1309,6 +1341,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1349,6 +1382,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1389,6 +1423,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1429,6 +1464,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1469,6 +1505,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1509,6 +1546,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1549,6 +1587,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1589,6 +1628,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1629,6 +1669,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1669,6 +1710,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1709,6 +1751,7 @@ "nist": [ "CM-3 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1749,6 +1792,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1789,6 +1833,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1829,6 +1874,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1869,6 +1915,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1909,6 +1956,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1949,6 +1997,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -1989,6 +2038,7 @@ "nist": [ "SC-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2029,6 +2079,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2069,6 +2120,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2109,6 +2161,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2149,6 +2202,7 @@ "nist": [ "IA-2 (11)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2189,6 +2243,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2229,6 +2284,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2269,6 +2325,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2309,6 +2366,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2349,6 +2407,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2389,6 +2448,7 @@ "nist": [ "SI-16" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2429,6 +2489,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2469,6 +2530,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2509,6 +2571,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2549,6 +2612,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2589,6 +2653,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2629,6 +2694,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2669,6 +2735,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2709,6 +2776,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2749,6 +2817,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2789,6 +2858,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2829,6 +2899,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2869,6 +2940,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2909,6 +2981,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2949,6 +3022,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -2989,6 +3063,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3029,6 +3104,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3069,6 +3145,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3109,6 +3186,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3149,6 +3227,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3189,6 +3268,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3229,6 +3309,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3269,6 +3350,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3309,6 +3391,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3349,6 +3432,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3389,6 +3473,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3429,6 +3514,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3469,6 +3555,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3509,6 +3596,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3549,6 +3637,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3589,6 +3678,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3629,6 +3719,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3669,6 +3760,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3709,6 +3801,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3749,6 +3842,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3789,6 +3883,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3829,6 +3924,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3869,6 +3965,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3909,6 +4006,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3949,6 +4047,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -3989,6 +4088,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4029,6 +4129,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4069,6 +4170,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4109,6 +4211,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4149,6 +4252,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4189,6 +4293,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4229,6 +4334,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4269,6 +4375,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4309,6 +4416,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4349,6 +4457,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4389,6 +4498,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4429,6 +4539,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4469,6 +4580,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4509,6 +4621,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4549,6 +4662,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4589,6 +4703,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4629,6 +4744,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4669,6 +4785,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4709,6 +4826,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4749,6 +4867,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4789,6 +4908,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4829,6 +4949,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4869,6 +4990,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4909,6 +5031,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4949,6 +5072,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -4989,6 +5113,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5029,6 +5154,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5069,6 +5195,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5109,6 +5236,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5149,6 +5277,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5189,6 +5318,7 @@ "nist": [ "AC-11 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5229,6 +5359,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5269,6 +5400,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5309,6 +5441,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5349,6 +5482,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5389,6 +5523,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5429,6 +5564,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5469,6 +5605,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5509,6 +5646,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5549,6 +5687,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5589,6 +5728,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5629,6 +5769,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5669,6 +5810,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5709,6 +5851,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5749,6 +5892,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5789,6 +5933,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5829,6 +5974,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5869,6 +6015,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5909,6 +6056,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5949,6 +6097,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -5989,6 +6138,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6029,6 +6179,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6069,6 +6220,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6109,6 +6261,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6149,6 +6302,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6189,6 +6343,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6229,6 +6384,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6269,6 +6425,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6309,6 +6466,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6349,6 +6507,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6389,6 +6548,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6429,6 +6589,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6469,6 +6630,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6509,6 +6671,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6549,6 +6712,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6589,6 +6753,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6629,6 +6794,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6669,6 +6835,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6709,6 +6876,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6749,6 +6917,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6789,6 +6958,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6829,6 +6999,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6869,6 +7040,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6909,6 +7081,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6949,6 +7122,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -6989,6 +7163,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7029,6 +7204,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7069,6 +7245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7109,6 +7286,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7149,6 +7327,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7189,6 +7368,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7229,6 +7409,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7269,6 +7450,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7309,6 +7491,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7349,6 +7532,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7389,6 +7573,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7429,6 +7614,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7469,6 +7655,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7509,6 +7696,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7549,6 +7737,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7589,6 +7778,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7629,6 +7819,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7669,6 +7860,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7709,6 +7901,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7749,6 +7942,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7789,6 +7983,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7829,6 +8024,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7869,6 +8065,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7909,6 +8106,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7949,6 +8147,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -7989,6 +8188,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8029,6 +8229,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8069,6 +8270,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8109,6 +8311,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8149,6 +8352,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8189,6 +8393,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8229,6 +8434,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8269,6 +8475,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8309,6 +8516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8349,6 +8557,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8389,6 +8598,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8429,6 +8639,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8469,6 +8680,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8509,6 +8721,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8549,6 +8762,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8589,6 +8803,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8629,6 +8844,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8669,6 +8885,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8709,6 +8926,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8749,6 +8967,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8789,6 +9008,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8829,6 +9049,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8869,6 +9090,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8909,6 +9131,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8949,6 +9172,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -8989,6 +9213,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9029,6 +9254,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9069,6 +9295,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9109,6 +9336,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9149,6 +9377,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9189,6 +9418,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9229,6 +9459,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9269,6 +9500,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9309,6 +9541,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9349,6 +9582,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9389,6 +9623,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9429,6 +9664,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9469,6 +9705,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9509,6 +9746,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9549,6 +9787,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9589,6 +9828,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9629,6 +9869,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9669,6 +9910,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9709,6 +9951,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9749,6 +9992,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9789,6 +10033,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9829,6 +10074,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9869,6 +10115,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9909,6 +10156,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9949,6 +10197,7 @@ "nist": [ "AU-4" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -9989,6 +10238,7 @@ "nist": [ "AU-12 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10029,6 +10279,7 @@ "nist": [ "AU-12 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10069,6 +10320,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10109,6 +10361,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10149,6 +10402,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10189,6 +10443,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10229,6 +10484,7 @@ "nist": [ "AU-4" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10269,6 +10525,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10309,6 +10566,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10349,6 +10607,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10389,6 +10648,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10429,6 +10689,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10469,6 +10730,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10509,6 +10771,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10549,6 +10812,7 @@ "nist": [ "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10589,6 +10853,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10629,6 +10894,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10669,6 +10935,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10709,6 +10976,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10749,6 +11017,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10789,6 +11058,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10829,6 +11099,7 @@ "nist": [ "CM-7 a" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10869,6 +11140,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10909,6 +11181,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10949,6 +11222,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -10989,6 +11263,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11029,6 +11304,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11069,6 +11345,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11109,6 +11386,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11149,6 +11427,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11189,6 +11468,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11229,6 +11509,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11269,6 +11550,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11309,6 +11591,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11349,6 +11632,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11389,6 +11673,7 @@ "nist": [ "AC-18 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11429,6 +11714,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11469,6 +11755,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11509,6 +11796,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11549,6 +11837,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11589,6 +11878,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11629,6 +11919,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11669,6 +11960,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11709,6 +12001,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11749,6 +12042,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11789,6 +12083,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11829,6 +12124,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11869,6 +12165,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11909,6 +12206,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11949,6 +12247,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -11989,6 +12288,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12029,6 +12329,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12069,6 +12370,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12109,6 +12411,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12149,6 +12452,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12189,6 +12493,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12229,6 +12534,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12269,6 +12575,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12309,6 +12616,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12349,6 +12657,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12389,6 +12698,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12429,6 +12739,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12469,6 +12780,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12509,6 +12821,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12549,6 +12862,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12589,6 +12903,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12629,6 +12944,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12669,6 +12985,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12709,6 +13026,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12749,6 +13067,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12789,6 +13108,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12829,6 +13149,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12869,6 +13190,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12909,6 +13231,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12949,6 +13272,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -12989,6 +13313,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13029,6 +13354,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13069,6 +13395,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13109,6 +13436,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13149,6 +13477,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13189,6 +13518,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13229,6 +13559,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13269,6 +13600,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13309,6 +13641,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13349,6 +13682,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13389,6 +13723,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13429,6 +13764,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13469,6 +13805,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13509,6 +13846,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13549,6 +13887,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13589,6 +13928,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13629,6 +13969,7 @@ "nist": [ "AC-6 (5)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13669,6 +14010,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13709,6 +14051,7 @@ "nist": [ "AC-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13749,6 +14092,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13789,6 +14133,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13829,6 +14174,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13869,6 +14215,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13909,6 +14256,7 @@ "nist": [ "IA-7" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13949,6 +14297,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -13989,6 +14338,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14029,6 +14379,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14069,6 +14420,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14109,6 +14461,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14149,6 +14502,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14189,6 +14543,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14229,6 +14584,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14269,6 +14625,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14309,6 +14666,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14349,6 +14707,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14389,6 +14748,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14429,6 +14789,7 @@ "nist": [ "AC-11 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14469,6 +14830,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14509,6 +14871,7 @@ "nist": [ "AC-11 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14549,6 +14912,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14589,6 +14953,7 @@ "nist": [ "CM-6 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14629,6 +14994,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14669,6 +15035,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14709,6 +15076,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14749,6 +15117,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14789,6 +15158,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14829,6 +15199,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14869,6 +15240,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14909,6 +15281,7 @@ "nist": [ "SC-8" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14949,6 +15322,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -14989,6 +15363,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15029,6 +15404,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15069,6 +15445,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15109,6 +15486,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15149,6 +15527,7 @@ "nist": [ "SI-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Red Hat Enterprise Linux 8 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 23 Jul 2021" }, @@ -15178,7 +15557,7 @@ ] } ], - "sha256": "26f379f219eaff4c05580e7e4524d88f106f588d65426733aeeebb4e1ff6b3f1" + "sha256": "08034dcfc6ba3541b6d167c9cbaa8e4b67683e70414542af441959d2ee3be74c" } ], "passthrough": { diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-nessus.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-nessus.ckl index 595fe7c1c5..9a5918395c 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-nessus.ckl +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-nessus.ckl @@ -1,5 +1,5 @@ - + None @@ -122,7 +122,11 @@ Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -246,7 +250,11 @@ Following application CPE's matched on the remote system : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -403,7 +411,11 @@ Following application CPE's matched on the remote system : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -558,7 +570,11 @@ Scan duration : 388 sec Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -675,7 +691,11 @@ Please note the following : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -804,7 +824,11 @@ Protocol : LOCAL Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -917,7 +941,11 @@ Protocol : LOCAL Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1038,7 +1066,11 @@ for all planned checks. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1411,7 +1443,11 @@ remote host : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1532,7 +1568,11 @@ Note that both support programs require vendor contracts. Premier Support provi Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1654,7 +1694,11 @@ Notes: Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1787,7 +1831,11 @@ Notes: Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -1899,7 +1947,11 @@ Confidence level : 100 Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2017,7 +2069,11 @@ www.example.com[192.0.32.10] Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2131,7 +2187,11 @@ Different web servers may be hosted on name-based virtual hosts. :: MESSAGE The Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2396,7 +2456,11 @@ certificate authority : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2531,7 +2595,11 @@ certificate authority : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2649,7 +2717,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2782,7 +2854,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -2895,7 +2971,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -3011,7 +3091,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -3125,7 +3209,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -3239,7 +3327,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -3354,7 +3446,11 @@ There were no containers detected running on Docker. Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -3942,7 +4038,11 @@ root 17363 0.0 0.0 11496 3288 ? R 14:56 0:00 /bin/ps auxww Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -4466,7 +4566,11 @@ Groups : sssd Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -4578,7 +4682,11 @@ Groups : sssd Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -6951,7 +7059,11 @@ Groups : sssd Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7062,7 +7174,11 @@ Groups : sssd Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7174,7 +7290,11 @@ Groups : sssd Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7297,7 +7417,11 @@ Runtime : 1.93133 seconds Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7453,7 +7577,11 @@ The fields above are : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7564,7 +7692,11 @@ The fields above are : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7675,7 +7807,11 @@ The fields above are : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -7843,7 +7979,11 @@ The fields above are : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8049,7 +8189,11 @@ MIIDrjCCApagAwIBAgICURkwDQYJKoZIhvcNAQELBQAwgZ0xHDAaBgNVBAoME05lc3N1cyBVc2VycyBV Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8188,7 +8332,11 @@ MIIDrjCCApagAwIBAgICURkwDQYJKoZIhvcNAQELBQAwgZ0xHDAaBgNVBAoME05lc3N1cyBVc2VycyBV Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8346,7 +8494,11 @@ Response Body : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8459,7 +8611,11 @@ Response Body : Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8575,7 +8731,11 @@ Strict-Transport-Security: max-age=31536000 Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8688,7 +8848,11 @@ NessusWWW Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8803,7 +8967,11 @@ This plugin attempts to discover mDNS used by hosts residing on the same network Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -8916,7 +9084,11 @@ failed :: TEST Nessus was able to identify the remote service by its banner or b Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -9027,7 +9199,11 @@ failed :: TEST Nessus was able to identify the remote service by its banner or b Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -9138,7 +9314,11 @@ failed :: TEST Nessus was able to identify the remote service by its banner or b Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -9306,7 +9486,11 @@ failed :: TEST By sending a DUMP request to the portmapper, it was possible to e Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -9419,7 +9603,11 @@ The portmapper allows someone to get the port number of each RPC service running Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control @@ -9532,7 +9720,11 @@ The portmapper allows someone to get the port number of each RPC service running Third_Party_Tools - + { + "hdfSpecificData": { + "severity": "none" + } +} Mitigation_Control diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl new file mode 100644 index 0000000000..57f4a49f5b --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl @@ -0,0 +1,591 @@ + + + + + None + Computing + CUI + + + + + + + + false + + + + + + + + version + 0 + + + classification + UNCLASSIFIED + + + customname + {"hdfSpecificData":{"copyright":"SIMP Team","copyright_email":"simp-dev@googlegroups.com","maintainer":"SIMP Team","version":"0.2.0"}} + + + stigid + disa_stig-el7 + + + description + The `disa_stig-el7` inspec profile helps scan your system aginst the DISA RHEL7 STIG + + + filename + + + releaseinfo + Release: 2 + + + title + DISA RedHat Enterprise Linux 7 STIG - v1r4 + + + uuid + + + notice + Apache-2.0 + + + source + STIG.DOD.MIL + + + + + Vuln_Num + V-71849 + + + Severity + high + + + Group_Title + SRG-OS-000257-GPOS-00098 + + + Rule_ID + SV-86473r2_rule + + + Rule_Ver + RHEL-07-010010 + + + Rule_Title + The file permissions, ownership, and group membership of system files and commands must match the vendor values. + + + Vuln_Discuss + Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default. + + + IA_Controls + + + + Check_Content + Verify the file permissions, ownership, and group membership of +system files and commands match the vendor values. + +Check the file permissions, ownership, and group membership of system files and +commands with the following command: + +# rpm -Va | grep '^.M' + +If there is any output from the command indicating that the ownership or group +of a system file or command, or a system file, has permissions less restrictive +than the default, this is a finding. + + + Fix_Text + Run the following command to determine which package owns the +file: + +# rpm -qf <filename> + +Reset the permissions of files within a package with the following command: + +#rpm --setperms <packagename> + +Reset the user and group ownership of files within a package with the following +command: + +#rpm --setugids <packagename> + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + { + "hdfSpecificData": { + "severity": "critical", + "impact": 0.3 + } +} + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-001494 + + + CCI_REF + CCI-001496 + + Open + failed :: TEST not important :: MESSAGE not important + + + + + + + Vuln_Num + V-71855 + + + Severity + low + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-86479r2_rule + + + Rule_Ver + RHEL-07-010020 + + + Rule_Title + The cryptographic hash of system files and commands must match vendor +values. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + Verify the cryptographic hash of system files and commands +match the vendor values. + +Check the cryptographic hash of system files and commands with the following +command: + +Note: System configuration files (indicated by a "c" in the second column) +are expected to change over time. Unusual modifications should be investigated +through the system audit log. + +# rpm -Va | grep '^..5' + +If there is any output from the command for system binaries, this is a finding. + + + Fix_Text + Run the following command to determine which package owns the +file: + +# rpm -qf <filename> + +The package can be reinstalled from a yum repository using the command: + +# sudo yum reinstall <packagename> + +Alternatively, the package can be reinstalled from trusted media using the +command: + +# sudo rpm -Uvh <packagename> + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + { + "hdfSpecificData": { + "impact": 0.7 + } +} + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000663 + + Not_Reviewed + skipped :: TEST [] should all be in + + medium + This system is not important + + + + Vuln_Num + V-71859 + + + Severity + high + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-86483r3_rule + + + Rule_Ver + RHEL-07-010030 + + + Rule_Title + The operating system must display the Standard Mandatory DoD Notice +and Consent Banner before granting local or remote access to the system via a +graphical user logon. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + not important + + + Fix_Text + not important + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + { + "hdfSpecificData": { + "impact": 0.95, + "severity": "critical" + } +} + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000048 + + Open + failed :: TEST Command: `dconf read /org/gnome/login-screen/banner-message-enable` stdout.strip should cmp == "true" :: MESSAGE +expected: "true" + got: "" + +(compared using `cmp` matcher) + + + + + + + Vuln_Num + V-71861 + + + Severity + low + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-86485r3_rule + + + Rule_Ver + RHEL-07-010040 + + + Rule_Title + The operating system must display the approved Standard Mandatory DoD +Notice and Consent Banner before granting local or remote access to the system +via a graphical user logon. + + + Vuln_Discuss + not important + + + IA_Controls + + + + Check_Content + not important + + + Fix_Text + not important + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + { + "hdfSpecificData": { + "severity": "none", + "impact": 0.5 + } +} + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + DISA RedHat Enterprise Linux 7 STIG - v1r4 :: Version 0, Release: 2 + + + TargetKey + + + + STIG_UUID + + + + CCI_REF + CCI-000048 + + Open + failed :: TEST If no files specify the banner text then this is a finding should equal false :: MESSAGE +expected false + got true + + + + + + + \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl index a45b0dcdc0..c8b848b6c7 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/converted-rhel8_sample_oneOfEachControlStatus.ckl @@ -377,7 +377,7 @@ expected: "2.9-9.el8_6" Severity - low + high Group_Title diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json new file mode 100644 index 0000000000..8d064542e9 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json @@ -0,0 +1,289 @@ +{ + "platform": { + "name": "centos", + "release": "7.6.1810" + }, + "profiles": [ + { + "attributes": [], + "controls": [ + { + "code": "not important", + "desc": "Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.", + "descriptions": [ + { + "data": "Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.", + "label": "default" + }, + { + "data": "Verify the file permissions, ownership, and group membership of\nsystem files and commands match the vendor values.\n\nCheck the file permissions, ownership, and group membership of system files and\ncommands with the following command:\n\n# rpm -Va | grep '^.M'\n\nIf there is any output from the command indicating that the ownership or group\nof a system file or command, or a system file, has permissions less restrictive\nthan the default, this is a finding.", + "label": "check" + }, + { + "data": "Run the following command to determine which package owns the\nfile:\n\n# rpm -qf \n\nReset the permissions of files within a package with the following command:\n\n#rpm --setperms \n\nReset the user and group ownership of files within a package with the following\ncommand:\n\n#rpm --setugids ", + "label": "fix" + } + ], + "id": "V-71849", + "impact": 0.3, + "refs": [], + "results": [ + { + "code_desc": "not important", + "message": "not important", + "run_time": 0.00056624, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 16, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71849.rb" + }, + "tags": { + "gtitle": "SRG-OS-000257-GPOS-00098", + "satisfies": [ + "SRG-OS-000257-GPOS-00098", + "SRG-OS-000278-GPOS-00108" + ], + "gid": "V-71849", + "rid": "SV-86473r2_rule", + "stig_id": "RHEL-07-010010", + "cci": [ + "CCI-001494", + "CCI-001496" + ], + "documentable": false, + "nist": [ + "AU-9", + "AU-9 (3)", + "Rev_4" + ], + "subsystems": [ + "permissions", + "package", + "rpm" + ], + "fix_id": "F-78201r3_fix", + "severity": "critical" + }, + "title": "The file permissions, ownership, and group membership of system files and commands must match the vendor values." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "Verify the cryptographic hash of system files and commands\nmatch the vendor values.\n\nCheck the cryptographic hash of system files and commands with the following\ncommand:\n\nNote: System configuration files (indicated by a \"c\" in the second column)\nare expected to change over time. Unusual modifications should be investigated\nthrough the system audit log.\n\n# rpm -Va | grep '^..5'\n\nIf there is any output from the command for system binaries, this is a finding.", + "label": "check" + }, + { + "data": "Run the following command to determine which package owns the\nfile:\n\n# rpm -qf \n\nThe package can be reinstalled from a yum repository using the command:\n\n# sudo yum reinstall \n\nAlternatively, the package can be reinstalled from trusted media using the\ncommand:\n\n# sudo rpm -Uvh ", + "label": "fix" + } + ], + "id": "V-71855", + "impact": 0.7, + "refs": [], + "results": [ + { + "code_desc": "[] should all be in", + "run_time": 0.000103517, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "skipped" + } + ], + "source_location": { + "line": 15, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71855.rb" + }, + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "gid": "V-71855", + "rid": "SV-86479r2_rule", + "stig_id": "RHEL-07-010020", + "cci": [ + "CCI-000663" + ], + "documentable": false, + "nist": [ + "SA-7", + "Rev_4" + ], + "subsystems": [ + "rpm", + "package" + ], + "fix_id": "F-78207r1_fix", + "severity": "low", + "severityoverride": "medium", + "severityjustification": "This system is not important" + }, + "title": "The cryptographic hash of system files and commands must match vendor\nvalues." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "not important", + "label": "check" + }, + { + "data": "not important", + "label": "fix" + } + ], + "id": "V-71859", + "impact": 0.95, + "refs": [], + "results": [ + { + "code_desc": "Command: `dconf read /org/gnome/login-screen/banner-message-enable` stdout.strip should cmp == \"true\"", + "message": "\nexpected: \"true\"\n got: \"\"\n\n(compared using `cmp` matcher)\n", + "run_time": 0.017205426, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 14, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71859.rb" + }, + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "satisfies": [ + "SRG-OS-000023-GPOS-00006", + "SRG-OS-000024-GPOS-00007", + "SRG-OS-000228-GPOS-00088" + ], + "gid": "V-71859", + "rid": "SV-86483r3_rule", + "stig_id": "RHEL-07-010030", + "cci": [ + "CCI-000048" + ], + "documentable": false, + "nist": [ + "AC-8 a", + "Rev_4" + ], + "subsystem": [ + "gdm" + ], + "fix_id": "F-78211r4_fix" + }, + "title": "The operating system must display the Standard Mandatory DoD Notice\nand Consent Banner before granting local or remote access to the system via a\ngraphical user logon." + }, + { + "code": "not important", + "desc": "not important", + "descriptions": [ + { + "data": "not important", + "label": "default" + }, + { + "data": "not important", + "label": "check" + }, + { + "data": "not important", + "label": "fix" + } + ], + "id": "V-71861", + "impact": 0.5, + "refs": [], + "results": [ + { + "code_desc": "If no files specify the banner text then this is a finding should equal false", + "message": "\nexpected false\n got true\n", + "run_time": 0.001565842, + "start_time": "2019-11-04T16:17:07-05:00", + "status": "failed" + } + ], + "source_location": { + "line": 29, + "ref": "inspec-profile-disa_stig-el7-master/controls/V-71861.rb" + }, + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "satisfies": [ + "SRG-OS-000023-GPOS-00006", + "SRG-OS-000024-GPOS-00007", + "SRG-OS-000228-GPOS-00088" + ], + "gid": "V-71861", + "rid": "SV-86485r3_rule", + "stig_id": "RHEL-07-010040", + "cci": [ + "CCI-000048" + ], + "documentable": false, + "nist": [ + "AC-8 a", + "Rev_4" + ], + "subsystems": [ + "gdm" + ], + "fix_id": "F-78213r5_fix", + "severity": "none" + }, + "title": "The operating system must display the approved Standard Mandatory DoD\nNotice and Consent Banner before granting local or remote access to the system\nvia a graphical user logon." + } + ], + "copyright": "SIMP Team", + "copyright_email": "simp-dev@googlegroups.com", + "groups": [ + { + "controls": [ + "V-71849" + ], + "id": "controls/V-71849.rb" + }, + { + "controls": [ + "V-71855" + ], + "id": "controls/V-71855.rb" + }, + { + "controls": [ + "V-71859" + ], + "id": "controls/V-71859.rb" + }, + { + "controls": [ + "V-71861" + ], + "id": "controls/V-71861.rb" + } + ], + "license": "Apache-2.0", + "maintainer": "SIMP Team", + "name": "disa_stig-el7", + "sha256": "d4ecb3e201285a383a4aa6af8d9028e8311cb1975af2b380f098a21c895246ff", + "status": "loaded", + "summary": "The `disa_stig-el7` inspec profile helps scan your system aginst the DISA RHEL7 STIG", + "supports": [], + "title": "DISA RedHat Enterprise Linux 7 STIG - v1r4", + "version": "0.2.0" + } + ], + "statistics": { + "duration": 10.681128104 + }, + "version": "4.16.0" +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.ckl new file mode 100644 index 0000000000..01b25edbcd --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.ckl @@ -0,0 +1,505 @@ + + + + + Member Server + Computing + CUI + valid + invalid + invalid + invalid + + Exchange Server + 5339 + false + + + + + + + + version + 1 + + + classification + UNCLASSIFIED + + + customname + + + stigid + Cisco_ASA_FW_STIG + + + description + This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. + + + filename + U_Cisco_ASA_Firewall_STIG_V1R4_Manual-xccdf.xml + + + releaseinfo + Release: 4 Benchmark Date: 27 Apr 2023 + + + title + Cisco ASA Firewall Security Technical Implementation Guide + + + uuid + b6a7cb18-6ffe-4a6e-9f44-60d514c98db9 + + + notice + terms-of-use + + + source + STIG.DOD.MIL + + + + + Vuln_Num + V-239852 + + + Severity + high + + + Group_Title + SRG-NET-000019-FW-000003 + + + Rule_ID + SV-239852r665842_rule + + + Rule_Ver + CASA-FW-000010 + + + Rule_Title + The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services. + + + Vuln_Discuss + Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic. + +The firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations. + + + IA_Controls + + + + Check_Content + Review the ASA configuration to determine if it only permits outbound traffic using authorized ports and services. + +Step 1: Verify that an ingress ACL has been applied to all internal interfaces as shown in the example below. + + interface GigabitEthernet0/0 + nameif INSIDE + security-level 100 + ip address 10.1.11.1 255.255.255.0 +… +… +… +access-group INSIDE _IN in interface INSIDE + +Step 2: Verify that the ingress ACL only allows outbound traffic using authorized ports and services as shown in the example below. + +access-list INSIDE _IN extended permit tcp any any eq www +access-list INSIDE _IN extended permit tcp any any eq https +access-list INSIDE _IN extended permit tcp any any eq … +access-list INSIDE _IN extended deny ip any any log + +If the ASA is not configured to only allow outbound traffic using authorized ports and services, this is a finding. + + + Fix_Text + Step 1: Configure the ingress ACL similar to the example below. + +ASA(config)# access-list INSIDE_INextended permit tcp any any eq https +ASA(config)# access-list INSIDE_INextended permit tcp any any eq http +ASA(config)# access-list INSIDE_INextended permit tcp any any eq … +ASA(config)# access-list INSIDE_INextended deny ip any any log + +Step 2: Apply the ACL inbound on all internal interfaces as shown in the example below. + +ASA(config)# access-group INSIDE_IN in interface INSIDE +ASA(config)# end + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023 + + + TargetKey + 5339 + + + STIG_UUID + 54b4701f-19a1-4d5b-9497-5be85f995362 + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-001414 + + Not_Reviewed + + + + + + + + Vuln_Num + V-239853 + + + Severity + medium + + + Group_Title + SRG-NET-000019-FW-000004 + + + Rule_ID + SV-239853r665845_rule + + + Rule_Ver + CASA-FW-000020 + + + Rule_Title + The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones. + + + Vuln_Discuss + Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events. + + + IA_Controls + + + + Check_Content + By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation. + +Review the ASA configuration and verify that the following command is not configured. + +asp rule-engine transactional-commit access-group + +If transactional-commit access-group has been configured, this is a finding. + + + Fix_Text + Remove the command asp rule-engine transactional-commit access-group + +ASA(config)# no asp rule-engine transactional-commit access-group + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023 + + + TargetKey + 5339 + + + STIG_UUID + 54b4701f-19a1-4d5b-9497-5be85f995362 + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-001414 + + Not_Reviewed + + + + + + + + Vuln_Num + V-239854 + + + Severity + medium + + + Group_Title + SRG-NET-000061-FW-000001 + + + Rule_ID + SV-239854r665848_rule + + + Rule_Ver + CASA-FW-000030 + + + Rule_Title + The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules. + + + Vuln_Discuss + Remote access devices (such as those providing remote access to network devices and information systems) that lack automated capabilities increase risk and make remote user access management difficult at best. + +Remote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. + +Automated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets). + + + IA_Controls + + + + Check_Content + Step 1: Verify that an ACL has been applied to the applicable VPN group policy via the vpn-filter attribute as shown in the example below. + +group-policy VPN_POLICY internal +group-policy VPN_POLICY attributes + … + … + … + vpn-filter value RESTRICT_VPN + +Step 2: Verify that the filter restricts traffic according to organization-defined filtering rules as shown in the example below. + +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.12 eq http +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.13 eq smtp +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp-data +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.15 eq domain +access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.16 eq sqlnet +access-list RESTRICT_VPN extended deny ip any any log + +Note: In the example above, assume that the client-assigned IP address pool is 10.10.10.0/24 and the local private network is 192.168.1.0/24. + +If the ASA is not configured to restrict VPN traffic according to organization-defined filtering rules, this is a finding. + + + Fix_Text + Step 1: Configure the ACL to restrict VPN traffic. + +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.12 eq http +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.13 eq smtp +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp-data +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.y host 192.168.1.15 eq domain +ASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.16 eq sqlnet +ASA(config)# access-list RESTRICT_VPN extended deny ip any any log +ASA(config)# exit + +Step 2: Apply the VPN filter to the applicable group policy as shown in the example below. + +ASA(config)# group-policy VPN_POLICY attributes +ASA(config-group-policy)# vpn-filter value RESTRICT_VPN +ASA(config-group-policy)# end + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023 + + + TargetKey + 5339 + + + STIG_UUID + 54b4701f-19a1-4d5b-9497-5be85f995362 + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000067 + + Not_Reviewed + + + + + + + + \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.json b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.json new file mode 100644 index 0000000000..690db6090e --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.json @@ -0,0 +1 @@ +{"platform":{"name":"Heimdall Tools","release":"2.10.8"},"version":"2.10.8","statistics":{},"profiles":[{"name":"Cisco_ASA_FW_STIG","version":"1","title":"Cisco ASA Firewall Security Technical Implementation Guide","summary":"This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.","license":"terms-of-use","supports":[],"attributes":[],"groups":[],"status":"loaded","controls":[{"tags":{"gtitle":"SRG-NET-000019-FW-000003","rid":"SV-239852r665842_rule","gid":"V-239852","stig_id":"CASA-FW-000010","cci":["CCI-001414"],"nist":["AC-4"],"weight":"10.0","STIGRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023"},"refs":[],"source_location":{},"title":"The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services.","id":"V-239852","desc":"Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.\n\nThe firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations.","descriptions":[{"data":"Review the ASA configuration to determine if it only permits outbound traffic using authorized ports and services.\n\nStep 1: Verify that an ingress ACL has been applied to all internal interfaces as shown in the example below.\n\n interface GigabitEthernet0/0\n nameif INSIDE\n security-level 100\n ip address 10.1.11.1 255.255.255.0\n…\n…\n…\naccess-group INSIDE _IN in interface INSIDE \n\nStep 2: Verify that the ingress ACL only allows outbound traffic using authorized ports and services as shown in the example below.\n\naccess-list INSIDE _IN extended permit tcp any any eq www \naccess-list INSIDE _IN extended permit tcp any any eq https \naccess-list INSIDE _IN extended permit tcp any any eq …\naccess-list INSIDE _IN extended deny ip any any log\n\nIf the ASA is not configured to only allow outbound traffic using authorized ports and services, this is a finding.","label":"check"},{"data":"Step 1: Configure the ingress ACL similar to the example below.\n\nASA(config)# access-list INSIDE_INextended permit tcp any any eq https\nASA(config)# access-list INSIDE_INextended permit tcp any any eq http\nASA(config)# access-list INSIDE_INextended permit tcp any any eq …\nASA(config)# access-list INSIDE_INextended deny ip any any log \n\nStep 2: Apply the ACL inbound on all internal interfaces as shown in the example below.\n\nASA(config)# access-group INSIDE_IN in interface INSIDE\nASA(config)# end","label":"fix"}],"impact":0.7,"code":"{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-239852\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-NET-000019-FW-000003\",\n \"ruleId\": \"SV-239852r665842_rule\",\n \"ruleVer\": \"CASA-FW-000010\",\n \"ruleTitle\": \"The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services.\",\n \"vulnDiscuss\": \"Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.\\n\\nThe firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Review the ASA configuration to determine if it only permits outbound traffic using authorized ports and services.\\n\\nStep 1: Verify that an ingress ACL has been applied to all internal interfaces as shown in the example below.\\n\\n interface GigabitEthernet0/0\\n nameif INSIDE\\n security-level 100\\n ip address 10.1.11.1 255.255.255.0\\n…\\n…\\n…\\naccess-group INSIDE _IN in interface INSIDE \\n\\nStep 2: Verify that the ingress ACL only allows outbound traffic using authorized ports and services as shown in the example below.\\n\\naccess-list INSIDE _IN extended permit tcp any any eq www \\naccess-list INSIDE _IN extended permit tcp any any eq https \\naccess-list INSIDE _IN extended permit tcp any any eq …\\naccess-list INSIDE _IN extended deny ip any any log\\n\\nIf the ASA is not configured to only allow outbound traffic using authorized ports and services, this is a finding.\",\n \"fixText\": \"Step 1: Configure the ingress ACL similar to the example below.\\n\\nASA(config)# access-list INSIDE_INextended permit tcp any any eq https\\nASA(config)# access-list INSIDE_INextended permit tcp any any eq http\\nASA(config)# access-list INSIDE_INextended permit tcp any any eq …\\nASA(config)# access-list INSIDE_INextended deny ip any any log \\n\\nStep 2: Apply the ACL inbound on all internal interfaces as shown in the example below.\\n\\nASA(config)# access-group INSIDE_IN in interface INSIDE\\nASA(config)# end\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023\",\n \"targetKey\": \"5339\",\n \"stigUuid\": \"54b4701f-19a1-4d5b-9497-5be85f995362\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001414\"\n}","results":[{"status":"skipped","code_desc":"","start_time":""}]},{"tags":{"gtitle":"SRG-NET-000019-FW-000004","rid":"SV-239853r665845_rule","gid":"V-239853","stig_id":"CASA-FW-000020","cci":["CCI-001414"],"nist":["AC-4"],"weight":"10.0","STIGRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023"},"refs":[],"source_location":{},"title":"The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.","id":"V-239853","desc":"Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events.","descriptions":[{"data":"By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation.\n\nReview the ASA configuration and verify that the following command is not configured.\n\nasp rule-engine transactional-commit access-group\n\nIf transactional-commit access-group has been configured, this is a finding.","label":"check"},{"data":"Remove the command asp rule-engine transactional-commit access-group\n\nASA(config)# no asp rule-engine transactional-commit access-group","label":"fix"}],"impact":0.5,"code":"{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-239853\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-NET-000019-FW-000004\",\n \"ruleId\": \"SV-239853r665845_rule\",\n \"ruleVer\": \"CASA-FW-000020\",\n \"ruleTitle\": \"The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.\",\n \"vulnDiscuss\": \"Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events.\",\n \"iaControls\": \"\",\n \"checkContent\": \"By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation.\\n\\nReview the ASA configuration and verify that the following command is not configured.\\n\\nasp rule-engine transactional-commit access-group\\n\\nIf transactional-commit access-group has been configured, this is a finding.\",\n \"fixText\": \"Remove the command asp rule-engine transactional-commit access-group\\n\\nASA(config)# no asp rule-engine transactional-commit access-group\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023\",\n \"targetKey\": \"5339\",\n \"stigUuid\": \"54b4701f-19a1-4d5b-9497-5be85f995362\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001414\"\n}","results":[{"status":"skipped","code_desc":"","start_time":""}]},{"tags":{"gtitle":"SRG-NET-000061-FW-000001","rid":"SV-239854r665848_rule","gid":"V-239854","stig_id":"CASA-FW-000030","cci":["CCI-000067"],"nist":["AC-17 (1)"],"weight":"10.0","STIGRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023"},"refs":[],"source_location":{},"title":"The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.","id":"V-239854","desc":"Remote access devices (such as those providing remote access to network devices and information systems) that lack automated capabilities increase risk and make remote user access management difficult at best.\n\nRemote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.\n\nAutomated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).","descriptions":[{"data":"Step 1: Verify that an ACL has been applied to the applicable VPN group policy via the vpn-filter attribute as shown in the example below.\n\ngroup-policy VPN_POLICY internal\ngroup-policy VPN_POLICY attributes\n …\n …\n …\n vpn-filter value RESTRICT_VPN\n\nStep 2: Verify that the filter restricts traffic according to organization-defined filtering rules as shown in the example below.\n\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.12 eq http \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.13 eq smtp \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp-data \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.15 eq domain\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.16 eq sqlnet\naccess-list RESTRICT_VPN extended deny ip any any log\n\nNote: In the example above, assume that the client-assigned IP address pool is 10.10.10.0/24 and the local private network is 192.168.1.0/24.\n\nIf the ASA is not configured to restrict VPN traffic according to organization-defined filtering rules, this is a finding.","label":"check"},{"data":"Step 1: Configure the ACL to restrict VPN traffic.\n\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.12 eq http\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.13 eq smtp\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp-data\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.y host 192.168.1.15 eq domain\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.16 eq sqlnet\nASA(config)# access-list RESTRICT_VPN extended deny ip any any log\nASA(config)# exit \n\nStep 2: Apply the VPN filter to the applicable group policy as shown in the example below.\n\nASA(config)# group-policy VPN_POLICY attributes \nASA(config-group-policy)# vpn-filter value RESTRICT_VPN \nASA(config-group-policy)# end","label":"fix"}],"impact":0.5,"code":"{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-239854\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-NET-000061-FW-000001\",\n \"ruleId\": \"SV-239854r665848_rule\",\n \"ruleVer\": \"CASA-FW-000030\",\n \"ruleTitle\": \"The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.\",\n \"vulnDiscuss\": \"Remote access devices (such as those providing remote access to network devices and information systems) that lack automated capabilities increase risk and make remote user access management difficult at best.\\n\\nRemote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.\\n\\nAutomated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).\",\n \"iaControls\": \"\",\n \"checkContent\": \"Step 1: Verify that an ACL has been applied to the applicable VPN group policy via the vpn-filter attribute as shown in the example below.\\n\\ngroup-policy VPN_POLICY internal\\ngroup-policy VPN_POLICY attributes\\n …\\n …\\n …\\n vpn-filter value RESTRICT_VPN\\n\\nStep 2: Verify that the filter restricts traffic according to organization-defined filtering rules as shown in the example below.\\n\\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.12 eq http \\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.13 eq smtp \\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp \\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp-data \\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.15 eq domain\\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.16 eq sqlnet\\naccess-list RESTRICT_VPN extended deny ip any any log\\n\\nNote: In the example above, assume that the client-assigned IP address pool is 10.10.10.0/24 and the local private network is 192.168.1.0/24.\\n\\nIf the ASA is not configured to restrict VPN traffic according to organization-defined filtering rules, this is a finding.\",\n \"fixText\": \"Step 1: Configure the ACL to restrict VPN traffic.\\n\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.12 eq http\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.13 eq smtp\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp-data\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.y host 192.168.1.15 eq domain\\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.16 eq sqlnet\\nASA(config)# access-list RESTRICT_VPN extended deny ip any any log\\nASA(config)# exit \\n\\nStep 2: Apply the VPN filter to the applicable group policy as shown in the example below.\\n\\nASA(config)# group-policy VPN_POLICY attributes \\nASA(config-group-policy)# vpn-filter value RESTRICT_VPN \\nASA(config-group-policy)# end\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023\",\n \"targetKey\": \"5339\",\n \"stigUuid\": \"54b4701f-19a1-4d5b-9497-5be85f995362\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000067\"\n}","results":[{"status":"skipped","code_desc":"","start_time":""}]}],"sha256":"e95afc1669cf34c003d03b654a44be5dec349f78e4054207a38b9692708df7cf"}],"passthrough":{"checklist":{"asset":{"role":"Member Server","assettype":"Computing","hostname":"valid","hostip":"invalid","hostmac":"invalid","hostfqdn":"invalid","marking":"CUI","targetcomment":"","techarea":"Exchange Server","targetkey":"5339","webordatabase":false,"webdbsite":"","webdbinstance":""},"stigs":[{"header":{"version":"1","classification":"UNCLASSIFIED","customname":"","stigid":"Cisco_ASA_FW_STIG","description":"This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.","filename":"U_Cisco_ASA_Firewall_STIG_V1R4_Manual-xccdf.xml","releaseinfo":"Release: 4 Benchmark Date: 27 Apr 2023","title":"Cisco ASA Firewall Security Technical Implementation Guide","uuid":"b6a7cb18-6ffe-4a6e-9f44-60d514c98db9","notice":"terms-of-use","source":"STIG.DOD.MIL"},"vulns":[{"status":"Not Reviewed","findingdetails":"","comments":"","severityoverride":"","severityjustification":"","vulnNum":"V-239852","severity":"high","groupTitle":"SRG-NET-000019-FW-000003","ruleId":"SV-239852r665842_rule","ruleVer":"CASA-FW-000010","ruleTitle":"The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services.","vulnDiscuss":"Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.\n\nThe firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations.","iaControls":"","checkContent":"Review the ASA configuration to determine if it only permits outbound traffic using authorized ports and services.\n\nStep 1: Verify that an ingress ACL has been applied to all internal interfaces as shown in the example below.\n\n interface GigabitEthernet0/0\n nameif INSIDE\n security-level 100\n ip address 10.1.11.1 255.255.255.0\n…\n…\n…\naccess-group INSIDE _IN in interface INSIDE \n\nStep 2: Verify that the ingress ACL only allows outbound traffic using authorized ports and services as shown in the example below.\n\naccess-list INSIDE _IN extended permit tcp any any eq www \naccess-list INSIDE _IN extended permit tcp any any eq https \naccess-list INSIDE _IN extended permit tcp any any eq …\naccess-list INSIDE _IN extended deny ip any any log\n\nIf the ASA is not configured to only allow outbound traffic using authorized ports and services, this is a finding.","fixText":"Step 1: Configure the ingress ACL similar to the example below.\n\nASA(config)# access-list INSIDE_INextended permit tcp any any eq https\nASA(config)# access-list INSIDE_INextended permit tcp any any eq http\nASA(config)# access-list INSIDE_INextended permit tcp any any eq …\nASA(config)# access-list INSIDE_INextended deny ip any any log \n\nStep 2: Apply the ACL inbound on all internal interfaces as shown in the example below.\n\nASA(config)# access-group INSIDE_IN in interface INSIDE\nASA(config)# end","falsePositives":"","falseNegatives":"","documentable":"false","mitigations":"","potentialImpact":"","thirdPartyTools":"","mitigationControl":"","responsibility":"","securityOverrideGuidance":"","checkContentRef":"M","weight":"10.0","class":"Unclass","stigRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023","targetKey":"5339","stigUuid":"54b4701f-19a1-4d5b-9497-5be85f995362","legacyId":"; ","cciRef":"CCI-001414"},{"status":"Not Reviewed","findingdetails":"","comments":"","severityoverride":"","severityjustification":"","vulnNum":"V-239853","severity":"medium","groupTitle":"SRG-NET-000019-FW-000004","ruleId":"SV-239853r665845_rule","ruleVer":"CASA-FW-000020","ruleTitle":"The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.","vulnDiscuss":"Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events.","iaControls":"","checkContent":"By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation.\n\nReview the ASA configuration and verify that the following command is not configured.\n\nasp rule-engine transactional-commit access-group\n\nIf transactional-commit access-group has been configured, this is a finding.","fixText":"Remove the command asp rule-engine transactional-commit access-group\n\nASA(config)# no asp rule-engine transactional-commit access-group","falsePositives":"","falseNegatives":"","documentable":"false","mitigations":"","potentialImpact":"","thirdPartyTools":"","mitigationControl":"","responsibility":"","securityOverrideGuidance":"","checkContentRef":"M","weight":"10.0","class":"Unclass","stigRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023","targetKey":"5339","stigUuid":"54b4701f-19a1-4d5b-9497-5be85f995362","legacyId":"; ","cciRef":"CCI-001414"},{"status":"Not Reviewed","findingdetails":"","comments":"","severityoverride":"","severityjustification":"","vulnNum":"V-239854","severity":"medium","groupTitle":"SRG-NET-000061-FW-000001","ruleId":"SV-239854r665848_rule","ruleVer":"CASA-FW-000030","ruleTitle":"The Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.","vulnDiscuss":"Remote access devices (such as those providing remote access to network devices and information systems) that lack automated capabilities increase risk and make remote user access management difficult at best.\n\nRemote access is access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.\n\nAutomated monitoring of remote access sessions allows organizations to detect cyberattacks and also ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smart phones, and tablets).","iaControls":"","checkContent":"Step 1: Verify that an ACL has been applied to the applicable VPN group policy via the vpn-filter attribute as shown in the example below.\n\ngroup-policy VPN_POLICY internal\ngroup-policy VPN_POLICY attributes\n …\n …\n …\n vpn-filter value RESTRICT_VPN\n\nStep 2: Verify that the filter restricts traffic according to organization-defined filtering rules as shown in the example below.\n\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.12 eq http \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.13 eq smtp \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.14 eq ftp-data \naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.15 eq domain\naccess-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.0 host 192.168.1.16 eq sqlnet\naccess-list RESTRICT_VPN extended deny ip any any log\n\nNote: In the example above, assume that the client-assigned IP address pool is 10.10.10.0/24 and the local private network is 192.168.1.0/24.\n\nIf the ASA is not configured to restrict VPN traffic according to organization-defined filtering rules, this is a finding.","fixText":"Step 1: Configure the ACL to restrict VPN traffic.\n\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.12 eq http\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.13 eq smtp\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.14 eq ftp-data\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255.y host 192.168.1.15 eq domain\nASA(config)# access-list RESTRICT_VPN extended permit tcp 10.0.0.0 255.255.255. host 192.168.1.16 eq sqlnet\nASA(config)# access-list RESTRICT_VPN extended deny ip any any log\nASA(config)# exit \n\nStep 2: Apply the VPN filter to the applicable group policy as shown in the example below.\n\nASA(config)# group-policy VPN_POLICY attributes \nASA(config-group-policy)# vpn-filter value RESTRICT_VPN \nASA(config-group-policy)# end","falsePositives":"","falseNegatives":"","documentable":"false","mitigations":"","potentialImpact":"","thirdPartyTools":"","mitigationControl":"","responsibility":"","securityOverrideGuidance":"","checkContentRef":"M","weight":"10.0","class":"Unclass","stigRef":"Cisco ASA Firewall Security Technical Implementation Guide :: Version 1, Release: 4 Benchmark Date: 27 Apr 2023","targetKey":"5339","stigUuid":"54b4701f-19a1-4d5b-9497-5be85f995362","legacyId":"; ","cciRef":"CCI-000067"}]}]},"metadata":{"vulidmapping":"id","marking":"CUI","hostname":"valid","hostfqdn":"invalid","hostmac":"invalid","hostip":"invalid","targetcomment":"","role":"Member Server","techarea":"Exchange Server","assettype":"Computing","webordatabase":"false","webdbsite":"","webdbinstance":"","profiles":[{"name":"Cisco ASA Firewall Security Technical Implementation Guide","title":"Cisco ASA Firewall Security Technical Implementation Guide","version":1,"releasenumber":4,"releasedate":"27 Apr 2023","showCalendar":false}]}}} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/small_ckl_overrides.ckl b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/small_ckl_overrides.ckl new file mode 100644 index 0000000000..69eaad38c6 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/sample_input_report/small_ckl_overrides.ckl @@ -0,0 +1,1592 @@ + + + + + None + Computing + CUI + + + + + + + 5551 + false + + + + + + + + version + 1 + + + classification + UNCLASSIFIED + + + customname + + + stigid + RHEL_9_STIG + + + description + This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. + + + filename + U_RHEL_9_STIG_V1R3_Manual-xccdf.xml + + + releaseinfo + Release: 3 Benchmark Date: 24 Apr 2024 + + + title + Red Hat Enterprise Linux 9 Security Technical Implementation Guide + + + uuid + 47e1d7ee-1fe2-4f8b-9914-3aaa2b6ace72 + + + notice + terms-of-use + + + source + STIG.DOD.MIL + + + + + Vuln_Num + V-257777 + + + Severity + high + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257777r925318_rule + + + Rule_Ver + RHEL-09-211010 + + + Rule_Title + RHEL 9 must be a vendor-supported release. + + + Vuln_Discuss + An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software. + +Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. + + + IA_Controls + + + + Check_Content + Verify that the version or RHEL 9 is vendor supported with the following command: + +$ cat /etc/redhat-release + +Red Hat Enterprise Linux release 9.2 (Plow) + +If the installed version of RHEL 9 is not supported, this is a finding. + + + Fix_Text + Upgrade to a supported version of RHEL 9. + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + Not_Applicable + + + medium + Testing both N/A and overidden + + + + Vuln_Num + V-257778 + + + Severity + medium + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257778r925321_rule + + + Rule_Ver + RHEL-09-211015 + + + Rule_Title + RHEL 9 vendor packaged system security patches and updates must be installed and up to date. + + + Vuln_Discuss + Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise. + + + IA_Controls + + + + Check_Content + Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy. + +Obtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed. + +Check that the available package security updates have been installed on the system with the following command: + +$ dnf history list | more + + ID | Command line | Date and time | Action(s) | Altered +------------------------------------------------------------------------------- + 70 | install aide | 2023-03-05 10:58 | Install | 1 + 69 | update -y | 2023-03-04 14:34 | Update | 18 EE + 68 | install vlc | 2023-02-21 17:12 | Install | 21 + 67 | update -y | 2023-02-21 17:04 | Update | 7 EE + +Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM. + +If the system is in noncompliance with the organizational patching policy, this is a finding. + + + Fix_Text + Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command: + +$ sudo dnf update + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + Open + + + low + Example of overridden severity + + + + Vuln_Num + V-257779 + + + Severity + medium + + + Group_Title + SRG-OS-000023-GPOS-00006 + + + Rule_ID + SV-257779r925324_rule + + + Rule_Ver + RHEL-09-211020 + + + Rule_Title + RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. + + + Vuln_Discuss + Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. + +System use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist. + +Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088 + + + IA_Controls + + + + Check_Content + Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon. + +Check that a banner is displayed at the command line login screen with the following command: + +$ sudo cat /etc/issue + +If the banner is set correctly it will return the following text: + +"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. + +By using this IS (which includes any device attached to this IS), you consent to the following conditions: + +-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. + +-At any time, the USG may inspect and seize data stored on this IS. + +-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. + +-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy. + +-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." + +If the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding. + + + Fix_Text + Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon. + +Edit the "/etc/issue" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is: + +"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. + +By using this IS (which includes any device attached to this IS), you consent to the following conditions: + +-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations. + +-At any time, the USG may inspect and seize data stored on this IS. + +-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose. + +-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy. + +-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + { + "hdfSpecificData": { + "impact": 1.0, + "severity": "critical" + } +} + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000048 + + + CCI_REF + CCI-001384 + + + CCI_REF + CCI-001385 + + + CCI_REF + CCI-001386 + + + CCI_REF + CCI-001387 + + + CCI_REF + CCI-001388 + + Open + + + high + Example high justification + + + + Vuln_Num + V-257780 + + + Severity + medium + + + Group_Title + SRG-OS-000191-GPOS-00080 + + + Rule_ID + SV-257780r939261_rule + + + Rule_Ver + RHEL-09-211025 + + + Rule_Title + RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool. + + + Vuln_Discuss + Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws. + +To support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement. + + + IA_Controls + + + + Check_Content + Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool. + +Check that the following package has been installed: + +$ sudo rpm -qa | grep -i mcafeetp + +If the "mcafeetp" package is not installed, this is a finding. + +Verify that the daemon is running: + +$ sudo ps -ef | grep -i mfetpd + +If the daemon is not running, this is a finding. + + + Fix_Text + Install and enable the latest McAfee ENSLTP package. + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-001233 + + Open + + + + + + + + Vuln_Num + V-257781 + + + Severity + medium + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257781r925330_rule + + + Rule_Ver + RHEL-09-211030 + + + Rule_Title + The graphical display manager must not be the default target on RHEL 9 unless approved. + + + Vuln_Discuss + Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented. + + + IA_Controls + + + + Check_Content + Verify that RHEL 9 is configured to boot to the command line: + +$ systemctl get-default + +multi-user.target + +If the system default target is not set to "multi-user.target" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding. + + + Fix_Text + Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command: + +$ sudo systemctl set-default multi-user.target + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + Open + + + + + + + + Vuln_Num + V-257782 + + + Severity + low + + + Group_Title + SRG-OS-000480-GPOS-00227 + + + Rule_ID + SV-257782r942961_rule + + + Rule_Ver + RHEL-09-211035 + + + Rule_Title + RHEL 9 must enable the hardware random number generator entropy gatherer service. + + + Vuln_Discuss + The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. + +The rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers). + + + IA_Controls + + + + Check_Content + Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable. + +Verify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command: + +$ systemctl is-active rngd + +active + +If the "rngd" service is not active, this is a finding. + + + Fix_Text + Install the rng-tools package with the following command: + +$ sudo dnf install rng-tools + +Then enable the rngd service run the following command: + +$ sudo systemctl enable --now rngd + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + NotAFinding + + + + + + + + Vuln_Num + V-257783 + + + Severity + medium + + + Group_Title + SRG-OS-000269-GPOS-00103 + + + Rule_ID + SV-257783r925336_rule + + + Rule_Ver + RHEL-09-211040 + + + Rule_Title + RHEL 9 systemd-journald service must be enabled. + + + Vuln_Discuss + In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes. + + + IA_Controls + + + + Check_Content + Verify that "systemd-journald" is active with the following command: + +$ systemctl is-active systemd-journald + +active + +If the systemd-journald service is not active, this is a finding. + + + Fix_Text + To enable the systemd-journald service, run the following command: + +$ sudo systemctl enable --now systemd-journald + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-001665 + + NotAFinding + + + + + + + + Vuln_Num + V-257784 + + + Severity + high + + + Group_Title + SRG-OS-000324-GPOS-00125 + + + Rule_ID + SV-257784r925339_rule + + + Rule_Ver + RHEL-09-211045 + + + Rule_Title + The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled. + + + Vuln_Discuss + A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken. + +Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227 + + + IA_Controls + + + + Check_Content + Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command: + +$ grep -i ctrl /etc/systemd/system.conf + +CtrlAltDelBurstAction=none + +If the "CtrlAltDelBurstAction" is not set to "none", commented out, or is missing, this is a finding. + + + Fix_Text + Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the "/etc/systemd/system.conf" configuration file: + +CtrlAltDelBurstAction=none + +Reload the daemon for this change to take effect. + +$ sudo systemctl daemon-reload + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + + CCI_REF + CCI-002235 + + Not_Reviewed + + + + + + + + Vuln_Num + V-257785 + + + Severity + high + + + Group_Title + SRG-OS-000324-GPOS-00125 + + + Rule_ID + SV-257785r925342_rule + + + Rule_Ver + RHEL-09-211050 + + + Rule_Title + The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9. + + + Vuln_Discuss + A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken. + +Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227 + + + IA_Controls + + + + Check_Content + Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command: + +$ sudo systemctl status ctrl-alt-del.target + +ctrl-alt-del.target +Loaded: masked (Reason: Unit ctrl-alt-del.target is masked.) +Active: inactive (dead) + +If the "ctrl-alt-del.target" is loaded and not masked, this is a finding. + + + Fix_Text + Configure RHEL 9 to disable the ctrl-alt-del.target with the following command: + +$ sudo systemctl disable --now ctrl-alt-del.target +$ sudo systemctl mask --now ctrl-alt-del.target + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + + CCI_REF + CCI-002235 + + Not_Reviewed + + + + + + + + Vuln_Num + V-257786 + + + Severity + medium + + + Group_Title + SRG-OS-000324-GPOS-00125 + + + Rule_ID + SV-257786r943026_rule + + + Rule_Ver + RHEL-09-211055 + + + Rule_Title + RHEL 9 debug-shell systemd service must be disabled. + + + Vuln_Discuss + The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted. + +Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227 + + + IA_Controls + + + + Check_Content + Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command: + +$ sudo systemctl status debug-shell.service + +debug-shell.service +Loaded: masked (Reason: Unit debug-shell.service is masked.) +Active: inactive (dead) + +If the "debug-shell.service" is loaded and not masked, this is a finding. + + + Fix_Text + Configure RHEL 9 to mask the debug-shell systemd service with the following command: + +$ sudo systemctl disable --now debug-shell.service +$ sudo systemctl mask --now debug-shell.service + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000366 + + + CCI_REF + CCI-002235 + + Not_Reviewed + + + + + + + + Vuln_Num + V-257787 + + + Severity + medium + + + Group_Title + SRG-OS-000080-GPOS-00048 + + + Rule_ID + SV-257787r925348_rule + + + Rule_Ver + RHEL-09-212010 + + + Rule_Title + RHEL 9 must require a boot loader superuser password. + + + Vuln_Discuss + To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement. + +Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode. + + + IA_Controls + + + + Check_Content + Verify the boot loader superuser password has been set and run the following command: + +$ sudo grep "superusers" /etc/grub2.cfg + +password_pbkdf2 superusers-account ${GRUB2_PASSWORD} + +To verify the boot loader superuser account password has been set, and the password encrypted, run the following command: + +$ sudo cat /boot/grub2/user.cfg + +GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC +2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0 +916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7 +0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 + +If a "GRUB2_PASSWORD" is not set, this is a finding. + + + Fix_Text + Configure RHEL 9 to require a grub bootloader password for the grub superuser account. + +Generate an encrypted grub2 password for the grub superuser account with the following command: + +$ sudo grub2-setpassword +Enter password: +Confirm password: + + + False_Positives + + + + False_Negatives + + + + Documentable + false + + + Mitigations + + + + Potential_Impact + + + + Third_Party_Tools + + + + Mitigation_Control + + + + Responsibility + + + + Security_Override_Guidance + + + + Check_Content_Ref + M + + + Weight + 10.0 + + + Class + Unclass + + + STIGRef + Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024 + + + TargetKey + 5551 + + + STIG_UUID + 4f55ab46-138a-4554-952f-4bf8523b04ec + + + LEGACY_ID + + + + LEGACY_ID + + + + CCI_REF + CCI-000213 + + Not_Reviewed + + + + + + + + \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/small_overrides_hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/small_overrides_hdf.json new file mode 100644 index 0000000000..105eabf3ce --- /dev/null +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/small_overrides_hdf.json @@ -0,0 +1,907 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "RHEL_9_STIG", + "version": "1", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "summary": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "license": "terms-of-use", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257777r925318_rule", + "gid": "V-257777", + "stig_id": "RHEL-09-211010", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Testing both N/A and overidden", + "severityoverride": "medium" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must be a vendor-supported release.", + "id": "V-257777", + "desc": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "descriptions": [ + { + "data": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "label": "check" + }, + { + "data": "Upgrade to a supported version of RHEL 9.", + "label": "fix" + } + ], + "impact": 0, + "code": "{\n \"status\": \"Not Applicable\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"medium\",\n \"severityjustification\": \"Testing both N/A and overidden\",\n \"vulnNum\": \"V-257777\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257777r925318_rule\",\n \"ruleVer\": \"RHEL-09-211010\",\n \"ruleTitle\": \"RHEL 9 must be a vendor-supported release.\",\n \"vulnDiscuss\": \"An operating system release is considered \\\"supported\\\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\\n\\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that the version or RHEL 9 is vendor supported with the following command:\\n\\n$ cat /etc/redhat-release \\n\\nRed Hat Enterprise Linux release 9.2 (Plow)\\n\\nIf the installed version of RHEL 9 is not supported, this is a finding.\",\n \"fixText\": \"Upgrade to a supported version of RHEL 9.\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257778r925321_rule", + "gid": "V-257778", + "stig_id": "RHEL-09-211015", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Example of overridden severity", + "severityoverride": "low" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "id": "V-257778", + "desc": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "descriptions": [ + { + "data": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "label": "check" + }, + { + "data": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "label": "fix" + } + ], + "impact": 0.3, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"low\",\n \"severityjustification\": \"Example of overridden severity\",\n \"vulnNum\": \"V-257778\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257778r925321_rule\",\n \"ruleVer\": \"RHEL-09-211015\",\n \"ruleTitle\": \"RHEL 9 vendor packaged system security patches and updates must be installed and up to date.\",\n \"vulnDiscuss\": \"Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\\n\\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\\n\\nCheck that the available package security updates have been installed on the system with the following command:\\n\\n$ dnf history list | more\\n\\n ID | Command line | Date and time | Action(s) | Altered \\n------------------------------------------------------------------------------- \\n 70 | install aide | 2023-03-05 10:58 | Install | 1 \\n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \\n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \\n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \\n\\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\\n\\nIf the system is in noncompliance with the organizational patching policy, this is a finding.\",\n \"fixText\": \"Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\\n\\n$ sudo dnf update\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000023-GPOS-00006", + "rid": "SV-257779r925324_rule", + "gid": "V-257779", + "stig_id": "RHEL-09-211020", + "cci": [ + "CCI-000048", + "CCI-001384", + "CCI-001385", + "CCI-001386", + "CCI-001387", + "CCI-001388" + ], + "nist": [ + "AC-8 a", + "AC-8 c 1", + "AC-8 c 2", + "AC-8 c 3" + ], + "severity": "critical", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "severityjustification": "Example high justification", + "severityoverride": "high" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "id": "V-257779", + "desc": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "descriptions": [ + { + "data": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "label": "fix" + } + ], + "impact": 1, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"high\",\n \"severityjustification\": \"Example high justification\",\n \"vulnNum\": \"V-257779\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000023-GPOS-00006\",\n \"ruleId\": \"SV-257779r925324_rule\",\n \"ruleVer\": \"RHEL-09-211020\",\n \"ruleTitle\": \"RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.\",\n \"vulnDiscuss\": \"Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\\n\\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\\n\\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\\n\\nCheck that a banner is displayed at the command line login screen with the following command:\\n\\n$ sudo cat /etc/issue\\n\\nIf the banner is set correctly it will return the following text:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\\n\\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\\n\\nEdit the \\\"/etc/issue\\\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\\n\\n\\\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\\n\\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\\n\\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\\n\\n-At any time, the USG may inspect and seize data stored on this IS.\\n\\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\\n\\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\\n\\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\\\"\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"{\\n \\\"hdfSpecificData\\\": {\\n \\\"impact\\\": 1.0,\\n \\\"severity\\\": \\\"critical\\\"\\n }\\n}\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000191-GPOS-00080", + "rid": "SV-257780r939261_rule", + "gid": "V-257780", + "stig_id": "RHEL-09-211025", + "cci": [ + "CCI-001233" + ], + "nist": [ + "SI-2 (2)" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.", + "id": "V-257780", + "desc": "Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\n\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.", + "descriptions": [ + { + "data": "Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\n\nCheck that the following package has been installed:\n\n$ sudo rpm -qa | grep -i mcafeetp\n\nIf the \"mcafeetp\" package is not installed, this is a finding.\n\nVerify that the daemon is running:\n\n$ sudo ps -ef | grep -i mfetpd\n\nIf the daemon is not running, this is a finding.", + "label": "check" + }, + { + "data": "Install and enable the latest McAfee ENSLTP package.", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257780\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000191-GPOS-00080\",\n \"ruleId\": \"SV-257780r939261_rule\",\n \"ruleVer\": \"RHEL-09-211025\",\n \"ruleTitle\": \"RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.\",\n \"vulnDiscuss\": \"Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\\n\\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\\n\\nCheck that the following package has been installed:\\n\\n$ sudo rpm -qa | grep -i mcafeetp\\n\\nIf the \\\"mcafeetp\\\" package is not installed, this is a finding.\\n\\nVerify that the daemon is running:\\n\\n$ sudo ps -ef | grep -i mfetpd\\n\\nIf the daemon is not running, this is a finding.\",\n \"fixText\": \"Install and enable the latest McAfee ENSLTP package.\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001233\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257781r925330_rule", + "gid": "V-257781", + "stig_id": "RHEL-09-211030", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The graphical display manager must not be the default target on RHEL 9 unless approved.", + "id": "V-257781", + "desc": "Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.", + "descriptions": [ + { + "data": "Verify that RHEL 9 is configured to boot to the command line:\n\n$ systemctl get-default\n\nmulti-user.target\n\nIf the system default target is not set to \"multi-user.target\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.", + "label": "check" + }, + { + "data": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Failed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257781\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257781r925330_rule\",\n \"ruleVer\": \"RHEL-09-211030\",\n \"ruleTitle\": \"The graphical display manager must not be the default target on RHEL 9 unless approved.\",\n \"vulnDiscuss\": \"Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that RHEL 9 is configured to boot to the command line:\\n\\n$ systemctl get-default\\n\\nmulti-user.target\\n\\nIf the system default target is not set to \\\"multi-user.target\\\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.\",\n \"fixText\": \"Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\\n\\n$ sudo systemctl set-default multi-user.target\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000480-GPOS-00227", + "rid": "SV-257782r942961_rule", + "gid": "V-257782", + "stig_id": "RHEL-09-211035", + "cci": [ + "CCI-000366" + ], + "nist": [ + "CM-6 b" + ], + "severity": "low", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must enable the hardware random number generator entropy gatherer service.", + "id": "V-257782", + "desc": "The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \n\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).", + "descriptions": [ + { + "data": "Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\n\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\n\n$ systemctl is-active rngd\n\nactive\n\nIf the \"rngd\" service is not active, this is a finding.", + "label": "check" + }, + { + "data": "Install the rng-tools package with the following command:\n\n$ sudo dnf install rng-tools\n\nThen enable the rngd service run the following command:\n\n$ sudo systemctl enable --now rngd", + "label": "fix" + } + ], + "impact": 0.3, + "code": "{\n \"status\": \"Passed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257782\",\n \"severity\": \"low\",\n \"groupTitle\": \"SRG-OS-000480-GPOS-00227\",\n \"ruleId\": \"SV-257782r942961_rule\",\n \"ruleVer\": \"RHEL-09-211035\",\n \"ruleTitle\": \"RHEL 9 must enable the hardware random number generator entropy gatherer service.\",\n \"vulnDiscuss\": \"The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \\n\\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).\",\n \"iaControls\": \"\",\n \"checkContent\": \"Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\\n\\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\\n\\n$ systemctl is-active rngd\\n\\nactive\\n\\nIf the \\\"rngd\\\" service is not active, this is a finding.\",\n \"fixText\": \"Install the rng-tools package with the following command:\\n\\n$ sudo dnf install rng-tools\\n\\nThen enable the rngd service run the following command:\\n\\n$ sudo systemctl enable --now rngd\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366\"\n}", + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000269-GPOS-00103", + "rid": "SV-257783r925336_rule", + "gid": "V-257783", + "stig_id": "RHEL-09-211040", + "cci": [ + "CCI-001665" + ], + "nist": [ + "SC-24" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 systemd-journald service must be enabled.", + "id": "V-257783", + "desc": "In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.", + "descriptions": [ + { + "data": "Verify that \"systemd-journald\" is active with the following command:\n\n$ systemctl is-active systemd-journald\n\nactive\n\nIf the systemd-journald service is not active, this is a finding.", + "label": "check" + }, + { + "data": "To enable the systemd-journald service, run the following command:\n\n$ sudo systemctl enable --now systemd-journald", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Passed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257783\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000269-GPOS-00103\",\n \"ruleId\": \"SV-257783r925336_rule\",\n \"ruleVer\": \"RHEL-09-211040\",\n \"ruleTitle\": \"RHEL 9 systemd-journald service must be enabled.\",\n \"vulnDiscuss\": \"In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify that \\\"systemd-journald\\\" is active with the following command:\\n\\n$ systemctl is-active systemd-journald\\n\\nactive\\n\\nIf the systemd-journald service is not active, this is a finding.\",\n \"fixText\": \"To enable the systemd-journald service, run the following command:\\n\\n$ sudo systemctl enable --now systemd-journald\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-001665\"\n}", + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257784r925339_rule", + "gid": "V-257784", + "stig_id": "RHEL-09-211045", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.", + "id": "V-257784", + "desc": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\n\n$ grep -i ctrl /etc/systemd/system.conf\n\nCtrlAltDelBurstAction=none\n\nIf the \"CtrlAltDelBurstAction\" is not set to \"none\", commented out, or is missing, this is a finding.", + "label": "check" + }, + { + "data": "Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \"/etc/systemd/system.conf\" configuration file:\n\nCtrlAltDelBurstAction=none\n\nReload the daemon for this change to take effect.\n\n$ sudo systemctl daemon-reload", + "label": "fix" + } + ], + "impact": 0.7, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257784\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257784r925339_rule\",\n \"ruleVer\": \"RHEL-09-211045\",\n \"ruleTitle\": \"The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.\",\n \"vulnDiscuss\": \"A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\\n\\n$ grep -i ctrl /etc/systemd/system.conf\\n\\nCtrlAltDelBurstAction=none\\n\\nIf the \\\"CtrlAltDelBurstAction\\\" is not set to \\\"none\\\", commented out, or is missing, this is a finding.\",\n \"fixText\": \"Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \\\"/etc/systemd/system.conf\\\" configuration file:\\n\\nCtrlAltDelBurstAction=none\\n\\nReload the daemon for this change to take effect.\\n\\n$ sudo systemctl daemon-reload\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257785r925342_rule", + "gid": "V-257785", + "stig_id": "RHEL-09-211050", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "high", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.", + "id": "V-257785", + "desc": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\n\n$ sudo systemctl status ctrl-alt-del.target\n\nctrl-alt-del.target\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\nActive: inactive (dead)\n\nIf the \"ctrl-alt-del.target\" is loaded and not masked, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\n\n$ sudo systemctl disable --now ctrl-alt-del.target\n$ sudo systemctl mask --now ctrl-alt-del.target", + "label": "fix" + } + ], + "impact": 0.7, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257785\",\n \"severity\": \"high\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257785r925342_rule\",\n \"ruleVer\": \"RHEL-09-211050\",\n \"ruleTitle\": \"The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.\",\n \"vulnDiscuss\": \"A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\\n\\n$ sudo systemctl status ctrl-alt-del.target\\n\\nctrl-alt-del.target\\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\\nActive: inactive (dead)\\n\\nIf the \\\"ctrl-alt-del.target\\\" is loaded and not masked, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\\n\\n$ sudo systemctl disable --now ctrl-alt-del.target\\n$ sudo systemctl mask --now ctrl-alt-del.target\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000324-GPOS-00125", + "rid": "SV-257786r943026_rule", + "gid": "V-257786", + "stig_id": "RHEL-09-211055", + "cci": [ + "CCI-000366", + "CCI-002235" + ], + "nist": [ + "CM-6 b", + "AC-6 (10)" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 debug-shell systemd service must be disabled.", + "id": "V-257786", + "desc": "The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "descriptions": [ + { + "data": "Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl status debug-shell.service\n\ndebug-shell.service\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\nActive: inactive (dead)\n\nIf the \"debug-shell.service\" is loaded and not masked, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl disable --now debug-shell.service\n$ sudo systemctl mask --now debug-shell.service", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257786\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000324-GPOS-00125\",\n \"ruleId\": \"SV-257786r943026_rule\",\n \"ruleVer\": \"RHEL-09-211055\",\n \"ruleTitle\": \"RHEL 9 debug-shell systemd service must be disabled.\",\n \"vulnDiscuss\": \"The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\\n\\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\\n\\n$ sudo systemctl status debug-shell.service\\n\\ndebug-shell.service\\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\\nActive: inactive (dead)\\n\\nIf the \\\"debug-shell.service\\\" is loaded and not masked, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to mask the debug-shell systemd service with the following command:\\n\\n$ sudo systemctl disable --now debug-shell.service\\n$ sudo systemctl mask --now debug-shell.service\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000366; CCI-002235\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + }, + { + "tags": { + "gtitle": "SRG-OS-000080-GPOS-00048", + "rid": "SV-257787r925348_rule", + "gid": "V-257787", + "stig_id": "RHEL-09-212010", + "cci": [ + "CCI-000213" + ], + "nist": [ + "AC-3" + ], + "severity": "medium", + "weight": "10.0", + "STIGRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024" + }, + "refs": [], + "source_location": {}, + "title": "RHEL 9 must require a boot loader superuser password.", + "id": "V-257787", + "desc": "To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\n\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.", + "descriptions": [ + { + "data": "Verify the boot loader superuser password has been set and run the following command:\n\n$ sudo grep \"superusers\" /etc/grub2.cfg \n\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \n\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\n\n$ sudo cat /boot/grub2/user.cfg \n\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \n\nIf a \"GRUB2_PASSWORD\" is not set, this is a finding.", + "label": "check" + }, + { + "data": "Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\n\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\n\n$ sudo grub2-setpassword\nEnter password:\nConfirm password:", + "label": "fix" + } + ], + "impact": 0.5, + "code": "{\n \"status\": \"Not Reviewed\",\n \"findingdetails\": \"\",\n \"comments\": \"\",\n \"severityoverride\": \"\",\n \"severityjustification\": \"\",\n \"vulnNum\": \"V-257787\",\n \"severity\": \"medium\",\n \"groupTitle\": \"SRG-OS-000080-GPOS-00048\",\n \"ruleId\": \"SV-257787r925348_rule\",\n \"ruleVer\": \"RHEL-09-212010\",\n \"ruleTitle\": \"RHEL 9 must require a boot loader superuser password.\",\n \"vulnDiscuss\": \"To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\\n\\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.\",\n \"iaControls\": \"\",\n \"checkContent\": \"Verify the boot loader superuser password has been set and run the following command:\\n\\n$ sudo grep \\\"superusers\\\" /etc/grub2.cfg \\n\\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \\n\\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\\n\\n$ sudo cat /boot/grub2/user.cfg \\n\\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \\n\\nIf a \\\"GRUB2_PASSWORD\\\" is not set, this is a finding.\",\n \"fixText\": \"Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\\n\\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\\n\\n$ sudo grub2-setpassword\\nEnter password:\\nConfirm password:\",\n \"falsePositives\": \"\",\n \"falseNegatives\": \"\",\n \"documentable\": \"false\",\n \"mitigations\": \"\",\n \"potentialImpact\": \"\",\n \"thirdPartyTools\": \"\",\n \"mitigationControl\": \"\",\n \"responsibility\": \"\",\n \"securityOverrideGuidance\": \"\",\n \"checkContentRef\": \"M\",\n \"weight\": \"10.0\",\n \"class\": \"Unclass\",\n \"stigRef\": \"Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024\",\n \"targetKey\": \"5551\",\n \"stigUuid\": \"4f55ab46-138a-4554-952f-4bf8523b04ec\",\n \"legacyId\": \"; \",\n \"cciRef\": \"CCI-000213\"\n}", + "results": [ + { + "status": "skipped", + "code_desc": "", + "start_time": "" + } + ] + } + ], + "sha256": "cd0150021884813f964483b2e543dd6458e106d0c6fa125852991525a9c1e0f8" + } + ], + "passthrough": { + "checklist": { + "asset": { + "role": "None", + "assettype": "Computing", + "hostname": "", + "hostip": "", + "hostmac": "", + "hostfqdn": "", + "marking": "CUI", + "targetcomment": "", + "techarea": "", + "targetkey": "5551", + "webordatabase": false, + "webdbsite": "", + "webdbinstance": "" + }, + "stigs": [ + { + "header": { + "version": "1", + "classification": "UNCLASSIFIED", + "customname": "", + "stigid": "RHEL_9_STIG", + "description": "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.", + "filename": "U_RHEL_9_STIG_V1R3_Manual-xccdf.xml", + "releaseinfo": "Release: 3 Benchmark Date: 24 Apr 2024", + "title": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide", + "uuid": "47e1d7ee-1fe2-4f8b-9914-3aaa2b6ace72", + "notice": "terms-of-use", + "source": "STIG.DOD.MIL" + }, + "vulns": [ + { + "status": "Not Applicable", + "findingdetails": "", + "comments": "", + "severityoverride": "medium", + "severityjustification": "Testing both N/A and overidden", + "vulnNum": "V-257777", + "severity": "high", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257777r925318_rule", + "ruleVer": "RHEL-09-211010", + "ruleTitle": "RHEL 9 must be a vendor-supported release.", + "vulnDiscuss": "An operating system release is considered \"supported\" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.\n\nRed Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.", + "iaControls": "", + "checkContent": "Verify that the version or RHEL 9 is vendor supported with the following command:\n\n$ cat /etc/redhat-release \n\nRed Hat Enterprise Linux release 9.2 (Plow)\n\nIf the installed version of RHEL 9 is not supported, this is a finding.", + "fixText": "Upgrade to a supported version of RHEL 9.", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "low", + "severityjustification": "Example of overridden severity", + "vulnNum": "V-257778", + "severity": "medium", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257778r925321_rule", + "ruleVer": "RHEL-09-211015", + "ruleTitle": "RHEL 9 vendor packaged system security patches and updates must be installed and up to date.", + "vulnDiscuss": "Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.", + "iaControls": "", + "checkContent": "Verify RHEL 9 security patches and updates are installed and up to date. Updates are required to be applied with a frequency determined by organizational policy.\n\nObtain the list of available package security updates from Red Hat. The URL for updates is https://access.redhat.com/errata-search/. It is important to note that updates provided by Red Hat may not be present on the system if the underlying packages are not installed.\n\nCheck that the available package security updates have been installed on the system with the following command:\n\n$ dnf history list | more\n\n ID | Command line | Date and time | Action(s) | Altered \n------------------------------------------------------------------------------- \n 70 | install aide | 2023-03-05 10:58 | Install | 1 \n 69 | update -y | 2023-03-04 14:34 | Update | 18 EE \n 68 | install vlc | 2023-02-21 17:12 | Install | 21 \n 67 | update -y | 2023-02-21 17:04 | Update | 7 EE \n\nTypical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.\n\nIf the system is in noncompliance with the organizational patching policy, this is a finding.", + "fixText": "Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:\n\n$ sudo dnf update", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "high", + "severityjustification": "Example high justification", + "vulnNum": "V-257779", + "severity": "medium", + "groupTitle": "SRG-OS-000023-GPOS-00006", + "ruleId": "SV-257779r925324_rule", + "ruleVer": "RHEL-09-211020", + "ruleTitle": "RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.", + "vulnDiscuss": "Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.\n\nSystem use notifications are required only for access via login interfaces with human users and are not required when such human interfaces do not exist.\n\nSatisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088", + "iaControls": "", + "checkContent": "Verify RHEL 9 displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the operating system via a command line user logon.\n\nCheck that a banner is displayed at the command line login screen with the following command:\n\n$ sudo cat /etc/issue\n\nIf the banner is set correctly it will return the following text:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"\n\nIf the banner text does not match the Standard Mandatory DOD Notice and Consent Banner exactly, or the line is commented out, this is a finding.", + "fixText": "Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via command line logon.\n\nEdit the \"/etc/issue\" file to replace the default text with the Standard Mandatory DOD Notice and Consent Banner. The DOD-required text is:\n\n\"You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\n\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n\n-At any time, the USG may inspect and seize data stored on this IS.\n\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.\n\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.\"", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "{\n \"hdfSpecificData\": {\n \"impact\": 1.0,\n \"severity\": \"critical\"\n }\n}", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "", + "legacyId": "; ", + "cciRef": "CCI-000048; CCI-001384; CCI-001385; CCI-001386; CCI-001387; CCI-001388" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257780", + "severity": "medium", + "groupTitle": "SRG-OS-000191-GPOS-00080", + "ruleId": "SV-257780r939261_rule", + "ruleVer": "RHEL-09-211025", + "ruleTitle": "RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.", + "vulnDiscuss": "Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.\n\nTo support this requirement, the operating system may have an integrated solution incorporating continuous scanning using ESS and periodic scanning using other tools, as specified in the requirement.", + "iaControls": "", + "checkContent": "Verify that RHEL 9 has implemented the Endpoint Security for Linux Threat Prevention tool.\n\nCheck that the following package has been installed:\n\n$ sudo rpm -qa | grep -i mcafeetp\n\nIf the \"mcafeetp\" package is not installed, this is a finding.\n\nVerify that the daemon is running:\n\n$ sudo ps -ef | grep -i mfetpd\n\nIf the daemon is not running, this is a finding.", + "fixText": "Install and enable the latest McAfee ENSLTP package.", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-001233" + }, + { + "status": "Failed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257781", + "severity": "medium", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257781r925330_rule", + "ruleVer": "RHEL-09-211030", + "ruleTitle": "The graphical display manager must not be the default target on RHEL 9 unless approved.", + "vulnDiscuss": "Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.", + "iaControls": "", + "checkContent": "Verify that RHEL 9 is configured to boot to the command line:\n\n$ systemctl get-default\n\nmulti-user.target\n\nIf the system default target is not set to \"multi-user.target\" and the information system security officer (ISSO) lacks a documented requirement for a graphical user interface, this is a finding.", + "fixText": "Document the requirement for a graphical user interface with the ISSO or set the default target to multi-user with the following command:\n\n$ sudo systemctl set-default multi-user.target", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Passed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257782", + "severity": "low", + "groupTitle": "SRG-OS-000480-GPOS-00227", + "ruleId": "SV-257782r942961_rule", + "ruleVer": "RHEL-09-211035", + "ruleTitle": "RHEL 9 must enable the hardware random number generator entropy gatherer service.", + "vulnDiscuss": "The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems. \n\nThe rngd service feeds random data from hardware device to kernel random device. Quality (nonpredictable) random number generation is important for several security functions (i.e., ciphers).", + "iaControls": "", + "checkContent": "Note: For RHEL 9 systems running with kernel FIPS mode enabled as specified by RHEL-09-671010, this requirement is Not Applicable.\n\nVerify that RHEL 9 has enabled the hardware random number generator entropy gatherer service with the following command:\n\n$ systemctl is-active rngd\n\nactive\n\nIf the \"rngd\" service is not active, this is a finding.", + "fixText": "Install the rng-tools package with the following command:\n\n$ sudo dnf install rng-tools\n\nThen enable the rngd service run the following command:\n\n$ sudo systemctl enable --now rngd", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366" + }, + { + "status": "Passed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257783", + "severity": "medium", + "groupTitle": "SRG-OS-000269-GPOS-00103", + "ruleId": "SV-257783r925336_rule", + "ruleVer": "RHEL-09-211040", + "ruleTitle": "RHEL 9 systemd-journald service must be enabled.", + "vulnDiscuss": "In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.", + "iaControls": "", + "checkContent": "Verify that \"systemd-journald\" is active with the following command:\n\n$ systemctl is-active systemd-journald\n\nactive\n\nIf the systemd-journald service is not active, this is a finding.", + "fixText": "To enable the systemd-journald service, run the following command:\n\n$ sudo systemctl enable --now systemd-journald", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-001665" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257784", + "severity": "high", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257784r925339_rule", + "ruleVer": "RHEL-09-211045", + "ruleTitle": "The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.", + "vulnDiscuss": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:\n\n$ grep -i ctrl /etc/systemd/system.conf\n\nCtrlAltDelBurstAction=none\n\nIf the \"CtrlAltDelBurstAction\" is not set to \"none\", commented out, or is missing, this is a finding.", + "fixText": "Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the \"/etc/systemd/system.conf\" configuration file:\n\nCtrlAltDelBurstAction=none\n\nReload the daemon for this change to take effect.\n\n$ sudo systemctl daemon-reload", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257785", + "severity": "high", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257785r925342_rule", + "ruleVer": "RHEL-09-211050", + "ruleTitle": "The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.", + "vulnDiscuss": "A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is not configured to reboot the system when Ctrl-Alt-Delete is pressed with the following command:\n\n$ sudo systemctl status ctrl-alt-del.target\n\nctrl-alt-del.target\nLoaded: masked (Reason: Unit ctrl-alt-del.target is masked.)\nActive: inactive (dead)\n\nIf the \"ctrl-alt-del.target\" is loaded and not masked, this is a finding.", + "fixText": "Configure RHEL 9 to disable the ctrl-alt-del.target with the following command:\n\n$ sudo systemctl disable --now ctrl-alt-del.target\n$ sudo systemctl mask --now ctrl-alt-del.target", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257786", + "severity": "medium", + "groupTitle": "SRG-OS-000324-GPOS-00125", + "ruleId": "SV-257786r943026_rule", + "ruleVer": "RHEL-09-211055", + "ruleTitle": "RHEL 9 debug-shell systemd service must be disabled.", + "vulnDiscuss": "The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.\n\nSatisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227", + "iaControls": "", + "checkContent": "Verify RHEL 9 is configured to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl status debug-shell.service\n\ndebug-shell.service\nLoaded: masked (Reason: Unit debug-shell.service is masked.)\nActive: inactive (dead)\n\nIf the \"debug-shell.service\" is loaded and not masked, this is a finding.", + "fixText": "Configure RHEL 9 to mask the debug-shell systemd service with the following command:\n\n$ sudo systemctl disable --now debug-shell.service\n$ sudo systemctl mask --now debug-shell.service", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000366; CCI-002235" + }, + { + "status": "Not Reviewed", + "findingdetails": "", + "comments": "", + "severityoverride": "", + "severityjustification": "", + "vulnNum": "V-257787", + "severity": "medium", + "groupTitle": "SRG-OS-000080-GPOS-00048", + "ruleId": "SV-257787r925348_rule", + "ruleVer": "RHEL-09-212010", + "ruleTitle": "RHEL 9 must require a boot loader superuser password.", + "vulnDiscuss": "To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.\n\nPassword protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.", + "iaControls": "", + "checkContent": "Verify the boot loader superuser password has been set and run the following command:\n\n$ sudo grep \"superusers\" /etc/grub2.cfg \n\npassword_pbkdf2 superusers-account ${GRUB2_PASSWORD} \n\nTo verify the boot loader superuser account password has been set, and the password encrypted, run the following command:\n\n$ sudo cat /boot/grub2/user.cfg \n\nGRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC\n2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0\n916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7\n0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828 \n\nIf a \"GRUB2_PASSWORD\" is not set, this is a finding.", + "fixText": "Configure RHEL 9 to require a grub bootloader password for the grub superuser account.\n\nGenerate an encrypted grub2 password for the grub superuser account with the following command:\n\n$ sudo grub2-setpassword\nEnter password:\nConfirm password:", + "falsePositives": "", + "falseNegatives": "", + "documentable": "false", + "mitigations": "", + "potentialImpact": "", + "thirdPartyTools": "", + "mitigationControl": "", + "responsibility": "", + "securityOverrideGuidance": "", + "checkContentRef": "M", + "weight": "10.0", + "class": "Unclass", + "stigRef": "Red Hat Enterprise Linux 9 Security Technical Implementation Guide :: Version 1, Release: 3 Benchmark Date: 24 Apr 2024", + "targetKey": "5551", + "stigUuid": "4f55ab46-138a-4554-952f-4bf8523b04ec", + "legacyId": "; ", + "cciRef": "CCI-000213" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json b/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json index 7c41b63abe..ecc40fe304 100644 --- a/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json +++ b/libs/hdf-converters/sample_jsons/checklist_mapper/three_stig_checklist-hdf.json @@ -1,14 +1,14 @@ { "platform": { "name": "Heimdall Tools", - "release": "2.10.1" + "release": "2.10.8" }, - "version": "2.10.1", + "version": "2.10.8", "statistics": {}, "profiles": [ { "name": "Parent Profile", - "version": "2.10.1", + "version": "2.10.8", "supports": [], "attributes": [], "groups": [], @@ -36,6 +36,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -76,6 +77,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -116,6 +118,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -156,6 +159,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -196,6 +200,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -236,6 +241,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -276,6 +282,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -316,6 +323,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -356,6 +364,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -396,6 +405,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -436,6 +446,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -476,6 +487,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -516,6 +528,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -556,6 +569,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -596,6 +610,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -636,6 +651,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -676,6 +692,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -716,6 +733,7 @@ "nist": [ "AC-3 (7)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -756,6 +774,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -796,6 +815,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -836,6 +856,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -876,6 +897,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -916,6 +938,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -956,6 +979,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -996,6 +1020,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1036,6 +1061,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1076,6 +1102,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1116,6 +1143,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1156,6 +1184,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1196,6 +1225,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1236,6 +1266,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1276,6 +1307,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1316,6 +1348,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1358,6 +1391,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1400,6 +1434,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1440,6 +1475,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1480,6 +1516,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1520,6 +1557,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1560,6 +1598,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1600,6 +1639,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1640,6 +1680,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1680,6 +1721,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1720,6 +1762,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1760,6 +1803,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1800,6 +1844,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1840,6 +1885,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1880,6 +1926,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1920,6 +1967,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -1960,6 +2008,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2000,6 +2049,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2040,6 +2090,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2080,6 +2131,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2120,6 +2172,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2160,6 +2213,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2200,6 +2254,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2240,6 +2295,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2280,6 +2336,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2320,6 +2377,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2360,6 +2418,7 @@ "nist": [ "SC-28" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2400,6 +2459,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2440,6 +2500,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2480,6 +2541,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2520,6 +2582,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2560,6 +2623,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2600,6 +2664,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2640,6 +2705,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2680,6 +2746,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2720,6 +2787,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2760,6 +2828,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -2800,6 +2869,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102427; SV-111371", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2841,6 +2911,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102429; SV-111373", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2882,6 +2953,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102431; SV-111375", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2927,6 +2999,7 @@ "AC-17 (2)", "SC-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102433; SV-111547", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -2980,6 +3053,7 @@ "AU-12 a", "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102435; SV-111379", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3023,6 +3097,7 @@ "IA-5 (2) (a) (1)", "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102445; SV-111393", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3064,6 +3139,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102447; SV-111395", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3105,6 +3181,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102449; SV-111397", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3146,6 +3223,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102451; SV-111399", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3187,6 +3265,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102453; SV-111401", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3228,6 +3307,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102455; SV-111403", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3269,6 +3349,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102457; SV-111405", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3318,6 +3399,7 @@ "AU-12 c", "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102603; SV-111549", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3359,6 +3441,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102461; SV-111407", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3400,6 +3483,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102463; SV-111409", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3441,6 +3525,7 @@ "nist": [ "AU-3 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102465; SV-111411", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3482,6 +3567,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102467; SV-111413", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3523,6 +3609,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102469; SV-111415", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3564,6 +3651,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102471; SV-111417", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3607,6 +3695,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102473; SV-111419", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3650,6 +3739,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102605; SV-111551", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3691,6 +3781,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102477; SV-111421", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3737,6 +3828,7 @@ "AU-9", "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102607; SV-111553", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3778,6 +3870,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102481; SV-111423", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3819,6 +3912,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102483; SV-111425", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3860,6 +3954,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102485; SV-111427", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3901,6 +3996,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102487; SV-111429", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3942,6 +4038,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102489; SV-111431", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -3983,6 +4080,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102491; SV-111433", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4024,6 +4122,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102493; SV-111435", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4065,6 +4164,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102495; SV-111437", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4106,6 +4206,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102497; SV-111439", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4147,6 +4248,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102499; SV-111441", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4188,6 +4290,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102501; SV-111443", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4229,6 +4332,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102503; SV-111445", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4270,6 +4374,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102505; SV-111447", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4311,6 +4416,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102507; SV-111449", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4352,6 +4458,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102509; SV-111451", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4393,6 +4500,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102511; SV-111565", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4434,6 +4542,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102513; SV-111455", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4475,6 +4584,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102515; SV-111457", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4516,6 +4626,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102517; SV-111459", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4566,6 +4677,7 @@ "SC-8 (1)", "SC-28 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102609; SV-111567", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4607,6 +4719,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102521; SV-111461", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4648,6 +4761,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102523; SV-111463", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4689,6 +4803,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102525; SV-111465", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4730,6 +4845,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102529; SV-111469", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4771,6 +4887,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102531; SV-111471", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4812,6 +4929,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102533; SV-111473", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4853,6 +4971,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102535; SV-111475", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4894,6 +5013,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102537; SV-111477", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4935,6 +5055,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102539; SV-111479", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -4978,6 +5099,7 @@ "IA-11", "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102541; SV-111481", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5019,6 +5141,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102543; SV-111483", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5060,6 +5183,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102545; SV-111485", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5101,6 +5225,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102547; SV-111487", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5142,6 +5267,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102549; SV-111489", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5183,6 +5309,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102551; SV-111491", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5224,6 +5351,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102553; SV-111493", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5265,6 +5393,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102555; SV-111495", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5306,6 +5435,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102557; SV-111497", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5347,6 +5477,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102559; SV-111499", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5388,6 +5519,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102561; SV-111501", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5429,6 +5561,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102563; SV-111503", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5470,6 +5603,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102565; SV-111505", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5515,6 +5649,7 @@ "IA-2 (12)", "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102569; SV-111509", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5556,6 +5691,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102571; SV-111511", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5597,6 +5733,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102573; SV-111513", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5640,6 +5777,7 @@ "SC-5 a", "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102575; SV-111515", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5683,6 +5821,7 @@ "AU-12 c", "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102577; SV-111517", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5724,6 +5863,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102579; SV-111519", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5765,6 +5905,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102581; SV-111521", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5806,6 +5947,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102583; SV-111523", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5847,6 +5989,7 @@ "nist": [ "SC-13 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102585; SV-111525", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5888,6 +6031,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102587; SV-111527", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5929,6 +6073,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102589; SV-111529", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -5970,6 +6115,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102591; SV-111531", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6011,6 +6157,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102593; SV-111533", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6052,6 +6199,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102595; SV-111535", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6093,6 +6241,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102597; SV-111537", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6134,6 +6283,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102599; SV-111539", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6175,6 +6325,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102601; SV-111541", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6216,6 +6367,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102621; SV-111571", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -6257,6 +6409,7 @@ "nist": [ "AC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69239; SV-83861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6298,6 +6451,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69241; SV-83863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6339,6 +6493,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69243; SV-83865", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6380,6 +6535,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69245; SV-83867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6421,6 +6577,7 @@ "nist": [ "AC-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69247; SV-83869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6462,6 +6619,7 @@ "nist": [ "AC-12 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69249; SV-83871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6503,6 +6661,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69251; SV-83873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6544,6 +6703,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69253; SV-83875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6585,6 +6745,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69255; SV-83877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6626,6 +6787,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69257; SV-83879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6667,6 +6829,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69259; SV-83881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6708,6 +6871,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69261; SV-83883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6749,6 +6913,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69279; SV-83901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6790,6 +6955,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69281; SV-83903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6831,6 +6997,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69283; SV-83905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6872,6 +7039,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69285; SV-83907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6913,6 +7081,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69287; SV-83909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6954,6 +7123,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69289; SV-83911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -6995,6 +7165,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69291; SV-83913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7036,6 +7207,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69293; SV-83915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7077,6 +7249,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69295; SV-83917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7118,6 +7291,7 @@ "nist": [ "AC-2 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69297; SV-83919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7159,6 +7333,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69299; SV-83921", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7200,6 +7375,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70173; SV-84795", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7241,6 +7417,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69301; SV-83923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7282,6 +7459,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69303; SV-83925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7323,6 +7501,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69305; SV-83927", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7364,6 +7543,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69307; SV-83929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7405,6 +7585,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69309; SV-83931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7446,6 +7627,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69311; SV-83933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7487,6 +7669,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69313; SV-83935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7528,6 +7711,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69315; SV-83937", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7569,6 +7753,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69317; SV-83939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7610,6 +7795,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69319; SV-83941", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7651,6 +7837,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69321; SV-83943", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7692,6 +7879,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69323; SV-83945", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7733,6 +7921,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69325; SV-83947", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7774,6 +7963,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69327; SV-83949", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7815,6 +8005,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69329; SV-83951", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7856,6 +8047,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69331; SV-83953", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7897,6 +8089,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69333; SV-83955", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7938,6 +8131,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69335; SV-83957", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -7979,6 +8173,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69337; SV-83959", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8020,6 +8215,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69339; SV-83961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8061,6 +8257,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69341; SV-83963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8102,6 +8299,7 @@ "nist": [ "AC-7 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69343; SV-83965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8143,6 +8341,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69347; SV-83969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8184,6 +8383,7 @@ "nist": [ "AC-8 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69349; SV-83971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8225,6 +8425,7 @@ "nist": [ "AC-8 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69351; SV-83973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8272,6 +8473,7 @@ "AC-8 c 2", "AC-8 c 3" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69353; SV-83975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8313,6 +8515,7 @@ "nist": [ "AC-9" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69355; SV-83977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8354,6 +8557,7 @@ "nist": [ "AU-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69357; SV-83979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8395,6 +8599,7 @@ "nist": [ "AU-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69359; SV-83981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8436,6 +8641,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69363; SV-83985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8477,6 +8683,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69365; SV-83987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8518,6 +8725,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69367; SV-83989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8559,6 +8767,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69369; SV-83991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8600,6 +8809,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69371; SV-83993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8641,6 +8851,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69373; SV-83995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8682,6 +8893,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69375; SV-83997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8723,6 +8935,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69377; SV-83999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8764,6 +8977,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69379; SV-84001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8805,6 +9019,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69381; SV-84003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8846,6 +9061,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69383; SV-84005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8887,6 +9103,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69385; SV-84007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8928,6 +9145,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69387; SV-84009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -8969,6 +9187,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69389; SV-84011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9010,6 +9229,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69391; SV-84013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9051,6 +9271,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69393; SV-84015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9092,6 +9313,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69395; SV-84017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9133,6 +9355,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69397; SV-84019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9174,6 +9397,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69399; SV-84021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9215,6 +9439,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69401; SV-84023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9256,6 +9481,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69403; SV-84025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9297,6 +9523,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69405; SV-84027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9338,6 +9565,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69407; SV-84029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9379,6 +9607,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69409; SV-84031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9420,6 +9649,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69411; SV-84033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9461,6 +9691,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69413; SV-84035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9502,6 +9733,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69415; SV-84037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9543,6 +9775,7 @@ "nist": [ "AU-14 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69419; SV-84041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9584,6 +9817,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69421; SV-84043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9625,6 +9859,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69423; SV-84045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9666,6 +9901,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69425; SV-84047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9707,6 +9943,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69427; SV-84049", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9748,6 +9985,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69429; SV-84051", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9789,6 +10027,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69431; SV-84053", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9830,6 +10069,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69433; SV-84055", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9871,6 +10111,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69435; SV-84057", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9912,6 +10153,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69437; SV-84059", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9953,6 +10195,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69439; SV-84061", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -9994,6 +10237,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69441; SV-84063", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10035,6 +10279,7 @@ "nist": [ "AU-3 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69443; SV-84065", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10076,6 +10321,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69445; SV-84067", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10117,6 +10363,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69447; SV-84069", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10158,6 +10405,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69449; SV-84071", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10199,6 +10447,7 @@ "nist": [ "AU-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69451; SV-84073", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10240,6 +10489,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69453; SV-84075", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10281,6 +10531,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69455; SV-84077", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10322,6 +10573,7 @@ "nist": [ "AU-6 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69457; SV-84079", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10363,6 +10615,7 @@ "nist": [ "AU-7 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69459; SV-84081", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10404,6 +10657,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69461; SV-84083", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10445,6 +10699,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69463; SV-84085", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10486,6 +10741,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69465; SV-84087", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10527,6 +10783,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69467; SV-84089", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10568,6 +10825,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69469; SV-84091", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10609,6 +10867,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69471; SV-84093", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10650,6 +10909,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69473; SV-84095", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10691,6 +10951,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69475; SV-84097", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10732,6 +10993,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69477; SV-84099", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10773,6 +11035,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69479; SV-84101", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10814,6 +11077,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69481; SV-84103", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10855,6 +11119,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69483; SV-84105", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10896,6 +11161,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69485; SV-84107", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10937,6 +11203,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69487; SV-84109", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -10978,6 +11245,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69489; SV-84111", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11019,6 +11287,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69491; SV-84113", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11060,6 +11329,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69493; SV-84115", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11101,6 +11371,7 @@ "nist": [ "AU-9 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69495; SV-84117", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11142,6 +11413,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69497; SV-84119", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11183,6 +11455,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69499; SV-84121", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11224,6 +11497,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69501; SV-84123", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11265,6 +11539,7 @@ "nist": [ "CM-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69503; SV-84125", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11306,6 +11581,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69505; SV-84127", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11347,6 +11623,7 @@ "nist": [ "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69507; SV-84129", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11388,6 +11665,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69509; SV-84131", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11429,6 +11707,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69511; SV-84133", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11470,6 +11749,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69513; SV-84135", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11511,6 +11791,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69515; SV-84137", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11552,6 +11833,7 @@ "nist": [ "CM-7 (5) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69517; SV-84139", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11593,6 +11875,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69519; SV-84141", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11634,6 +11917,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69521; SV-84143", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11675,6 +11959,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69523; SV-84145", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11716,6 +12001,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69525; SV-84147", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11757,6 +12043,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69527; SV-84149", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11798,6 +12085,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69529; SV-84151", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11839,6 +12127,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69531; SV-84153", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11880,6 +12169,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69533; SV-84155", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11921,6 +12211,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69535; SV-84157", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -11962,6 +12253,7 @@ "nist": [ "IA-2 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69537; SV-84159", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12003,6 +12295,7 @@ "nist": [ "IA-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69539; SV-84161", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12044,6 +12337,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69541; SV-84163", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12085,6 +12379,7 @@ "nist": [ "IA-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69543; SV-84165", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12126,6 +12421,7 @@ "nist": [ "IA-2 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69545; SV-84167", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12167,6 +12463,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69547; SV-84169", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12208,6 +12505,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69549; SV-84171", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12249,6 +12547,7 @@ "nist": [ "IA-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69551; SV-84173", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12290,6 +12589,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69553; SV-84175", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12331,6 +12631,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69555; SV-84177", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12372,6 +12673,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69557; SV-84179", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12413,6 +12715,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69559; SV-84181", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12454,6 +12757,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69561; SV-84183", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12495,6 +12799,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69563; SV-84185", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12536,6 +12841,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69565; SV-84187", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12577,6 +12883,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69567; SV-84189", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12618,6 +12925,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69569; SV-84191", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12659,6 +12967,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69571; SV-84193", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12700,6 +13009,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69573; SV-84195", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12741,6 +13051,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69575; SV-84197", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12782,6 +13093,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69577; SV-84199", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12823,6 +13135,7 @@ "nist": [ "IA-5 h" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70145; SV-84767", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12864,6 +13177,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70147; SV-84769", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12905,6 +13219,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70149; SV-84771", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12946,6 +13261,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70151; SV-84773", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -12987,6 +13303,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70153; SV-84775", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13028,6 +13345,7 @@ "nist": [ "IA-5 (2) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70155; SV-84777", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13069,6 +13387,7 @@ "nist": [ "IA-6" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70157; SV-84779", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13110,6 +13429,7 @@ "nist": [ "IA-7" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70159; SV-84781", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13151,6 +13471,7 @@ "nist": [ "IA-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70161; SV-84783", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13192,6 +13513,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70163; SV-84785", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13233,6 +13555,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70165; SV-84787", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13274,6 +13597,7 @@ "nist": [ "IA-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70167; SV-84789", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13315,6 +13639,7 @@ "nist": [ "IA-8 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70169; SV-84791", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13356,6 +13681,7 @@ "nist": [ "MA-4 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70171; SV-84793", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13397,6 +13723,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70175; SV-84797", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13438,6 +13765,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70177; SV-84799", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13479,6 +13807,7 @@ "nist": [ "MA-4 (7)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70179; SV-84801", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13520,6 +13849,7 @@ "nist": [ "MA-4 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70181; SV-84803", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13561,6 +13891,7 @@ "nist": [ "MA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70183; SV-84805", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13604,6 +13935,7 @@ "CM-6 b", "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70185; SV-84807", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13645,6 +13977,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70187; SV-84809", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13686,6 +14019,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70191; SV-84813", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13727,6 +14061,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70193; SV-84815", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13768,6 +14103,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70195; SV-84817", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13809,6 +14145,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70197; SV-84819", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13850,6 +14187,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70199; SV-84821", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13891,6 +14229,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70201; SV-84823", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13932,6 +14271,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70203; SV-84825", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -13973,6 +14313,7 @@ "nist": [ "SC-23" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70205; SV-84827", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14014,6 +14355,7 @@ "nist": [ "SC-23 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70207; SV-84829", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14055,6 +14397,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70209; SV-84831", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14096,6 +14439,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70211; SV-84833", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14137,6 +14481,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70213; SV-84835", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14178,6 +14523,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70215; SV-84837", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14219,6 +14565,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70217; SV-84839", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14260,6 +14607,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70219; SV-84841", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14301,6 +14649,7 @@ "nist": [ "SC-24" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70221; SV-84843", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14342,6 +14691,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70223; SV-84845", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14383,6 +14733,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70225; SV-84847", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14424,6 +14775,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70227; SV-84849", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14465,6 +14817,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70229; SV-84851", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14506,6 +14859,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70231; SV-84853", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14547,6 +14901,7 @@ "nist": [ "SC-39" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70233; SV-84855", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14588,6 +14943,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70235; SV-84857", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14629,6 +14985,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70237; SV-84859", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14670,6 +15027,7 @@ "nist": [ "SC-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70239; SV-84861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14711,6 +15069,7 @@ "nist": [ "SC-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70241; SV-84863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14752,6 +15111,7 @@ "nist": [ "SC-8" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70245; SV-84867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14793,6 +15153,7 @@ "nist": [ "SC-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70247; SV-84869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14834,6 +15195,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70249; SV-84871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14875,6 +15237,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70251; SV-84873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14916,6 +15279,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70253; SV-84875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14957,6 +15321,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70255; SV-84877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -14998,6 +15363,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70257; SV-84879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15039,6 +15405,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70259; SV-84881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15080,6 +15447,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70261; SV-84883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15121,6 +15489,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70263; SV-84885", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15162,6 +15531,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70265; SV-84887", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15203,6 +15573,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70267; SV-84889", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15244,6 +15615,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70269; SV-84891", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15285,6 +15657,7 @@ "nist": [ "SI-10 (3)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70271; SV-84893", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15326,6 +15699,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70273; SV-84895", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15367,6 +15741,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70275; SV-84897", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15408,6 +15783,7 @@ "nist": [ "SI-16" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70277; SV-84899", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15449,6 +15825,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70279; SV-84901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15490,6 +15867,7 @@ "nist": [ "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70281; SV-84903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15531,6 +15909,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70283; SV-84905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15572,6 +15951,7 @@ "nist": [ "SI-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70285; SV-84907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15613,6 +15993,7 @@ "nist": [ "SI-6 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70287; SV-84909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15654,6 +16035,7 @@ "nist": [ "SC-18 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70289; SV-84911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15695,6 +16077,7 @@ "nist": [ "AC-2 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70291; SV-84913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15736,6 +16119,7 @@ "nist": [ "AC-6 (4)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70293; SV-84915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15777,6 +16161,7 @@ "nist": [ "AU-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70295; SV-84917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15818,6 +16203,7 @@ "nist": [ "AU-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70297; SV-84919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15859,6 +16245,7 @@ "nist": [ "AU-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70301; SV-84923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15900,6 +16287,7 @@ "nist": [ "CA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70303; SV-84925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15943,6 +16331,7 @@ "CM-4 (2)", "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70307; SV-84929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -15984,6 +16373,7 @@ "nist": [ "CM-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70309; SV-84931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16025,6 +16415,7 @@ "nist": [ "CM-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70311; SV-84933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16066,6 +16457,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70313; SV-84935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16107,6 +16499,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70317; SV-84939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16148,6 +16541,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70339; SV-84961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16189,6 +16583,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70341; SV-84963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16230,6 +16625,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70343; SV-84965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16271,6 +16667,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70345; SV-84967", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16312,6 +16709,7 @@ "nist": [ "CP-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70347; SV-84969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16353,6 +16751,7 @@ "nist": [ "CP-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70349; SV-84971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16394,6 +16793,7 @@ "nist": [ "CP-2 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70351; SV-84973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16435,6 +16835,7 @@ "nist": [ "CP-2 a 2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70353; SV-84975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16476,6 +16877,7 @@ "nist": [ "CP-9 (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70355; SV-84977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16517,6 +16919,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70357; SV-84979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16558,6 +16961,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70359; SV-84981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16599,6 +17003,7 @@ "nist": [ "IA-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70361; SV-84983", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16640,6 +17045,7 @@ "nist": [ "IA-5 (7)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70363; SV-84985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16681,6 +17087,7 @@ "nist": [ "MP-3 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70365; SV-84987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16722,6 +17129,7 @@ "nist": [ "PM-14 a 2" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70367; SV-84989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16763,6 +17171,7 @@ "nist": [ "SA-10 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70369; SV-84991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16804,6 +17213,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70371; SV-84993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16845,6 +17255,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70373; SV-84995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16886,6 +17297,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70375; SV-84997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16927,6 +17339,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70377; SV-84999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -16968,6 +17381,7 @@ "nist": [ "SA-11 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70379; SV-85001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17009,6 +17423,7 @@ "nist": [ "SA-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70381; SV-85003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17050,6 +17465,7 @@ "nist": [ "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70383; SV-85005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17091,6 +17507,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70385; SV-85007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17132,6 +17549,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70387; SV-85009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17173,6 +17591,7 @@ "nist": [ "SA-15 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70389; SV-85011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17214,6 +17633,7 @@ "nist": [ "SA-15 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70391; SV-85013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17255,6 +17675,7 @@ "nist": [ "SA-15 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70393; SV-85015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17296,6 +17717,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70395; SV-85017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17337,6 +17759,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70397; SV-85019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17378,6 +17801,7 @@ "nist": [ "SA-22 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70399; SV-85021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17419,6 +17843,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70401; SV-85023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17460,6 +17885,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70403; SV-85025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17501,6 +17927,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70405; SV-85027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17542,6 +17969,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70407; SV-85029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17583,6 +18011,7 @@ "nist": [ "SC-18 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70409; SV-85031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17624,6 +18053,7 @@ "nist": [ "SC-28 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70411; SV-85033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17665,6 +18095,7 @@ "nist": [ "SC-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70413; SV-85035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17706,6 +18137,7 @@ "nist": [ "SI-4 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70415; SV-85037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17747,6 +18179,7 @@ "nist": [ "SI-5 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70417; SV-85039", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17788,6 +18221,7 @@ "nist": [ "SI-5 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70419; SV-85041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17829,6 +18263,7 @@ "nist": [ "SC-7 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70421; SV-85043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17870,6 +18305,7 @@ "nist": [ "AU-12 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70423; SV-85045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17911,6 +18347,7 @@ "nist": [ "AT-3 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70425; SV-85047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17952,6 +18389,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70189; SV-84811", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -17982,7 +18420,7 @@ ] } ], - "sha256": "58a48bbf1947aaed4c1c7cabf630c90bfad3b4a7e814e1d95ceb9bcc01ebb7a9" + "sha256": "dcb441963b292ffddc7b1545fba19623ce10c78d48306894f61b2a3dbc62b25d" }, { "name": "AAA_Service_SRG", @@ -18007,6 +18445,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18047,6 +18486,7 @@ "nist": [ "CM-7 b" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18087,6 +18527,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18127,6 +18568,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18167,6 +18609,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18207,6 +18650,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18247,6 +18691,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18287,6 +18732,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18327,6 +18773,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18367,6 +18814,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18407,6 +18855,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18447,6 +18896,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18487,6 +18937,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18527,6 +18978,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18567,6 +19019,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18607,6 +19060,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18647,6 +19101,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18687,6 +19142,7 @@ "nist": [ "AC-3 (7)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18727,6 +19183,7 @@ "nist": [ "AC-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18767,6 +19224,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18807,6 +19265,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18847,6 +19306,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18887,6 +19347,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18927,6 +19388,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -18967,6 +19429,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19007,6 +19470,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19047,6 +19511,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19087,6 +19552,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19127,6 +19593,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19167,6 +19634,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19207,6 +19675,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19247,6 +19716,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19287,6 +19757,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19329,6 +19800,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19371,6 +19843,7 @@ "CM-6 b", "AU-8 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19411,6 +19884,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19451,6 +19925,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19491,6 +19966,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19531,6 +20007,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19571,6 +20048,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19611,6 +20089,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19651,6 +20130,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19691,6 +20171,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19731,6 +20212,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19771,6 +20253,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19811,6 +20294,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19851,6 +20335,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19891,6 +20376,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19931,6 +20417,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -19971,6 +20458,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20011,6 +20499,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20051,6 +20540,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20091,6 +20581,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20131,6 +20622,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20171,6 +20663,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20211,6 +20704,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20251,6 +20745,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20291,6 +20786,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20331,6 +20827,7 @@ "nist": [ "SC-28" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20371,6 +20868,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20411,6 +20909,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20451,6 +20950,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20491,6 +20991,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20531,6 +21032,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20571,6 +21073,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20611,6 +21114,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20651,6 +21155,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20691,6 +21196,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20731,6 +21237,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "STIGRef": "Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide :: Version 1, Release: 2 Benchmark Date: 24 Jan 2020" }, @@ -20760,7 +21267,7 @@ ] } ], - "sha256": "146e96ba50d6041b8530ec87807704dda1bd0a8b883dc6ba097d321f55f13692", + "sha256": "53e2df777d0b38b565db5bf2faabc1422e497cafe2791f12e73b9ba4565fd6f5", "parent_profile": "Parent Profile" }, { @@ -20786,6 +21293,7 @@ "nist": [ "AC-10" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102427; SV-111371", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20827,6 +21335,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102429; SV-111373", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20868,6 +21377,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102431; SV-111375", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20913,6 +21423,7 @@ "AC-17 (2)", "SC-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102433; SV-111547", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -20966,6 +21477,7 @@ "AU-12 a", "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102435; SV-111379", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21009,6 +21521,7 @@ "IA-5 (2) (a) (1)", "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102445; SV-111393", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21050,6 +21563,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102447; SV-111395", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21091,6 +21605,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102449; SV-111397", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21132,6 +21647,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102451; SV-111399", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21173,6 +21689,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102453; SV-111401", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21214,6 +21731,7 @@ "nist": [ "AC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102455; SV-111403", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21255,6 +21773,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102457; SV-111405", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21304,6 +21823,7 @@ "AU-12 c", "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102603; SV-111549", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21345,6 +21865,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102461; SV-111407", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21386,6 +21907,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102463; SV-111409", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21427,6 +21949,7 @@ "nist": [ "AU-3 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102465; SV-111411", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21468,6 +21991,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102467; SV-111413", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21509,6 +22033,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102469; SV-111415", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21550,6 +22075,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102471; SV-111417", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21593,6 +22119,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102473; SV-111419", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21636,6 +22163,7 @@ "AU-9 a", "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102605; SV-111551", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21677,6 +22205,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102477; SV-111421", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21723,6 +22252,7 @@ "AU-9", "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102607; SV-111553", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21764,6 +22294,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102481; SV-111423", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21805,6 +22336,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102483; SV-111425", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21846,6 +22378,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102485; SV-111427", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21887,6 +22420,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102487; SV-111429", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21928,6 +22462,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102489; SV-111431", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -21969,6 +22504,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102491; SV-111433", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22010,6 +22546,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102493; SV-111435", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22051,6 +22588,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102495; SV-111437", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22092,6 +22630,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102497; SV-111439", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22133,6 +22672,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102499; SV-111441", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22174,6 +22714,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102501; SV-111443", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22215,6 +22756,7 @@ "nist": [ "CM-7 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102503; SV-111445", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22256,6 +22798,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102505; SV-111447", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22297,6 +22840,7 @@ "nist": [ "IA-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102507; SV-111449", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22338,6 +22882,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102509; SV-111451", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22379,6 +22924,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102511; SV-111565", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22420,6 +22966,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102513; SV-111455", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22461,6 +23008,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102515; SV-111457", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22502,6 +23050,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102517; SV-111459", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22552,6 +23101,7 @@ "SC-8 (1)", "SC-28 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-102609; SV-111567", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22593,6 +23143,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102521; SV-111461", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22634,6 +23185,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102523; SV-111463", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22675,6 +23227,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102525; SV-111465", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22716,6 +23269,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102529; SV-111469", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22757,6 +23311,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102531; SV-111471", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22798,6 +23353,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102533; SV-111473", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22839,6 +23395,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102535; SV-111475", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22880,6 +23437,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102537; SV-111477", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22921,6 +23479,7 @@ "nist": [ "SI-11 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102539; SV-111479", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -22964,6 +23523,7 @@ "IA-11", "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102541; SV-111481", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23005,6 +23565,7 @@ "nist": [ "AC-17 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102543; SV-111483", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23046,6 +23607,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102545; SV-111485", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23087,6 +23649,7 @@ "nist": [ "AC-17 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102547; SV-111487", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23128,6 +23691,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102549; SV-111489", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23169,6 +23733,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102551; SV-111491", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23210,6 +23775,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102553; SV-111493", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23251,6 +23817,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102555; SV-111495", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23292,6 +23859,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102557; SV-111497", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23333,6 +23901,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102559; SV-111499", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23374,6 +23943,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102561; SV-111501", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23415,6 +23985,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102563; SV-111503", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23456,6 +24027,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102565; SV-111505", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23501,6 +24073,7 @@ "IA-2 (12)", "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102569; SV-111509", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23542,6 +24115,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102571; SV-111511", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23583,6 +24157,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102573; SV-111513", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23626,6 +24201,7 @@ "SC-5 a", "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102575; SV-111515", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23669,6 +24245,7 @@ "AU-12 c", "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102577; SV-111517", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23710,6 +24287,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102579; SV-111519", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23751,6 +24329,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102581; SV-111521", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23792,6 +24371,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102583; SV-111523", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23833,6 +24413,7 @@ "nist": [ "SC-13 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102585; SV-111525", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23874,6 +24455,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102587; SV-111527", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23915,6 +24497,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102589; SV-111529", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23956,6 +24539,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102591; SV-111531", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -23997,6 +24581,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102593; SV-111533", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24038,6 +24623,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102595; SV-111535", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24079,6 +24665,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102597; SV-111537", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24120,6 +24707,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102599; SV-111539", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24161,6 +24749,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-102601; SV-111541", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24202,6 +24791,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-102621; SV-111571", "STIGRef": "Apache Tomcat Application Sever 9 Security Technical Implementation Guide :: Version 2, Release: 4 Benchmark Date: 27 Jan 2022" @@ -24232,7 +24822,7 @@ ] } ], - "sha256": "f1a63ebf8958eb8b41df6100af8c7b5a859a8004723b5093fb9fbd6022f9338e", + "sha256": "be76a2514c65d678d36fcd98c645f90908c1807e77462b9b9b9ffa659ee39017", "parent_profile": "Parent Profile" }, { @@ -24258,6 +24848,7 @@ "nist": [ "AC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69239; SV-83861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24299,6 +24890,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69241; SV-83863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24340,6 +24932,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69243; SV-83865", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24381,6 +24974,7 @@ "nist": [ "AC-12" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69245; SV-83867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24422,6 +25016,7 @@ "nist": [ "AC-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69247; SV-83869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24463,6 +25058,7 @@ "nist": [ "AC-12 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69249; SV-83871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24504,6 +25100,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69251; SV-83873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24545,6 +25142,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69253; SV-83875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24586,6 +25184,7 @@ "nist": [ "AC-16 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69255; SV-83877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24627,6 +25226,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69257; SV-83879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24668,6 +25268,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69259; SV-83881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24709,6 +25310,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69261; SV-83883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24750,6 +25352,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69279; SV-83901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24791,6 +25394,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69281; SV-83903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24832,6 +25436,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69283; SV-83905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24873,6 +25478,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69285; SV-83907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24914,6 +25520,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69287; SV-83909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24955,6 +25562,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69289; SV-83911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -24996,6 +25604,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69291; SV-83913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25037,6 +25646,7 @@ "nist": [ "AC-17 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69293; SV-83915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25078,6 +25688,7 @@ "nist": [ "AC-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69295; SV-83917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25119,6 +25730,7 @@ "nist": [ "AC-2 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69297; SV-83919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25160,6 +25772,7 @@ "nist": [ "AC-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69299; SV-83921", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25201,6 +25814,7 @@ "nist": [ "CM-6 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70173; SV-84795", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25242,6 +25856,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69301; SV-83923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25283,6 +25898,7 @@ "nist": [ "AC-2 (3) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69303; SV-83925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25324,6 +25940,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69305; SV-83927", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25365,6 +25982,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69307; SV-83929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25406,6 +26024,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69309; SV-83931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25447,6 +26066,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69311; SV-83933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25488,6 +26108,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69313; SV-83935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25529,6 +26150,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69315; SV-83937", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25570,6 +26192,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69317; SV-83939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25611,6 +26234,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69319; SV-83941", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25652,6 +26276,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69321; SV-83943", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25693,6 +26318,7 @@ "nist": [ "AC-2 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69323; SV-83945", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25734,6 +26360,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69325; SV-83947", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25775,6 +26402,7 @@ "nist": [ "AC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69327; SV-83949", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25816,6 +26444,7 @@ "nist": [ "AC-3" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69329; SV-83951", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25857,6 +26486,7 @@ "nist": [ "AC-3 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69331; SV-83953", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25898,6 +26528,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69333; SV-83955", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25939,6 +26570,7 @@ "nist": [ "AC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69335; SV-83957", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -25980,6 +26612,7 @@ "nist": [ "AC-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69337; SV-83959", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26021,6 +26654,7 @@ "nist": [ "AC-6 (8)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69339; SV-83961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26062,6 +26696,7 @@ "nist": [ "AC-6 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69341; SV-83963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26103,6 +26738,7 @@ "nist": [ "AC-7 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69343; SV-83965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26144,6 +26780,7 @@ "nist": [ "AC-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69347; SV-83969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26185,6 +26822,7 @@ "nist": [ "AC-8 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69349; SV-83971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26226,6 +26864,7 @@ "nist": [ "AC-8 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69351; SV-83973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26273,6 +26912,7 @@ "AC-8 c 2", "AC-8 c 3" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69353; SV-83975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26314,6 +26954,7 @@ "nist": [ "AC-9" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-69355; SV-83977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26355,6 +26996,7 @@ "nist": [ "AU-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69357; SV-83979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26396,6 +27038,7 @@ "nist": [ "AU-12 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69359; SV-83981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26437,6 +27080,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69363; SV-83985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26478,6 +27122,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69365; SV-83987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26519,6 +27164,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69367; SV-83989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26560,6 +27206,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69369; SV-83991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26601,6 +27248,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69371; SV-83993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26642,6 +27290,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69373; SV-83995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26683,6 +27332,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69375; SV-83997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26724,6 +27374,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69377; SV-83999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26765,6 +27416,7 @@ "nist": [ "AU-12 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69379; SV-84001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26806,6 +27458,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69381; SV-84003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26847,6 +27500,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69383; SV-84005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26888,6 +27542,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69385; SV-84007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26929,6 +27584,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69387; SV-84009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -26970,6 +27626,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69389; SV-84011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27011,6 +27668,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69391; SV-84013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27052,6 +27710,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69393; SV-84015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27093,6 +27752,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69395; SV-84017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27134,6 +27794,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69397; SV-84019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27175,6 +27836,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69399; SV-84021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27216,6 +27878,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69401; SV-84023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27257,6 +27920,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69403; SV-84025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27298,6 +27962,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69405; SV-84027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27339,6 +28004,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69407; SV-84029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27380,6 +28046,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69409; SV-84031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27421,6 +28088,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69411; SV-84033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27462,6 +28130,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69413; SV-84035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27503,6 +28172,7 @@ "nist": [ "AU-12 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69415; SV-84037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27544,6 +28214,7 @@ "nist": [ "AU-14 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69419; SV-84041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27585,6 +28256,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69421; SV-84043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27626,6 +28298,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69423; SV-84045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27667,6 +28340,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69425; SV-84047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27708,6 +28382,7 @@ "nist": [ "AU-3 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69427; SV-84049", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27749,6 +28424,7 @@ "nist": [ "AU-3 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69429; SV-84051", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27790,6 +28466,7 @@ "nist": [ "AU-3 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69431; SV-84053", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27831,6 +28508,7 @@ "nist": [ "AU-3 d" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69433; SV-84055", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27872,6 +28550,7 @@ "nist": [ "AU-3 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69435; SV-84057", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27913,6 +28592,7 @@ "nist": [ "AU-3 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69437; SV-84059", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27954,6 +28634,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69439; SV-84061", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -27995,6 +28676,7 @@ "nist": [ "AU-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69441; SV-84063", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28036,6 +28718,7 @@ "nist": [ "AU-3 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69443; SV-84065", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28077,6 +28760,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69445; SV-84067", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28118,6 +28802,7 @@ "nist": [ "AU-4 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69447; SV-84069", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28159,6 +28844,7 @@ "nist": [ "AU-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69449; SV-84071", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28200,6 +28886,7 @@ "nist": [ "AU-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69451; SV-84073", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28241,6 +28928,7 @@ "nist": [ "AU-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69453; SV-84075", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28282,6 +28970,7 @@ "nist": [ "AU-5 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69455; SV-84077", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28323,6 +29012,7 @@ "nist": [ "AU-6 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69457; SV-84079", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28364,6 +29054,7 @@ "nist": [ "AU-7 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69459; SV-84081", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28405,6 +29096,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69461; SV-84083", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28446,6 +29138,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69463; SV-84085", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28487,6 +29180,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69465; SV-84087", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28528,6 +29222,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69467; SV-84089", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28569,6 +29264,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69469; SV-84091", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28610,6 +29306,7 @@ "nist": [ "AU-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69471; SV-84093", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28651,6 +29348,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69473; SV-84095", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28692,6 +29390,7 @@ "nist": [ "AU-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69475; SV-84097", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28733,6 +29432,7 @@ "nist": [ "AU-8 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69477; SV-84099", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28774,6 +29474,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69479; SV-84101", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28815,6 +29516,7 @@ "nist": [ "AU-8 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69481; SV-84103", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28856,6 +29558,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69483; SV-84105", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28897,6 +29600,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69485; SV-84107", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28938,6 +29642,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69487; SV-84109", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -28979,6 +29684,7 @@ "nist": [ "AU-9 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69489; SV-84111", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29020,6 +29726,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69491; SV-84113", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29061,6 +29768,7 @@ "nist": [ "AU-9" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69493; SV-84115", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29102,6 +29810,7 @@ "nist": [ "AU-9 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69495; SV-84117", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29143,6 +29852,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69497; SV-84119", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29184,6 +29894,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69499; SV-84121", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29225,6 +29936,7 @@ "nist": [ "AU-9 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69501; SV-84123", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29266,6 +29978,7 @@ "nist": [ "CM-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69503; SV-84125", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29307,6 +30020,7 @@ "nist": [ "CM-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69505; SV-84127", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29348,6 +30062,7 @@ "nist": [ "CM-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69507; SV-84129", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29389,6 +30104,7 @@ "nist": [ "CM-5 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69509; SV-84131", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29430,6 +30146,7 @@ "nist": [ "CM-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69511; SV-84133", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29471,6 +30188,7 @@ "nist": [ "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69513; SV-84135", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29512,6 +30230,7 @@ "nist": [ "CM-7 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69515; SV-84137", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29553,6 +30272,7 @@ "nist": [ "CM-7 (5) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69517; SV-84139", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29594,6 +30314,7 @@ "nist": [ "CM-7 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69519; SV-84141", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29635,6 +30356,7 @@ "nist": [ "CM-7 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69521; SV-84143", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29676,6 +30398,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69523; SV-84145", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29717,6 +30440,7 @@ "nist": [ "IA-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69525; SV-84147", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29758,6 +30482,7 @@ "nist": [ "IA-2" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69527; SV-84149", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29799,6 +30524,7 @@ "nist": [ "IA-2 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69529; SV-84151", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29840,6 +30566,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69531; SV-84153", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29881,6 +30608,7 @@ "nist": [ "IA-2 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69533; SV-84155", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29922,6 +30650,7 @@ "nist": [ "IA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69535; SV-84157", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -29963,6 +30692,7 @@ "nist": [ "IA-2 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69537; SV-84159", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30004,6 +30734,7 @@ "nist": [ "IA-2 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69539; SV-84161", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30045,6 +30776,7 @@ "nist": [ "IA-2 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69541; SV-84163", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30086,6 +30818,7 @@ "nist": [ "IA-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69543; SV-84165", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30127,6 +30860,7 @@ "nist": [ "IA-2 (9)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69545; SV-84167", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30168,6 +30902,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69547; SV-84169", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30209,6 +30944,7 @@ "nist": [ "IA-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69549; SV-84171", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30250,6 +30986,7 @@ "nist": [ "IA-3 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69551; SV-84173", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30291,6 +31028,7 @@ "nist": [ "IA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69553; SV-84175", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30332,6 +31070,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69555; SV-84177", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30373,6 +31112,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69557; SV-84179", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30414,6 +31154,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69559; SV-84181", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30455,6 +31196,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69561; SV-84183", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30496,6 +31238,7 @@ "nist": [ "IA-5 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69563; SV-84185", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30537,6 +31280,7 @@ "nist": [ "IA-5 (1) (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69565; SV-84187", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30578,6 +31322,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69567; SV-84189", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30619,6 +31364,7 @@ "nist": [ "IA-5 (1) (c)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-69569; SV-84191", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30660,6 +31406,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69571; SV-84193", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30701,6 +31448,7 @@ "nist": [ "IA-5 (1) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69573; SV-84195", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30742,6 +31490,7 @@ "nist": [ "IA-5 (1) (e)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69575; SV-84197", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30783,6 +31532,7 @@ "nist": [ "IA-5 (1) (f)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-69577; SV-84199", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30824,6 +31574,7 @@ "nist": [ "IA-5 h" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70145; SV-84767", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30865,6 +31616,7 @@ "nist": [ "IA-5 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70147; SV-84769", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30906,6 +31658,7 @@ "nist": [ "IA-5 (2) (b) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70149; SV-84771", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30947,6 +31700,7 @@ "nist": [ "IA-5 (2) (a) (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70151; SV-84773", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -30988,6 +31742,7 @@ "nist": [ "IA-5 (2) (a) (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70153; SV-84775", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31029,6 +31784,7 @@ "nist": [ "IA-5 (2) (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70155; SV-84777", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31070,6 +31826,7 @@ "nist": [ "IA-6" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70157; SV-84779", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31111,6 +31868,7 @@ "nist": [ "IA-7" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70159; SV-84781", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31152,6 +31910,7 @@ "nist": [ "IA-8" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70161; SV-84783", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31193,6 +31952,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70163; SV-84785", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31234,6 +31994,7 @@ "nist": [ "IA-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70165; SV-84787", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31275,6 +32036,7 @@ "nist": [ "IA-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70167; SV-84789", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31316,6 +32078,7 @@ "nist": [ "IA-8 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70169; SV-84791", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31357,6 +32120,7 @@ "nist": [ "MA-4 (1) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70171; SV-84793", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31398,6 +32162,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70175; SV-84797", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31439,6 +32204,7 @@ "nist": [ "MA-4 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70177; SV-84799", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31480,6 +32246,7 @@ "nist": [ "MA-4 (7)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70179; SV-84801", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31521,6 +32288,7 @@ "nist": [ "MA-4 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70181; SV-84803", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31562,6 +32330,7 @@ "nist": [ "MA-4 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70183; SV-84805", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31605,6 +32374,7 @@ "CM-6 b", "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70185; SV-84807", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31646,6 +32416,7 @@ "nist": [ "SC-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70187; SV-84809", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31687,6 +32458,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70191; SV-84813", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31728,6 +32500,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70193; SV-84815", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31769,6 +32542,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70195; SV-84817", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31810,6 +32584,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70197; SV-84819", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31851,6 +32626,7 @@ "nist": [ "SC-2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70199; SV-84821", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31892,6 +32668,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70201; SV-84823", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31933,6 +32710,7 @@ "nist": [ "SC-23" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70203; SV-84825", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -31974,6 +32752,7 @@ "nist": [ "SC-23" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70205; SV-84827", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32015,6 +32794,7 @@ "nist": [ "SC-23 (1)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70207; SV-84829", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32056,6 +32836,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70209; SV-84831", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32097,6 +32878,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70211; SV-84833", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32138,6 +32920,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70213; SV-84835", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32179,6 +32962,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70215; SV-84837", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32220,6 +33004,7 @@ "nist": [ "SC-23 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70217; SV-84839", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32261,6 +33046,7 @@ "nist": [ "SC-23 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70219; SV-84841", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32302,6 +33088,7 @@ "nist": [ "SC-24" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70221; SV-84843", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32343,6 +33130,7 @@ "nist": [ "SC-24" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70223; SV-84845", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32384,6 +33172,7 @@ "nist": [ "SC-28" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70225; SV-84847", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32425,6 +33214,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70227; SV-84849", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32466,6 +33256,7 @@ "nist": [ "SC-28 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70229; SV-84851", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32507,6 +33298,7 @@ "nist": [ "SC-3" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70231; SV-84853", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32548,6 +33340,7 @@ "nist": [ "SC-39" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70233; SV-84855", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32589,6 +33382,7 @@ "nist": [ "SC-4" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70235; SV-84857", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32630,6 +33424,7 @@ "nist": [ "SC-5 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70237; SV-84859", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32671,6 +33466,7 @@ "nist": [ "SC-5 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70239; SV-84861", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32712,6 +33508,7 @@ "nist": [ "SC-5 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70241; SV-84863", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32753,6 +33550,7 @@ "nist": [ "SC-8" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70245; SV-84867", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32794,6 +33592,7 @@ "nist": [ "SC-8 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70247; SV-84869", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32835,6 +33634,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70249; SV-84871", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32876,6 +33676,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70251; SV-84873", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32917,6 +33718,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70253; SV-84875", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32958,6 +33760,7 @@ "nist": [ "SC-8 (2)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70255; SV-84877", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -32999,6 +33802,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70257; SV-84879", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33040,6 +33844,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70259; SV-84881", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33081,6 +33886,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70261; SV-84883", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33122,6 +33928,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70263; SV-84885", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33163,6 +33970,7 @@ "nist": [ "SI-10" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70265; SV-84887", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33204,6 +34012,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70267; SV-84889", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33245,6 +34054,7 @@ "nist": [ "SI-10" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70269; SV-84891", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33286,6 +34096,7 @@ "nist": [ "SI-10 (3)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70271; SV-84893", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33327,6 +34138,7 @@ "nist": [ "SI-11 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70273; SV-84895", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33368,6 +34180,7 @@ "nist": [ "SI-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70275; SV-84897", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33409,6 +34222,7 @@ "nist": [ "SI-16" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70277; SV-84899", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33450,6 +34264,7 @@ "nist": [ "SI-2 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70279; SV-84901", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33491,6 +34306,7 @@ "nist": [ "SI-2 c" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70281; SV-84903", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33532,6 +34348,7 @@ "nist": [ "SI-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70283; SV-84905", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33573,6 +34390,7 @@ "nist": [ "SI-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70285; SV-84907", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33614,6 +34432,7 @@ "nist": [ "SI-6 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70287; SV-84909", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33655,6 +34474,7 @@ "nist": [ "SC-18 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70289; SV-84911", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33696,6 +34516,7 @@ "nist": [ "AC-2 f" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70291; SV-84913", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33737,6 +34558,7 @@ "nist": [ "AC-6 (4)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70293; SV-84915", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33778,6 +34600,7 @@ "nist": [ "AU-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70295; SV-84917", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33819,6 +34642,7 @@ "nist": [ "AU-6 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70297; SV-84919", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33860,6 +34684,7 @@ "nist": [ "AU-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70301; SV-84923", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33901,6 +34726,7 @@ "nist": [ "CA-2 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70303; SV-84925", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33944,6 +34770,7 @@ "CM-4 (2)", "CM-6 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70307; SV-84929", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -33985,6 +34812,7 @@ "nist": [ "CM-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70309; SV-84931", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34026,6 +34854,7 @@ "nist": [ "CM-6 a" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70311; SV-84933", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34067,6 +34896,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70313; SV-84935", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34108,6 +34938,7 @@ "nist": [ "CM-7 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70317; SV-84939", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34149,6 +34980,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70339; SV-84961", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34190,6 +35022,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70341; SV-84963", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34231,6 +35064,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70343; SV-84965", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34272,6 +35106,7 @@ "nist": [ "CM-9 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70345; SV-84967", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34313,6 +35148,7 @@ "nist": [ "CP-11" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70347; SV-84969", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34354,6 +35190,7 @@ "nist": [ "CP-2 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70349; SV-84971", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34395,6 +35232,7 @@ "nist": [ "CP-2 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70351; SV-84973", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34436,6 +35274,7 @@ "nist": [ "CP-2 a 2" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70353; SV-84975", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34477,6 +35316,7 @@ "nist": [ "CP-9 (b)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70355; SV-84977", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34518,6 +35358,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70357; SV-84979", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34559,6 +35400,7 @@ "nist": [ "CP-9 (d)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70359; SV-84981", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34600,6 +35442,7 @@ "nist": [ "IA-5 (6)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70361; SV-84983", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34641,6 +35484,7 @@ "nist": [ "IA-5 (7)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70363; SV-84985", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34682,6 +35526,7 @@ "nist": [ "MP-3 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70365; SV-84987", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34723,6 +35568,7 @@ "nist": [ "PM-14 a 2" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70367; SV-84989", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34764,6 +35610,7 @@ "nist": [ "SA-10 (1)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70369; SV-84991", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34805,6 +35652,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70371; SV-84993", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34846,6 +35694,7 @@ "nist": [ "SA-11 (2)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70373; SV-84995", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34887,6 +35736,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70375; SV-84997", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34928,6 +35778,7 @@ "nist": [ "SA-11 (4)" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70377; SV-84999", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -34969,6 +35820,7 @@ "nist": [ "SA-11 (8)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70379; SV-85001", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35010,6 +35862,7 @@ "nist": [ "SA-11 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70381; SV-85003", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35051,6 +35904,7 @@ "nist": [ "SA-11 e" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70383; SV-85005", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35092,6 +35946,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70385; SV-85007", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35133,6 +35988,7 @@ "nist": [ "SA-15 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70387; SV-85009", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35174,6 +36030,7 @@ "nist": [ "SA-15 (4)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70389; SV-85011", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35215,6 +36072,7 @@ "nist": [ "SA-15 (5)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70391; SV-85013", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35256,6 +36114,7 @@ "nist": [ "SA-15 (10)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70393; SV-85015", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35297,6 +36156,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70395; SV-85017", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35338,6 +36198,7 @@ "nist": [ "SA-22 a" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70397; SV-85019", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35379,6 +36240,7 @@ "nist": [ "SA-22 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70399; SV-85021", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35420,6 +36282,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70401; SV-85023", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35461,6 +36324,7 @@ "nist": [ "SA-4 (5) (a)" ], + "severity": "high", "weight": "10.0", "Legacy_ID": "V-70403; SV-85025", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35502,6 +36366,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70405; SV-85027", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35543,6 +36408,7 @@ "nist": [ "SA-5 a 1" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70407; SV-85029", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35584,6 +36450,7 @@ "nist": [ "SC-18 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70409; SV-85031", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35625,6 +36492,7 @@ "nist": [ "SC-28 (2)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70411; SV-85033", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35666,6 +36534,7 @@ "nist": [ "SC-5" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70413; SV-85035", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35707,6 +36576,7 @@ "nist": [ "SI-4 (12)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70415; SV-85037", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35748,6 +36618,7 @@ "nist": [ "SI-5 a" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70417; SV-85039", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35789,6 +36660,7 @@ "nist": [ "SI-5 b" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70419; SV-85041", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35830,6 +36702,7 @@ "nist": [ "SC-7 (13)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70421; SV-85043", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35871,6 +36744,7 @@ "nist": [ "AU-12 c" ], + "severity": "low", "weight": "10.0", "Legacy_ID": "V-70423; SV-85045", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35912,6 +36786,7 @@ "nist": [ "AT-3 (3)" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70425; SV-85047", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35953,6 +36828,7 @@ "nist": [ "SC-13 b" ], + "severity": "medium", "weight": "10.0", "Legacy_ID": "V-70189; SV-84811", "STIGRef": "Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 2 Benchmark Date: 27 Oct 2022" @@ -35983,7 +36859,7 @@ ] } ], - "sha256": "0d57041a0f5c07558bddcdea8c503c01b53ae6c250b9e3b6604fa16c59c6b0bd", + "sha256": "35832930d09885896e597eabd3c066d944ea965471cc6d37774c0e99ef8d5c77", "parent_profile": "Parent Profile" } ], diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json new file mode 100644 index 0000000000..386c780354 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/SPDXJSONExample-v2.2.spdx.json @@ -0,0 +1,277 @@ +{ + "SPDXID" : "SPDXRef-DOCUMENT", + "spdxVersion" : "SPDX-2.2", + "creationInfo" : { + "comment" : "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.", + "created" : "2010-01-29T18:30:22Z", + "creators" : [ "Tool: LicenseFind-1.0", "Organization: ExampleCodeInspect ()", "Person: Jane Doe ()" ], + "licenseListVersion" : "3.9" + }, + "name" : "SPDX-Tools-v2.0", + "dataLicense" : "CC0-1.0", + "comment" : "This document was created using SPDX 2.0 using licenses from the web site.", + "externalDocumentRefs" : [ { + "externalDocumentId" : "DocumentRef-spdx-tool-1.2", + "checksum" : { + "algorithm" : "SHA1", + "checksumValue" : "d6a770ba38583ed4bb4525bd96e50461655d2759" + }, + "spdxDocument" : "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301" + } ], + "hasExtractedLicensingInfos" : [ { + "extractedText" : "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp `](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json new file mode 100644 index 0000000000..d2e7aff08b --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json @@ -0,0 +1,12583 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + }, + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "unknown", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json new file mode 100644 index 0000000000..32dfa7bdd0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json @@ -0,0 +1,89212 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ], + "components": [ + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ], + "components": [ + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ], + "components": [ + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ], + "components": [ + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ], + "components": [ + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ], + "components": [ + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ], + "components": [ + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ], + "components": [ + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ], + "components": [ + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ], + "components": [ + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ], + "components": [ + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ], + "components": [ + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ], + "components": [ + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ], + "components": [ + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + } + ] + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ], + "components": [ + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ], + "components": [ + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ], + "components": [ + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ], + "components": [ + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ], + "components": [ + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ], + "components": [ + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ], + "components": [ + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ], + "components": [ + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ], + "components": [ + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ], + "components": [ + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json new file mode 100644 index 0000000000..92a1bbc8d8 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json @@ -0,0 +1,550 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\u0022ExternalDocumentId\u0022:\u0022DocumentRef-spdx-tool-1.2\u0022,\u0022Checksum\u0022:{\u0022Algorithm\u0022:1,\u0022ChecksumValue\u0022:\u0022d6a770ba38583ed4bb4525bd96e50461655d2759\u0022},\u0022SpdxDocument\u0022:\u0022http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\u0022}" + }, + { + "name": "spdx:annotation", + "value": "{\u0022AnnotationDate\u0022:\u00222010-01-29T18:30:22Z\u0022,\u0022AnnotationType\u0022:0,\u0022Annotator\u0022:\u0022Person: Jane Doe ()\u0022,\u0022Comment\u0022:\u0022Document level annotation\u0022}" + }, + { + "name": "spdx:annotation", + "value": "{\u0022AnnotationDate\u0022:\u00222011-03-13T00:00:00Z\u0022,\u0022AnnotationType\u0022:1,\u0022Annotator\u0022:\u0022Person: Suzanne Reviewer\u0022,\u0022Comment\u0022:\u0022Another example reviewer.\u0022}" + }, + { + "name": "spdx:annotation", + "value": "{\u0022AnnotationDate\u0022:\u00222010-02-10T00:00:00Z\u0022,\u0022AnnotationType\u0022:1,\u0022Annotator\u0022:\u0022Person: Joe Reviewer\u0022,\u0022Comment\u0022:\u0022This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\u0022}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + }, + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\u0022AnnotationDate\u0022:\u00222011-01-29T18:30:22Z\u0022,\u0022AnnotationType\u0022:0,\u0022Annotator\u0022:\u0022Person: Package Commenter\u0022,\u0022Comment\u0022:\u0022Package level annotation\u0022}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu\u002B/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\u0022AnnotationDate\u0022:\u00222011-01-29T18:30:22Z\u0022,\u0022AnnotationType\u0022:0,\u0022Annotator\u0022:\u0022Person: File Commenter\u0022,\u0022Comment\u0022:\u0022File level annotation\u0022}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \uFFFDSoftware\uFFFD), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \uFFFDAS IS\u0027, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json new file mode 100644 index 0000000000..591d082464 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json @@ -0,0 +1,1115 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + }, + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { "name": "syft:metadata:installedSize", "value": "331776" }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { "name": "syft:metadata:pullDependencies:1", "value": "/bin/sh" }, + { "name": "syft:metadata:size", "value": "8914" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { "name": "syft:metadata:installedSize", "value": "77824" }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { "name": "syft:metadata:size", "value": "11705" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [{ "license": { "id": "MIT" } }], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://alpinelinux.org", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { "name": "syft:metadata:installedSize", "value": "159744" }, + { "name": "syft:metadata:originPackage", "value": "alpine-keys" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { "name": "syft:metadata:size", "value": "13360" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { "name": "syft:metadata:installedSize", "value": "311296" }, + { "name": "syft:metadata:originPackage", "value": "apk-tools" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { "name": "syft:metadata:size", "value": "125679" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "946176" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "510086" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "8192" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { "name": "syft:metadata:provides:0", "value": "/bin/sh" }, + { "name": "syft:metadata:provides:1", "value": "cmd:sh=1.36.1-r2" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { "name": "syft:metadata:size", "value": "1543" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [{ "expression": "MPL-2.0 AND MIT" }], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { "name": "syft:metadata:installedSize", "value": "237568" }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { "name": "syft:metadata:size", "value": "126311" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [{ "expression": "BSD-2-Clause AND BSD-3-Clause" }], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://alpinelinux.org", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { "name": "syft:metadata:installedSize", "value": "4096" }, + { "name": "syft:metadata:originPackage", "value": "libc-dev" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { "name": "syft:metadata:size", "value": "1484" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [{ "license": { "id": "Apache-2.0" } }], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://www.openssl.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { "name": "syft:metadata:installedSize", "value": "4575232" }, + { "name": "syft:metadata:originPackage", "value": "openssl" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "1740170" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [{ "license": { "id": "Apache-2.0" } }], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://www.openssl.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { "name": "syft:metadata:installedSize", "value": "565248" }, + { "name": "syft:metadata:originPackage", "value": "openssl" }, + { "name": "syft:metadata:provides:0", "value": "so:libssl.so.3=3" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { "name": "syft:metadata:size", "value": "236713" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [{ "license": { "id": "MIT" } }], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://musl.libc.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { "name": "syft:metadata:installedSize", "value": "634880" }, + { "name": "syft:metadata:originPackage", "value": "musl" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { "name": "syft:metadata:size", "value": "390477" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://musl.libc.org/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { "name": "syft:metadata:installedSize", "value": "135168" }, + { "name": "syft:metadata:originPackage", "value": "musl" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { "name": "syft:metadata:provides:4", "value": "cmd:ldd=1.2.4-r1" }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { "name": "syft:metadata:pullDependencies:0", "value": "scanelf" }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "36691" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { "name": "syft:metadata:installedSize", "value": "90112" }, + { "name": "syft:metadata:originPackage", "value": "pax-utils" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "35664" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [{ "license": { "id": "GPL-2.0-only" } }], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://busybox.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { "name": "syft:metadata:installedSize", "value": "28672" }, + { "name": "syft:metadata:originPackage", "value": "busybox" }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { "name": "syft:metadata:size", "value": "4944" } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [{ "license": { "id": "Zlib" } }], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { "url": "https://zlib.net/", "type": "distribution" } + ], + "properties": [ + { "name": "syft:package:foundBy", "value": "apk-db-cataloger" }, + { "name": "syft:package:type", "value": "apk" }, + { "name": "syft:package:metadataType", "value": "apk-db-entry" }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { "name": "syft:metadata:installedSize", "value": "110592" }, + { "name": "syft:metadata:originPackage", "value": "zlib" }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { "name": "syft:metadata:size", "value": "54253" } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { "tagId": "alpine", "name": "alpine", "version": "3.18.3" }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { "url": "https://alpinelinux.org/", "type": "website" } + ], + "properties": [ + { "name": "syft:distro:id", "value": "alpine" }, + { "name": "syft:distro:prettyName", "value": "Alpine Linux v3.18" }, + { "name": "syft:distro:versionID", "value": "3.18.3" } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ] +} diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json new file mode 100644 index 0000000000..4ffca24f0b --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json @@ -0,0 +1,99 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "vulnerabilities": [ + { + "id": "CVE-2020-25649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + }, + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + { + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + }, + "score": 8.2, + "severity": "high", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + { + "source": { + "name": "Acme Inc", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" + }, + "score": 0.0, + "severity": "none", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" + } + ], + "cwes": [ + 611 + ], + "description": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "detail": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ], + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "credits": { + "individuals": [ + { + "name": "Bartosz Baranowski" + } + ] + }, + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": [ + "will_not_fix", + "update" + ], + "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "affects": [ + { + "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar" + } + ] + } + ] +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json new file mode 100644 index 0000000000..cc5e99b8a2 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json @@ -0,0 +1,1127 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "6ee2405d5989a8a247a146594423542db865fb915d4896a411a783460935e3d6" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + }, + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json new file mode 100644 index 0000000000..f81b3e643e --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json @@ -0,0 +1,577 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "6ee2405d5989a8a247a146594423542db865fb915d4896a411a783460935e3d6" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "supplier": { + "name": "Jane Doe", + "contact": [ + { + "email": "jane.doe@example.com" + } + ] + }, + "author": "ExampleCodeInspect", + "name": "glibc", + "version": "2.11.1", + "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + }, + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-256", + "content": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd" + } + ], + "licenses": [ + { + "expression": "(LGPL-2.0-only AND LicenseRef-3)" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "externalReferences": [ + { + "url": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz", + "type": "distribution" + }, + { + "url": "http://ftp.gnu.org/gnu/glibc", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Package" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Package Commenter\",\"Comment\":\"Package level annotation\"}" + }, + { + "name": "spdx:files-analyzed", + "value": "true" + }, + { + "name": "spdx:license-comments", + "value": "The license for this project changed with the release of version x.y. The version of the project included here post-dates the license change." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-3)" + }, + { + "name": "spdx:package:file-name", + "value": "glibc-2.11.1.tar.gz" + }, + { + "name": "spdx:package:verification-code:value", + "value": "d6a770ba38583ed4bb4525bd96e50461655d2758" + }, + { + "name": "spdx:package:verification-code:excluded-file", + "value": "./package.spdx" + }, + { + "name": "spdx:package:source-info", + "value": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git." + }, + { + "name": "spdx:package:summary", + "value": "GNU C library." + }, + { + "name": "spdx:package:originator:organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:package:originator:email", + "value": "contact@example.com" + }, + { + "name": "spdx:external-reference:other:http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge", + "value": "acmecorp/acmenator/4.1.3-alpha This is the external ref for Acme" + }, + { + "name": "spdx:download-location", + "value": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz" + }, + { + "name": "spdx:homepage", + "value": "http://ftp.gnu.org/gnu/glibc" + } + ], + "evidence": { + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "VGhpcyBwYWNrYWdlIGluY2x1ZGVzIHRoZSBHUkRETCBwYXJzZXIgZGV2ZWxvcGVkIGJ5IEhld2xldHQgUGFja2FyZCB1bmRlciB0aGUgZm9sbG93aW5nIGxpY2Vuc2U6Cu+/vSBDb3B5cmlnaHQgMjAwNyBIZXdsZXR0LVBhY2thcmQgRGV2ZWxvcG1lbnQgQ29tcGFueSwgTFAKClJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dCBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlIG1ldDogCgpSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuIApSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIgaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZSBkaXN0cmlidXRpb24uIApUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uIApUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBBVVRIT1IgYGBBUyBJUycnIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IgQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1IgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwgU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQgKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0Uu" + } + } + }, + { + "license": { + "text": { + "contentType": "text/plain", + "encoding": "base64", + "content": "LyoKICogKGMpIENvcHlyaWdodCAyMDAwLCAyMDAxLCAyMDAyLCAyMDAzLCAyMDA0LCAyMDA1LCAyMDA2LCAyMDA3LCAyMDA4LCAyMDA5IEhld2xldHQtUGFja2FyZCBEZXZlbG9wbWVudCBDb21wYW55LCBMUAogKiBBbGwgcmlnaHRzIHJlc2VydmVkLgogKgogKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCiAqIGFyZSBtZXQ6CiAqIDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiAqICAgIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICogMi4gUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZSBjb3B5cmlnaHQKICogICAgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyIGluIHRoZQogKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogKiAzLiBUaGUgbmFtZSBvZiB0aGUgYXV0aG9yIG1heSBub3QgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMKICogICAgZGVyaXZlZCBmcm9tIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCiAqCiAqIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIEFVVEhPUiBgYEFTIElTJycgQU5EIEFOWSBFWFBSRVNTIE9SCiAqIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMKICogT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4KICogSU4gTk8gRVZFTlQgU0hBTEwgVEhFIEFVVEhPUiBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULAogKiBJTkNJREVOVEFMLCBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQKICogTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogKiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKICogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UgT0YKICogVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KKi8=" + } + } + } + ], + "copyright": [ + { + "text": "The GNU C Library is free software. See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed. License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually." + } + ] + } + }, + { + "type": "library", + "name": "Apache Commons Lang", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://commons.apache.org/proper/commons-lang/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-1" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://commons.apache.org/proper/commons-lang/" + } + ] + }, + { + "type": "library", + "name": "Jena", + "copyright": "NOASSERTION", + "externalReferences": [ + { + "url": "NOASSERTION", + "type": "distribution" + }, + { + "url": "http://www.openjena.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-fromDoap-0" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-concluded", + "value": "NOASSERTION" + }, + { + "name": "spdx:comment", + "value": "This package was converted from a DOAP Project by the same name" + }, + { + "name": "spdx:license-declared", + "value": "NOASSERTION" + }, + { + "name": "spdx:download-location", + "value": "NOASSERTION" + }, + { + "name": "spdx:homepage", + "value": "http://www.openjena.org/" + } + ] + }, + { + "type": "library", + "name": "Saxon", + "version": "8.8", + "description": "The Saxon package is a collection of tools for processing XML documents.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85ed0817af83a24ad8da68c2b5094de69833983c" + } + ], + "licenses": [ + { + "expression": "MPL-1.0" + } + ], + "copyright": "Copyright Saxonica Ltd", + "externalReferences": [ + { + "url": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download", + "type": "distribution" + }, + { + "url": "http://saxon.sourceforge.net/", + "type": "website" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-Saxon" + }, + { + "name": "spdx:files-analyzed", + "value": "false" + }, + { + "name": "spdx:license-comments", + "value": "Other versions available for a commercial license" + }, + { + "name": "spdx:license-concluded", + "value": "MPL-1.0" + }, + { + "name": "spdx:package:file-name", + "value": "saxonB-8.8.zip" + }, + { + "name": "spdx:download-location", + "value": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download" + }, + { + "name": "spdx:homepage", + "value": "http://saxon.sourceforge.net/" + } + ] + }, + { + "type": "file", + "name": "./src/org/spdx/parser/DOAPProject.java", + "hashes": [ + { + "alg": "SHA-1", + "content": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" + } + ], + "copyright": "Copyright 2010, 2011 Source Auditor Inc.", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DoapSource" + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Protecode Inc." + }, + { + "name": "spdx:file:contributor", + "value": "SPDX Technical Team Members" + }, + { + "name": "spdx:file:contributor", + "value": "Open Logic Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Source Auditor Inc." + }, + { + "name": "spdx:file:contributor", + "value": "Black Duck Software In.c" + } + ] + }, + { + "type": "file", + "name": "./lib-source/commons-lang3-3.1-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "Copyright 2001-2011 The Apache Software Foundation", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-CommonsLangSrc" + }, + { + "name": "spdx:comment", + "value": "This file is used by Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-concluded", + "value": "Apache-2.0" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:notice-text", + "value": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())" + } + ] + }, + { + "type": "file", + "name": "./lib-source/jena-2.6.3-sources.jar", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125" + } + ], + "copyright": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-JenaLib" + }, + { + "name": "spdx:comment", + "value": "This file belongs to Jena" + }, + { + "name": "spdx:file:type", + "value": "4" + }, + { + "name": "spdx:license-comments", + "value": "This license is used by Jena" + }, + { + "name": "spdx:license-concluded", + "value": "LicenseRef-1" + }, + { + "name": "spdx:file:contributor", + "value": "Apache Software Foundation" + }, + { + "name": "spdx:file:contributor", + "value": "Hewlett Packard Inc." + } + ] + }, + { + "type": "file", + "name": "./package/foo.c", + "hashes": [ + { + "alg": "MD5", + "content": "624c1abb3664f4b35547e7c73864ad24" + }, + { + "alg": "SHA-1", + "content": "d6a770ba38583ed4bb4525bd96e50461655d2758" + } + ], + "copyright": "Copyright 2008-2010 John Smith", + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-File" + }, + { + "name": "spdx:comment", + "value": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory." + }, + { + "name": "spdx:file:type", + "value": "7" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: File Commenter\",\"Comment\":\"File level annotation\"}" + }, + { + "name": "spdx:license-comments", + "value": "The concluded license was taken from the package level that the file was included in." + }, + { + "name": "spdx:license-concluded", + "value": "(LGPL-2.0-only OR LicenseRef-2)" + }, + { + "name": "spdx:file:contributor", + "value": "The Regents of the University of California" + }, + { + "name": "spdx:file:contributor", + "value": "Modified by Paul Mundt lethal@linux-sh.org" + }, + { + "name": "spdx:file:contributor", + "value": "IBM Corporation" + }, + { + "name": "spdx:file:notice-text", + "value": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE." + } + ] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "metadata": { + "timestamp": "2010-01-29T18:30:22Z", + "tools": [ + { + "name": "LicenseFind", + "version": "1.0" + } + ], + "authors": [ + { + "name": "ExampleCodeInspect", + "email": "" + }, + { + "name": "Jane Doe", + "email": "" + } + ], + "properties": [ + { + "name": "spdx:spdxid", + "value": "SPDXRef-DOCUMENT" + }, + { + "name": "spdx:document:spdx-version", + "value": "SPDX-2.2" + }, + { + "name": "spdx:comment", + "value": "This document was created using SPDX 2.0 using licenses from the web site." + }, + { + "name": "spdx:document:name", + "value": "SPDX-Tools-v2.0" + }, + { + "name": "spdx:document:document-namespace", + "value": "http://spdx.org/spdxdocs/spdx-example-json-2.2-444504E0-4F89-41D3-9A0C-0305E82C3301" + }, + { + "name": "spdx:creation-info:comment", + "value": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries." + }, + { + "name": "spdx:creation-info:creators-organization", + "value": "ExampleCodeInspect" + }, + { + "name": "spdx:creation-info:license-list-version", + "value": "3.9" + }, + { + "name": "spdx:document:external-document-ref", + "value": "{\"ExternalDocumentId\":\"DocumentRef-spdx-tool-1.2\",\"Checksum\":{\"Algorithm\":1,\"ChecksumValue\":\"d6a770ba38583ed4bb4525bd96e50461655d2759\"},\"SpdxDocument\":\"http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-01-29T18:30:22Z\",\"AnnotationType\":0,\"Annotator\":\"Person: Jane Doe ()\",\"Comment\":\"Document level annotation\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2011-03-13T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Suzanne Reviewer\",\"Comment\":\"Another example reviewer.\"}" + }, + { + "name": "spdx:annotation", + "value": "{\"AnnotationDate\":\"2010-02-10T00:00:00Z\",\"AnnotationType\":1,\"Annotator\":\"Person: Joe Reviewer\",\"Comment\":\"This is just an example. Some of the non-standard licenses look like they are actually BSD 3 clause licenses\"}" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-File" + }, + { + "name": "spdx:document:describes", + "value": "SPDXRef-Package" + } + ] + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json new file mode 100644 index 0000000000..9360c659d9 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json @@ -0,0 +1,20115 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "3a0997c870f6ad34bd899d221d0df922c9377fd6d3c0c98f268432b4760b4671" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json new file mode 100644 index 0000000000..8e6b8f1e11 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json @@ -0,0 +1,10072 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "3a0997c870f6ad34bd899d221d0df922c9377fd6d3c0c98f268432b4760b4671" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:21541b57-cd8f-482c-a80f-9c79c75ca7cf", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:25Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json new file mode 100644 index 0000000000..8790818ea0 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json @@ -0,0 +1,6385 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.15" + }, + "version": "2.10.15", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ], + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ], + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "id": "GHSA-27xj-rqx5-2255", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "id": "GHSA-58pp-9c76-5625", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "id": "GHSA-h4rc-386g-6m85", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "id": "GHSA-758m-v56v-grj4", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "id": "GHSA-j823-4qch-3rgm", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "id": "GHSA-c265-37vj-cwcc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "id": "GHSA-4w82-r329-3q67", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "id": "GHSA-fmmc-742q-jg75", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "id": "GHSA-q93h-jc49-78gg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ], + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "id": "GHSA-v585-23hc-c647", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "id": "GHSA-vfqx-33qm-g869", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-9gph-22xh-8x98", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-89qr-369f-5m5x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ], + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ], + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "id": "GHSA-288c-cq4h-88gq", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ], + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ], + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ], + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "id": "GHSA-668q-qrv7-99fm", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "id": "GHSA-m394-8rww-3jr7", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ], + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ], + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ], + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ], + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ], + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ], + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ], + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ], + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ], + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "id": "GHSA-269g-pwp5-87pp", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "INT-f70z-tbpp-4o5d", + "id": "INT-f70z-tbpp-4o5d", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "testing", + "id": "INT-63e3-49kp-blqt", + "desc": "Description: testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "id": "GHSA-8grg-q944-cch5", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ], + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ], + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ], + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ], + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "id": "GHSA-mm8h-8587-p46h", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "id": "GHSA-h376-j262-vhq6", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ], + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "id": "GHSA-45hx-wfhj-473x", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + } + ], + "sha256": "c248a7d929c0bc6b8f9ada98eb17478699c4c8320ee7601d8e77afd19b795f1d" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json new file mode 100644 index 0000000000..b5df5d0c13 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json @@ -0,0 +1,3830 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.15" + }, + "version": "2.10.15", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ], + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ], + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "id": "GHSA-27xj-rqx5-2255", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "id": "GHSA-58pp-9c76-5625", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "id": "GHSA-h4rc-386g-6m85", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "id": "GHSA-758m-v56v-grj4", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "id": "GHSA-j823-4qch-3rgm", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "id": "GHSA-c265-37vj-cwcc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "id": "GHSA-4w82-r329-3q67", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "id": "GHSA-fmmc-742q-jg75", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "id": "GHSA-q93h-jc49-78gg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ], + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "id": "GHSA-v585-23hc-c647", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "id": "GHSA-vfqx-33qm-g869", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-9gph-22xh-8x98", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-89qr-369f-5m5x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ], + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ], + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "id": "GHSA-288c-cq4h-88gq", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ], + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ], + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ], + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "id": "GHSA-668q-qrv7-99fm", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "id": "GHSA-m394-8rww-3jr7", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ], + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ], + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ], + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ], + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ], + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ], + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ], + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ], + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ], + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "id": "GHSA-269g-pwp5-87pp", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "INT-f70z-tbpp-4o5d", + "id": "INT-f70z-tbpp-4o5d", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "testing", + "id": "INT-63e3-49kp-blqt", + "desc": "Description: testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "id": "GHSA-8grg-q944-cch5", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ], + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ], + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ], + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ], + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "id": "GHSA-mm8h-8587-p46h", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - critical", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "id": "GHSA-h376-j262-vhq6", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 1, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ], + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - critical", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "id": "GHSA-45hx-wfhj-473x", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"602de70a-7107-4ac8-9ad2-3c1c816892a7\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component 602de70a-7107-4ac8-9ad2-3c1c816892a7 is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: 602de70a-7107-4ac8-9ad2-3c1c816892a7\n\n- Name: 602de70a-7107-4ac8-9ad2-3c1c816892a7", + "start_time": "" + } + ] + } + ], + "sha256": "c248a7d929c0bc6b8f9ada98eb17478699c4c8320ee7601d8e77afd19b795f1d" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:b9d34fa9-4f62-4b08-ae38-af606a1dc7fd", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:31:55Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json new file mode 100644 index 0000000000..0b7bf10c99 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json @@ -0,0 +1,26578 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ], + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ], + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "id": "GHSA-27xj-rqx5-2255", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "id": "GHSA-58pp-9c76-5625", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "id": "GHSA-h4rc-386g-6m85", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "id": "GHSA-758m-v56v-grj4", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "id": "GHSA-j823-4qch-3rgm", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "id": "GHSA-c265-37vj-cwcc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "id": "GHSA-4w82-r329-3q67", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "id": "GHSA-fmmc-742q-jg75", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "id": "GHSA-q93h-jc49-78gg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ], + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "id": "GHSA-v585-23hc-c647", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "id": "GHSA-vfqx-33qm-g869", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-9gph-22xh-8x98", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-89qr-369f-5m5x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ], + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ], + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "id": "GHSA-288c-cq4h-88gq", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ], + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ], + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ], + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "id": "GHSA-668q-qrv7-99fm", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "id": "GHSA-m394-8rww-3jr7", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ], + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ], + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ], + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ], + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ], + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ], + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ], + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ], + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ], + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "id": "GHSA-269g-pwp5-87pp", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component junit/junit@4.12 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "INT-f70z-tbpp-4o5d", + "id": "INT-f70z-tbpp-4o5d", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "testing", + "id": "INT-63e3-49kp-blqt", + "desc": "Description: testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "id": "GHSA-8grg-q944-cch5", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ], + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ], + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ], + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ], + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium, GITHUB - info", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "id": "GHSA-mm8h-8587-p46h", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - unknown", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "id": "GHSA-h376-j262-vhq6", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "results": [ + { + "status": "skipped", + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ], + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - info", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "id": "GHSA-45hx-wfhj-473x", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "results": [ + { + "status": "skipped", + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." + } + ] + } + ], + "sha256": "22b4ee8c7d3d66424b9fe6ad562b5434f836acc2fb780c89216dbea1d0c21bc7" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ], + "affectingVulnerabilities": [ + "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ], + "affectingVulnerabilities": [ + "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "affectingVulnerabilities": [ + "55ebe39e-12f6-4360-aeba-9913ef7efb68" + ] + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "affectingVulnerabilities": [ + "f2fa9b19-418a-4901-9840-a8631227701e", + "00bc944f-fead-400b-8bbd-0c5b56ba2b14" + ] + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "affectingVulnerabilities": [ + "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "bb03c210-ea12-450d-85df-17d81a75ede2" + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ], + "affectingVulnerabilities": [ + "815a1358-2bd4-4028-bd3e-8219747c78f6", + "c8a50465-16df-44e0-84e9-7acff5870a51" + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ], + "affectingVulnerabilities": [ + "1f182b73-afb8-424c-8e08-533a0f702076", + "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "affa7af3-427f-4223-8028-d9ac45e80e08" + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "affa7af3-427f-4223-8028-d9ac45e80e08" + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ], + "affectingVulnerabilities": [ + "8c0002e8-9326-40f7-9209-51020755ff02" + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "affectingVulnerabilities": [ + "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "343cd240-f667-4770-aecf-ddc11f9d0172", + "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "97981cb2-9228-4b8b-a172-ad12f550a19f", + "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "c037af59-a132-4727-8cc3-c6095c490df7", + "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "e141c668-bc18-4738-b3b6-e7ba1057d124", + "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "3ad04380-a25c-41d8-8fad-259c2561795b", + "86f78c35-adfb-48e4-9428-88084373e1c0", + "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "00033bff-66dc-4a36-ab38-a10b0625409f", + "14e2856b-f78d-4a6d-99eb-470c8566df29", + "c224f923-be9a-4faa-a930-ef4db611bc2b", + "5201940b-1f04-4668-ae86-8261448d817d", + "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "950cff67-088e-4f41-9818-25943c9e17c0", + "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "9edaa51d-929b-457e-aab5-0fffecdb4938", + "6d5189b4-d549-419a-b886-43a62cc43d40", + "135c6dab-529e-4855-ab72-a0138e2110c8", + "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "5c0b94e1-0577-42c9-8028-f244d68f61da" + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c19b779d-2699-44de-a189-a0d18d8dc953", + "a2897b13-bdeb-4a6c-802e-abf09fef10a9" + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "d8add710-4eed-448d-b198-ecff8ffe86ea", + "123b8eaf-5572-4945-975d-21ed3c2f101d" + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "76910119-ee18-4144-855b-b2fdab20e33c" + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ], + "affectingVulnerabilities": [ + "499117ae-d134-4505-8674-ed498531e7a9" + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ], + "affectingVulnerabilities": [ + "7b0674fc-e326-47d0-b34b-b5bfb523784b" + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ], + "affectingVulnerabilities": [ + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ], + "affectingVulnerabilities": [ + "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ], + "affectingVulnerabilities": [ + "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "5ab41975-23cc-45e0-9a13-be603ea00595", + "dff65990-715e-4f71-aace-60d4436af108", + "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "38c08d91-3487-44c4-b258-d5a274a4ad05", + "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar" + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "vulnerabilities": [ + { + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "id": "GHSA-5mg8-w23w-74h3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 173, + 200, + 378, + 732 + ], + "description": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "id": "GHSA-7g45-4rm6-3mm3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 379, + 552 + ], + "description": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z", + "affects": [ + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967" + } + ] + }, + { + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "id": "GHSA-5p34-5m6p-p58g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "id": "GHSA-27xj-rqx5-2255", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "id": "GHSA-58pp-9c76-5625", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "id": "GHSA-v3xw-c963-f5hc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "id": "GHSA-h4rc-386g-6m85", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "id": "GHSA-9vvp-fxw6-jcxr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "id": "GHSA-rf6r-2c4q-2vwg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "id": "GHSA-758m-v56v-grj4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "id": "GHSA-95cm-88f5-f2c7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "id": "GHSA-c2q3-4qrh-fm48", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "id": "GHSA-mc6h-4qgp-37qh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "id": "GHSA-j823-4qch-3rgm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "id": "GHSA-c265-37vj-cwcc", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "id": "GHSA-4w82-r329-3q67", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "id": "GHSA-rpr3-cw39-3pxh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "id": "GHSA-fmmc-742q-jg75", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "id": "GHSA-gjmw-vf9h-g25v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "id": "GHSA-mx7p-6679-8g3q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "id": "GHSA-q93h-jc49-78gg", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "id": "GHSA-p43x-xfjf-5jhr", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "id": "GHSA-h3cw-g4mq-c5x2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 94, + 502 + ], + "description": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "id": "GHSA-qjw2-hr98-qgfh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "id": "GHSA-8w26-6f25-cm9x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "id": "GHSA-m6x4-97wx-4q27", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "id": "GHSA-v585-23hc-c647", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "id": "GHSA-r695-7vr9-jgc2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "id": "GHSA-vfqx-33qm-g869", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "id": "GHSA-f9xh-2qgp-cq57", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "id": "GHSA-cvm9-fjm9-3572", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "id": "GHSA-9gph-22xh-8x98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "id": "GHSA-89qr-369f-5m5x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "id": "GHSA-8c4j-34r4-xr8g", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "id": "GHSA-9m6f-7xcq-8vf8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "id": "GHSA-5r5r-6hpj-8gg9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "id": "GHSA-wh8g-3j2c-rqj5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "id": "GHSA-r3gr-cxrf-hg25", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502, + 913 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "id": "GHSA-jjjh-jjxp-wpff", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "id": "GHSA-5949-rw7g-wx7w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "id": "GHSA-57j2-w4cx-62h2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 787 + ], + "description": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "id": "GHSA-288c-cq4h-88gq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "id": "GHSA-gww7-p5w4-wrfv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "id": "GHSA-rgv9-q543-rqg4", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 502 + ], + "description": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "id": "GHSA-fqwf-pjwf-7vqv", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z", + "affects": [ + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + } + ] + }, + { + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "id": "GHSA-8jpx-m2wh-2v34", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "id": "GHSA-3mcp-9wr4-cjqf", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 74 + ], + "description": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z", + "affects": [ + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30" + } + ] + }, + { + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "id": "GHSA-rvwf-54qp-4r6v", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 776 + ], + "description": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "id": "GHSA-9w3m-gqgf-c4p9", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "id": "GHSA-w37g-rhq8-7m4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "id": "GHSA-c4r9-r8fh-9vj2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "id": "GHSA-hhhw-99gj-p3c3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "id": "GHSA-98wm-3w3q-mw94", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 121, + 787 + ], + "description": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "id": "GHSA-3mc7-4q67-w48m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 776 + ], + "description": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "id": "GHSA-mjmj-j48q-9wg2", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 20, + 502 + ], + "description": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z", + "affects": [ + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + } + ] + }, + { + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "id": "GHSA-668q-qrv7-99fm", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49" + } + ] + }, + { + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "id": "GHSA-vmq6-5m68-f53m", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z", + "affects": [ + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + } + ] + }, + { + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "id": "GHSA-m394-8rww-3jr7", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "id": "GHSA-m6cp-vxjx-65j6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 613 + ], + "description": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "id": "GHSA-26vr-8j45-3r4w", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 551, + 755 + ], + "description": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "id": "GHSA-p26g-97m4-6q7c", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "id": "GHSA-qw69-rqj8-6qw8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400, + 770 + ], + "description": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "id": "GHSA-86wm-rrjm-8wh8", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 226 + ], + "description": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z", + "affects": [ + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50" + } + ] + }, + { + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "id": "GHSA-cj7v-27pg-wf7q", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 20 + ], + "description": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "id": "GHSA-hmr7-m48g-48f6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 130 + ], + "description": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769" + } + ] + }, + { + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "id": "GHSA-g3wg-6mcf-8jj6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 378, + 379, + 552 + ], + "description": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z", + "affects": [ + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941" + } + ] + }, + { + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "id": "GHSA-58qw-p7qm-5rvh", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z", + "affects": [ + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9" + } + ] + }, + { + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "id": "GHSA-gwcr-j4wh-j3cq", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200 + ], + "description": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "id": "GHSA-3gh6-v5v9-6v9j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "low", + "method": "other" + } + ], + "cwes": [ + 149 + ], + "description": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z", + "affects": [ + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc" + } + ] + }, + { + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "id": "GHSA-269g-pwp5-87pp", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 200, + 732 + ], + "description": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z", + "affects": [ + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2" + } + ] + }, + { + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "id": "INT-f70z-tbpp-4o5d", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "high", + "method": "other" + } + ], + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "id": "INT-63e3-49kp-blqt", + "source": { + "name": "INTERNAL" + }, + "ratings": [ + { + "source": { + "name": "INTERNAL" + }, + "severity": "low", + "method": "other" + } + ], + "description": "testing", + "affects": [ + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d" + } + ] + }, + { + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "id": "GHSA-j8jw-g6fq-mp7h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "id": "GHSA-8grg-q944-cch5", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 89 + ], + "description": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z", + "affects": [ + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371" + } + ] + }, + { + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "id": "GHSA-hwj3-m3p6-hj38", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z", + "affects": [ + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db" + } + ] + }, + { + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "id": "GHSA-7r82-7xv7-xcpj", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 79 + ], + "description": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z", + "affects": [ + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507" + } + ] + }, + { + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "id": "GHSA-jvfv-hrrc-6q72", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "critical", + "method": "other" + } + ], + "cwes": [ + 611 + ], + "description": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z", + "affects": [ + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910" + } + ] + }, + { + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "id": "GHSA-wgmr-mf83-7x4j", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400, + 410 + ], + "description": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54" + } + ] + }, + { + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "id": "GHSA-rggv-cv7r-mw98", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "id": "GHSA-qppj-fm5r-hxr3", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z", + "affects": [ + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b" + } + ] + }, + { + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "id": "GHSA-wgh7-54f2-x98r", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "high", + "method": "other" + } + ], + "cwes": [ + 190 + ], + "description": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z", + "affects": [ + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709" + } + ] + }, + { + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "id": "GHSA-w4g2-9hj6-5472", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + } + ], + "cwes": [ + 295 + ], + "description": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "id": "GHSA-mm8h-8587-p46h", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "medium", + "method": "other" + }, + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" + } + ], + "cwes": [ + 400 + ], + "description": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z", + "affects": [ + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + } + ] + }, + { + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "id": "GHSA-h376-j262-vhq6", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "unknown", + "method": "other" + } + ], + "cwes": [ + 502 + ], + "description": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + }, + { + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "id": "GHSA-45hx-wfhj-473x", + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "ratings": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + }, + "severity": "info", + "method": "other" + } + ], + "cwes": [ + 88 + ], + "description": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z", + "affects": [ + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json new file mode 100644 index 0000000000..14fbc9db53 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json @@ -0,0 +1,13995 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/602de70a-7107-4ac8-9ad2-3c1c816892a7", + "title": "test 9 CycloneDX BOM Report", + "version": "SNAPSHOT", + "summary": "This is the project I want to use to generate data to understand the schema a bit better", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-173", + "CWE-200", + "CWE-378", + "CWE-732" + ], + "bom-ref": "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "ratings": "GITHUB - low", + "published": "2021-03-25T17:04:19Z", + "updated": "2023-11-09T18:44:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "id": "GHSA-5mg8-w23w-74h3", + "desc": "Description: A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"b7a12947-7a8d-4031-b59d-640d33dbad6a\",\n \"id\": \"GHSA-5mg8-w23w-74h3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 173,\n 200,\n 378,\n 732\n ],\n \"description\": \"A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\",\n \"published\": \"2021-03-25T17:04:19Z\",\n \"updated\": \"2023-11-09T18:44:38Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-379", + "CWE-552" + ], + "bom-ref": "bb03c210-ea12-450d-85df-17d81a75ede2", + "ratings": "GITHUB - medium", + "published": "2023-06-14T18:30:38Z", + "updated": "2024-02-13T21:49:15Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "id": "GHSA-7g45-4rm6-3mm3", + "desc": "Description: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bb03c210-ea12-450d-85df-17d81a75ede2\",\n \"id\": \"GHSA-7g45-4rm6-3mm3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 379,\n 552\n ],\n \"description\": \"Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\",\n \"published\": \"2023-06-14T18:30:38Z\",\n \"updated\": \"2024-02-13T21:49:15Z\",\n \"affects\": [\n {\n \"ref\": \"1a021b8e-d143-4072-84f0-0e18292f1967\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.google.guava/guava@24.1.1-jre is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1a021b8e-d143-4072-84f0-0e18292f1967\n\n- Group: com.google.guava\n\n- Name: guava\n\n- Version: 24.1.1-jre\n\n- Description: Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "ratings": "GITHUB - critical", + "published": "2020-04-23T21:08:40Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "id": "GHSA-5p34-5m6p-p58g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", + "impact": 1, + "code": "{\n \"bom-ref\": \"d097e083-0b0a-4e3c-9f29-fc936f27ec6f\",\n \"id\": \"GHSA-5p34-5m6p-p58g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).\",\n \"published\": \"2020-04-23T21:08:40Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:44Z", + "updated": "2023-02-01T05:02:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "id": "GHSA-27xj-rqx5-2255", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f57dc81d-6b2d-4060-8c15-7613c1a37981\",\n \"id\": \"GHSA-27xj-rqx5-2255\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).\",\n \"published\": \"2020-05-15T18:58:44Z\",\n \"updated\": \"2023-02-01T05:02:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "ratings": "GITHUB - high", + "published": "2020-06-10T21:12:41Z", + "updated": "2023-02-01T05:03:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "id": "GHSA-58pp-9c76-5625", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"600ecfb9-66c7-4fc2-88e8-2bf9efe40628\",\n \"id\": \"GHSA-58pp-9c76-5625\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).\",\n \"published\": \"2020-06-10T21:12:41Z\",\n \"updated\": \"2023-02-01T05:03:03Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:50Z", + "updated": "2023-02-01T05:03:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "id": "GHSA-v3xw-c963-f5hc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"36dba0ba-dc6c-4f8a-822c-e51ca444d1bf\",\n \"id\": \"GHSA-v3xw-c963-f5hc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).\",\n \"published\": \"2020-05-15T18:58:50Z\",\n \"updated\": \"2023-02-01T05:03:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "ratings": "GITHUB - high", + "published": "2020-04-23T20:19:02Z", + "updated": "2024-03-15T00:41:35Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "id": "GHSA-h4rc-386g-6m85", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"e5cba611-d1ce-48a5-8fc2-ac68ba133947\",\n \"id\": \"GHSA-h4rc-386g-6m85\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).\",\n \"published\": \"2020-04-23T20:19:02Z\",\n \"updated\": \"2024-03-15T00:41:35Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:47Z", + "updated": "2024-03-15T00:48:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "id": "GHSA-9vvp-fxw6-jcxr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9e292de9-f4f7-4d45-9ecb-846c4b972f6f\",\n \"id\": \"GHSA-9vvp-fxw6-jcxr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).\",\n \"published\": \"2020-05-15T18:58:47Z\",\n \"updated\": \"2024-03-15T00:48:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "343cd240-f667-4770-aecf-ddc11f9d0172", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:58:54Z", + "updated": "2024-03-15T00:50:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "id": "GHSA-rf6r-2c4q-2vwg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"343cd240-f667-4770-aecf-ddc11f9d0172\",\n \"id\": \"GHSA-rf6r-2c4q-2vwg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).\",\n \"published\": \"2020-05-15T18:58:54Z\",\n \"updated\": \"2024-03-15T00:50:18Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "ratings": "GITHUB - high", + "published": "2020-04-23T21:36:03Z", + "updated": "2024-06-25T13:46:45Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "id": "GHSA-758m-v56v-grj4", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0f7e16f6-f01e-4cc0-a835-08f3ba72625f\",\n \"id\": \"GHSA-758m-v56v-grj4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.\",\n \"published\": \"2020-04-23T21:36:03Z\",\n \"updated\": \"2024-06-25T13:46:45Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "ratings": "GITHUB - high", + "published": "2020-04-23T16:32:59Z", + "updated": "2024-07-03T21:10:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "id": "GHSA-95cm-88f5-f2c7", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c2e5f22d-f91f-4689-bdb1-782974d6fa7a\",\n \"id\": \"GHSA-95cm-88f5-f2c7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).\",\n \"published\": \"2020-04-23T16:32:59Z\",\n \"updated\": \"2024-07-03T21:10:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:50Z", + "updated": "2023-02-01T05:04:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "id": "GHSA-c2q3-4qrh-fm48", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"49fa1888-bfa1-480a-8564-3b62b8bf5c3c\",\n \"id\": \"GHSA-c2q3-4qrh-fm48\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).\",\n \"published\": \"2020-06-18T14:44:50Z\",\n \"updated\": \"2023-02-01T05:04:14Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "97981cb2-9228-4b8b-a172-ad12f550a19f", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:43Z", + "updated": "2024-03-15T00:37:17Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "id": "GHSA-mc6h-4qgp-37qh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"97981cb2-9228-4b8b-a172-ad12f550a19f\",\n \"id\": \"GHSA-mc6h-4qgp-37qh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).\",\n \"published\": \"2020-06-18T14:44:43Z\",\n \"updated\": \"2024-03-15T00:37:17Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:46Z", + "updated": "2024-03-15T00:39:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "id": "GHSA-j823-4qch-3rgm", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"941d2fac-724b-4a2c-a8ba-c5a434fa3bf7\",\n \"id\": \"GHSA-j823-4qch-3rgm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).\",\n \"published\": \"2020-06-18T14:44:46Z\",\n \"updated\": \"2024-03-15T00:39:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "ratings": "GITHUB - high", + "published": "2020-06-18T14:44:48Z", + "updated": "2024-06-25T13:46:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "id": "GHSA-c265-37vj-cwcc", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7e3a7481-266e-4cb7-af3b-94dcaf462942\",\n \"id\": \"GHSA-c265-37vj-cwcc\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).\",\n \"published\": \"2020-06-18T14:44:48Z\",\n \"updated\": \"2024-06-25T13:46:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:14Z", + "updated": "2023-06-08T19:02:12Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "id": "GHSA-4w82-r329-3q67", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.", + "impact": 1, + "code": "{\n \"bom-ref\": \"db7cfe67-0b1d-4504-af8b-da26e12af73a\",\n \"id\": \"GHSA-4w82-r329-3q67\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.\",\n \"published\": \"2020-03-04T20:52:14Z\",\n \"updated\": \"2023-06-08T19:02:12Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "ratings": "GITHUB - high", + "published": "2022-07-15T19:41:47Z", + "updated": "2023-08-18T15:45:27Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "id": "GHSA-rpr3-cw39-3pxh", + "desc": "Description: The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"7c0af63e-ef57-43aa-9c91-d79c7e37ab20\",\n \"id\": \"GHSA-rpr3-cw39-3pxh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.\",\n \"published\": \"2022-07-15T19:41:47Z\",\n \"updated\": \"2023-08-18T15:45:27Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c037af59-a132-4727-8cc3-c6095c490df7", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:27Z", + "updated": "2023-09-14T14:55:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "id": "GHSA-fmmc-742q-jg75", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"c037af59-a132-4727-8cc3-c6095c490df7\",\n \"id\": \"GHSA-fmmc-742q-jg75\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.\",\n \"published\": \"2019-11-13T00:32:27Z\",\n \"updated\": \"2023-09-14T14:55:20Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "ratings": "GITHUB - critical", + "published": "2019-11-13T00:32:38Z", + "updated": "2023-09-14T14:55:25Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "id": "GHSA-gjmw-vf9h-g25v", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.", + "impact": 1, + "code": "{\n \"bom-ref\": \"0b8d112a-b683-414d-93b6-48fa2cabb7c9\",\n \"id\": \"GHSA-gjmw-vf9h-g25v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.\",\n \"published\": \"2019-11-13T00:32:38Z\",\n \"updated\": \"2023-09-14T14:55:25Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "ratings": "GITHUB - critical", + "published": "2019-10-28T20:51:15Z", + "updated": "2024-03-15T00:57:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "id": "GHSA-mx7p-6679-8g3q", + "desc": "Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.", + "impact": 1, + "code": "{\n \"bom-ref\": \"e8b21aeb-ce1d-4df2-8102-577b813e712f\",\n \"id\": \"GHSA-mx7p-6679-8g3q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.\",\n \"published\": \"2019-10-28T20:51:15Z\",\n \"updated\": \"2024-03-15T00:57:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "e141c668-bc18-4738-b3b6-e7ba1057d124", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:10Z", + "updated": "2023-09-14T15:09:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "id": "GHSA-q93h-jc49-78gg", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).", + "impact": 1, + "code": "{\n \"bom-ref\": \"e141c668-bc18-4738-b3b6-e7ba1057d124\",\n \"id\": \"GHSA-q93h-jc49-78gg\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).\",\n \"published\": \"2020-05-15T18:59:10Z\",\n \"updated\": \"2023-09-14T15:09:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "ratings": "GITHUB - critical", + "published": "2020-05-15T18:59:01Z", + "updated": "2024-03-15T00:20:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "id": "GHSA-p43x-xfjf-5jhr", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "impact": 1, + "code": "{\n \"bom-ref\": \"7aec5714-d04e-4e86-8f4c-51f5cf2568d9\",\n \"id\": \"GHSA-p43x-xfjf-5jhr\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).\",\n \"published\": \"2020-05-15T18:59:01Z\",\n \"updated\": \"2024-03-15T00:20:09Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-94", + "CWE-502" + ], + "bom-ref": "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:14:51Z", + "updated": "2023-09-14T15:44:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "id": "GHSA-h3cw-g4mq-c5x2", + "desc": "Description: This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6af6635c-bedd-40e5-88b8-324d3a80a33e\",\n \"id\": \"GHSA-h3cw-g4mq-c5x2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 94,\n 502\n ],\n \"description\": \"This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).\",\n \"published\": \"2021-12-09T19:14:51Z\",\n \"updated\": \"2023-09-14T15:44:55Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "3ad04380-a25c-41d8-8fad-259c2561795b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:36Z", + "updated": "2023-09-14T15:47:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "id": "GHSA-qjw2-hr98-qgfh", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"3ad04380-a25c-41d8-8fad-259c2561795b\",\n \"id\": \"GHSA-qjw2-hr98-qgfh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.\",\n \"published\": \"2021-12-09T19:15:36Z\",\n \"updated\": \"2023-09-14T15:47:50Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "86f78c35-adfb-48e4-9428-88084373e1c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:02Z", + "updated": "2023-09-14T15:52:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "id": "GHSA-8w26-6f25-cm9x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"86f78c35-adfb-48e4-9428-88084373e1c0\",\n \"id\": \"GHSA-8w26-6f25-cm9x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.\",\n \"published\": \"2021-12-09T19:16:02Z\",\n \"updated\": \"2023-09-14T15:52:49Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:26Z", + "updated": "2023-09-14T15:53:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-m6x4-97wx-4q27", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d73d38a-3ff6-4fac-8c03-b09b64e9e537\",\n \"id\": \"GHSA-m6x4-97wx-4q27\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:26Z\",\n \"updated\": \"2023-09-14T15:53:30Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "00033bff-66dc-4a36-ab38-a10b0625409f", + "ratings": "GITHUB - high", + "published": "2021-11-19T20:13:06Z", + "updated": "2023-09-14T15:59:33Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "id": "GHSA-v585-23hc-c647", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00033bff-66dc-4a36-ab38-a10b0625409f\",\n \"id\": \"GHSA-v585-23hc-c647\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.\",\n \"published\": \"2021-11-19T20:13:06Z\",\n \"updated\": \"2023-09-14T15:59:33Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "14e2856b-f78d-4a6d-99eb-470c8566df29", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:51Z", + "updated": "2023-09-14T16:01:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "id": "GHSA-r695-7vr9-jgc2", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"14e2856b-f78d-4a6d-99eb-470c8566df29\",\n \"id\": \"GHSA-r695-7vr9-jgc2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:16:51Z\",\n \"updated\": \"2023-09-14T16:01:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "c224f923-be9a-4faa-a930-ef4db611bc2b", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:59Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "id": "GHSA-vfqx-33qm-g869", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c224f923-be9a-4faa-a930-ef4db611bc2b\",\n \"id\": \"GHSA-vfqx-33qm-g869\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.\",\n \"published\": \"2021-12-09T19:16:59Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5201940b-1f04-4668-ae86-8261448d817d", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:42Z", + "updated": "2023-09-14T16:04:22Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "id": "GHSA-f9xh-2qgp-cq57", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5201940b-1f04-4668-ae86-8261448d817d\",\n \"id\": \"GHSA-f9xh-2qgp-cq57\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.\",\n \"published\": \"2021-12-09T19:16:42Z\",\n \"updated\": \"2023-09-14T16:04:22Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:10Z", + "updated": "2023-09-14T16:07:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-cvm9-fjm9-3572", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd\",\n \"id\": \"GHSA-cvm9-fjm9-3572\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:16:10Z\",\n \"updated\": \"2023-09-14T16:07:00Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:54Z", + "updated": "2023-09-14T16:07:40Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "id": "GHSA-9gph-22xh-8x98", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4fcb77a9-67b3-4b3f-bc01-684b8ba72294\",\n \"id\": \"GHSA-9gph-22xh-8x98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.\",\n \"published\": \"2021-12-09T19:15:54Z\",\n \"updated\": \"2023-09-14T16:07:40Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "950cff67-088e-4f41-9818-25943c9e17c0", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:46Z", + "updated": "2023-09-14T16:08:37Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-89qr-369f-5m5x", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"950cff67-088e-4f41-9818-25943c9e17c0\",\n \"id\": \"GHSA-89qr-369f-5m5x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:15:46Z\",\n \"updated\": \"2023-09-14T16:08:37Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:18Z", + "updated": "2023-09-14T16:13:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "id": "GHSA-8c4j-34r4-xr8g", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"53eda8c2-268a-4866-89ac-234bfe7f74ce\",\n \"id\": \"GHSA-8c4j-34r4-xr8g\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\",\n \"published\": \"2021-12-09T19:16:18Z\",\n \"updated\": \"2023-09-14T16:13:01Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "9edaa51d-929b-457e-aab5-0fffecdb4938", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:16:34Z", + "updated": "2023-09-14T16:15:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "id": "GHSA-9m6f-7xcq-8vf8", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"9edaa51d-929b-457e-aab5-0fffecdb4938\",\n \"id\": \"GHSA-9m6f-7xcq-8vf8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.\",\n \"published\": \"2021-12-09T19:16:34Z\",\n \"updated\": \"2023-09-14T16:15:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "6d5189b4-d549-419a-b886-43a62cc43d40", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:24Z", + "updated": "2023-11-21T11:40:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "id": "GHSA-5r5r-6hpj-8gg9", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d5189b4-d549-419a-b886-43a62cc43d40\",\n \"id\": \"GHSA-5r5r-6hpj-8gg9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).\",\n \"published\": \"2021-12-09T19:15:24Z\",\n \"updated\": \"2023-11-21T11:40:53Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "135c6dab-529e-4855-ab72-a0138e2110c8", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:00Z", + "updated": "2024-03-15T00:28:08Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "id": "GHSA-wh8g-3j2c-rqj5", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"135c6dab-529e-4855-ab72-a0138e2110c8\",\n \"id\": \"GHSA-wh8g-3j2c-rqj5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:00Z\",\n \"updated\": \"2024-03-15T00:28:08Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502", + "CWE-913" + ], + "bom-ref": "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ratings": "GITHUB - high", + "published": "2021-12-09T19:15:11Z", + "updated": "2024-06-25T13:47:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "id": "GHSA-r3gr-cxrf-hg25", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"57f41366-73de-4a9c-ba15-4d09c9f60e33\",\n \"id\": \"GHSA-r3gr-cxrf-hg25\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502,\n 913\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.\",\n \"published\": \"2021-12-09T19:15:11Z\",\n \"updated\": \"2024-06-25T13:47:23Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-15T00:14:44Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "id": "GHSA-jjjh-jjxp-wpff", + "desc": "Description: In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"ccd0ef88-c0fe-4a10-a648-c779ce82b888\",\n \"id\": \"GHSA-jjjh-jjxp-wpff\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0. Commits that introduced vulnerable code are https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45, https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1, and https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc. Fix commits are https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea and https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-15T00:14:44Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "ratings": "GITHUB - high", + "published": "2021-01-20T21:20:15Z", + "updated": "2024-03-15T00:16:04Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "id": "GHSA-5949-rw7g-wx7w", + "desc": "Description: A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"726a055c-f364-4cb7-a75a-d3c541dad0fa\",\n \"id\": \"GHSA-5949-rw7g-wx7w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\",\n \"published\": \"2021-01-20T21:20:15Z\",\n \"updated\": \"2024-03-15T00:16:04Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-787" + ], + "bom-ref": "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "ratings": "GITHUB - high", + "published": "2022-03-12T00:00:36Z", + "updated": "2024-03-15T00:24:56Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "id": "GHSA-57j2-w4cx-62h2", + "desc": "Description: jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"75d8b4d7-7c79-4627-b229-8d5e38fc5d8b\",\n \"id\": \"GHSA-57j2-w4cx-62h2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 787\n ],\n \"description\": \"jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.\",\n \"published\": \"2022-03-12T00:00:36Z\",\n \"updated\": \"2024-03-15T00:24:56Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "ratings": "GITHUB - high", + "published": "2021-02-18T20:51:54Z", + "updated": "2024-03-15T00:31:24Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "id": "GHSA-288c-cq4h-88gq", + "desc": "Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"cc0ff323-0529-4064-8a2d-1f7a8e2a1332\",\n \"id\": \"GHSA-288c-cq4h-88gq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\",\n \"published\": \"2021-02-18T20:51:54Z\",\n \"updated\": \"2024-03-15T00:31:24Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "ratings": "GITHUB - critical", + "published": "2020-03-04T20:52:11Z", + "updated": "2024-03-15T00:52:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "id": "GHSA-gww7-p5w4-wrfv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7c4227e3-a0a9-4361-8eab-6ab5fa9550b2\",\n \"id\": \"GHSA-gww7-p5w4-wrfv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.\",\n \"published\": \"2020-03-04T20:52:11Z\",\n \"updated\": \"2024-03-15T00:52:59Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-502" + ], + "bom-ref": "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "ratings": "GITHUB - high", + "published": "2022-10-03T00:00:31Z", + "updated": "2024-03-24T05:01:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "id": "GHSA-rgv9-q543-rqg4", + "desc": "Description: In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"87742746-bd8b-423d-979d-d9aa81a8ccfd\",\n \"id\": \"GHSA-rgv9-q543-rqg4\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 502\n ],\n \"description\": \"In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.\",\n \"published\": \"2022-10-03T00:00:31Z\",\n \"updated\": \"2024-03-24T05:01:05Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "5c0b94e1-0577-42c9-8028-f244d68f61da", + "ratings": "GITHUB - high", + "published": "2020-05-15T18:59:04Z", + "updated": "2024-07-03T21:10:31Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "id": "GHSA-fqwf-pjwf-7vqv", + "desc": "Description: FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"5c0b94e1-0577-42c9-8028-f244d68f61da\",\n \"id\": \"GHSA-fqwf-pjwf-7vqv\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).\",\n \"published\": \"2020-05-15T18:59:04Z\",\n \"updated\": \"2024-07-03T21:10:31Z\",\n \"affects\": [\n {\n \"ref\": \"1e0c53af-376a-4ca0-9d2e-38811dd17cba\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.fasterxml.jackson.core/jackson-databind@2.9.10 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 1e0c53af-376a-4ca0-9d2e-38811dd17cba\n\n- Group: com.fasterxml.jackson.core\n\n- Name: jackson-databind\n\n- Version: 2.9.10\n\n- Description: General data-binding functionality for Jackson: works on core streaming API\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "f2fa9b19-418a-4901-9840-a8631227701e", + "ratings": "GITHUB - high", + "published": "2020-04-10T18:42:20Z", + "updated": "2023-01-09T05:02:18Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-8jpx-m2wh-2v34", + "desc": "Description: ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"f2fa9b19-418a-4901-9840-a8631227701e\",\n \"id\": \"GHSA-8jpx-m2wh-2v34\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 (see [GHSA-3mcp-9wr4-cjqf](https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf)/[CVE-2020-5245](https://github.com/advisories/GHSA-3mcp-9wr4-cjqf)) unfortunately didn't fix the underlying issue completely. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.21** and **2.0.3** or later. We strongly recommend upgrading to one of these versions. The evaluation of EL expressions has been disabled by default now. In order to use some interpolation in the violation messages added to [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html), it has to be explicitly allowed by setting [`SelfValidating#escapeExpressions()`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidating.html#escapeExpressions--) to `false`. It is also recommended to use the `addViolation` methods supporting message parameters instead of EL expressions introduced in Dropwizard 1.3.21 and 2.0.3: * [`ViolationCollector#addViolation(String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, Integer, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.Integer-java.lang.String-java.util.Map-) * [`ViolationCollector#addViolation(String, String, String, Map`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html#addViolation-java.lang.String-java.lang.String-java.lang.String-java.util.Map-) ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.3/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.3/dropwizard-validation/src/main/java/io/dropwizard/validation/InterpolationHelper.java ### References * https://github.com/dropwizard/dropwizard/security/advisories/GHSA-3mcp-9wr4-cjqf * https://github.com/dropwizard/dropwizard/pull/3208 * https://github.com/dropwizard/dropwizard/pull/3209 * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-04-10T18:42:20Z\",\n \"updated\": \"2023-01-09T05:02:18Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-74" + ], + "bom-ref": "00bc944f-fead-400b-8bbd-0c5b56ba2b14", + "ratings": "GITHUB - high", + "published": "2020-02-24T17:27:27Z", + "updated": "2024-06-05T16:42:03Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "id": "GHSA-3mcp-9wr4-cjqf", + "desc": "Description: Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\"_\")) { // Sanitize fullName variable by escaping relevant characters such as \"$\" col.addViolation(\"Full name contains invalid characters: \" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"00bc944f-fead-400b-8bbd-0c5b56ba2b14\",\n \"id\": \"GHSA-3mcp-9wr4-cjqf\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 74\n ],\n \"description\": \"Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. ### Summary A server-side template injection was identified in the self-validating ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)) feature of **dropwizard-validation** enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you're using a self-validating bean (via [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html)), an upgrade to Dropwizard 1.3.19 or 2.0.2 is strongly recommended. ### Impact This issue may allow Remote Code Execution (RCE), allowing to run arbitrary code on the host system (with the privileges of the Dropwizard service account privileges) by injecting arbitrary [Java Expression Language (EL)](https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions) expressions when using the self-validating feature ([`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html), [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html)) in **dropwizard-validation**. ### Patches The issue has been fixed in **dropwizard-validation** **1.3.19** and **2.0.2**. We strongly recommend upgrading to one of these versions. ### Workarounds If you are not able to upgrade to one of the aforementioned versions of **dropwizard-validation** but still want to use the [`@SelfValidating`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidating.html) feature, make sure to properly sanitize any message you're adding to the [`ViolationCollector`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/ViolationCollector.html) in the method annotated with [`@SelfValidation`](https://javadoc.io/static/io.dropwizard/dropwizard-project/2.0.2/io/dropwizard/validation/selfvalidating/SelfValidation.html). Example: ```java @SelfValidation public void validateFullName(ViolationCollector col) { if (fullName.contains(\\\"_\\\")) { // Sanitize fullName variable by escaping relevant characters such as \\\"$\\\" col.addViolation(\\\"Full name contains invalid characters: \\\" + sanitizeJavaEl(fullName)); } } ``` See also: https://github.com/dropwizard/dropwizard/blob/v2.0.2/dropwizard-validation/src/main/java/io/dropwizard/validation/selfvalidating/ViolationCollector.java#L84-L98 ### References * https://github.com/dropwizard/dropwizard/pull/3157 * https://github.com/dropwizard/dropwizard/pull/3160 * https://docs.oracle.com/javaee/7/tutorial/jsf-el.htm * https://docs.jboss.org/hibernate/validator/6.1/reference/en-US/html_single/#section-interpolation-with-message-expressions * https://beanvalidation.org/2.0/spec/#validationapi-message-defaultmessageinterpolation ### For more information If you have any questions or comments about this advisory: * Open an issue in [dropwizard/dropwizard](https://github.com/dropwizard/dropwizard/issues/new) * Start a discussion on the [dropwizard-dev mailing list](https://groups.google.com/forum/#!forum/dropwizard-dev) ### Security contact If you want to responsibly disclose a security issue in Dropwizard or one of its official modules, please contact us via the published channels in our [security policy](https://github.com/dropwizard/dropwizard/security/policy): https://github.com/dropwizard/dropwizard/security/policy#reporting-a-vulnerability\",\n \"published\": \"2020-02-24T17:27:27Z\",\n \"updated\": \"2024-06-05T16:42:03Z\",\n \"affects\": [\n {\n \"ref\": \"9623a310-0e79-4f71-b9a7-b7046f1fbf30\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component io.dropwizard/dropwizard-validation@1.3.15 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 9623a310-0e79-4f71-b9a7-b7046f1fbf30\n\n- Group: io.dropwizard\n\n- Name: dropwizard-validation\n\n- Version: 1.3.15", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-776" + ], + "bom-ref": "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "ratings": "GITHUB - high", + "published": "2021-06-04T21:37:45Z", + "updated": "2023-05-22T20:17:58Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "id": "GHSA-rvwf-54qp-4r6v", + "desc": "Description: The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"210a5c45-88ac-4c1f-a5f4-f93c7af6f59e\",\n \"id\": \"GHSA-rvwf-54qp-4r6v\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 776\n ],\n \"description\": \"The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.\",\n \"published\": \"2021-06-04T21:37:45Z\",\n \"updated\": \"2023-05-22T20:17:58Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "id": "GHSA-9w3m-gqgf-c4p9", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"63a53dc7-5769-43dc-a053-50ccd5295d8b\",\n \"id\": \"GHSA-9w3m-gqgf-c4p9\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "5ab41975-23cc-45e0-9a13-be603ea00595", + "ratings": "GITHUB - medium", + "published": "2022-11-11T19:00:31Z", + "updated": "2024-06-21T21:33:52Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "id": "GHSA-w37g-rhq8-7m4j", + "desc": "Description: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5ab41975-23cc-45e0-9a13-be603ea00595\",\n \"id\": \"GHSA-w37g-rhq8-7m4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.\",\n \"published\": \"2022-11-11T19:00:31Z\",\n \"updated\": \"2024-06-21T21:33:52Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "dff65990-715e-4f71-aace-60d4436af108", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-c4r9-r8fh-9vj2", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"dff65990-715e-4f71-aace-60d4436af108\",\n \"id\": \"GHSA-c4r9-r8fh-9vj2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-hhhw-99gj-p3c3", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d55a9a55-cf82-483f-9a7c-8bf5395ce510\",\n \"id\": \"GHSA-hhhw-99gj-p3c3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-121", + "CWE-787" + ], + "bom-ref": "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "ratings": "GITHUB - medium", + "published": "2022-09-06T00:00:27Z", + "updated": "2024-03-15T12:30:36Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "id": "GHSA-98wm-3w3q-mw94", + "desc": "Description: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"6c215a04-8ea0-421f-961b-d5cceb64fd13\",\n \"id\": \"GHSA-98wm-3w3q-mw94\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 121,\n 787\n ],\n \"description\": \"Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.\",\n \"published\": \"2022-09-06T00:00:27Z\",\n \"updated\": \"2024-03-15T12:30:36Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-776" + ], + "bom-ref": "38c08d91-3487-44c4-b258-d5a274a4ad05", + "ratings": "GITHUB - high", + "published": "2022-08-31T00:00:24Z", + "updated": "2024-03-15T19:06:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "id": "GHSA-3mc7-4q67-w48m", + "desc": "Description: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"38c08d91-3487-44c4-b258-d5a274a4ad05\",\n \"id\": \"GHSA-3mc7-4q67-w48m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 776\n ],\n \"description\": \"The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.\",\n \"published\": \"2022-08-31T00:00:24Z\",\n \"updated\": \"2024-03-15T19:06:46Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20", + "CWE-502" + ], + "bom-ref": "da9ea5d3-a3c2-4d1b-8425-a799e47a804f", + "ratings": "GITHUB - high", + "published": "2022-12-12T21:19:47Z", + "updated": "2024-06-24T21:22:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "id": "GHSA-mjmj-j48q-9wg2", + "desc": "Description: ### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"da9ea5d3-a3c2-4d1b-8425-a799e47a804f\",\n \"id\": \"GHSA-mjmj-j48q-9wg2\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20,\n 502\n ],\n \"description\": \"### Summary SnakeYaml's `Constructor` class, which inherits from `SafeConstructor`, allows any type be deserialized given the following line: new Yaml(new Constructor(TestDataClass.class)).load(yamlContent); Types do not have to match the types of properties in the target class. A `ConstructorException` is thrown, but only after a malicious payload is deserialized. ### Severity High, lack of type checks during deserialization allows remote code execution. ### Proof of Concept Execute `bash run.sh`. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000. Example output of successful run of proof of concept: ``` $ bash run.sh [+] Downloading snakeyaml if needed [+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE nc: no process found [+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server. [+] An exception is expected. Exception: Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0 in 'string', line 1, column 1: payload: !!javax.script.ScriptEn ... ^ Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager in 'string', line 1, column 10: payload: !!javax.script.ScriptEngineManag ... ^ at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172) at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230) at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220) at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174) at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158) at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491) at org.yaml.snakeyaml.Yaml.load(Yaml.java:416) at Main.main(Main.java:37) Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167) at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171) at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81) at java.base/java.lang.reflect.Field.set(Field.java:780) at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44) at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286) ... 9 more [+] Dumping Received HTTP Request. Will not be empty if PoC worked GET /proof-of-concept HTTP/1.1 User-Agent: Java/11.0.14 Host: localhost:8000 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive ``` ### Further Analysis Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject. A fix was released in version 2.0. See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314 for more information. ### Timeline **Date reported**: 4/11/2022 **Date fixed**: **Date disclosed**: 10/13/2022\",\n \"published\": \"2022-12-12T21:19:47Z\",\n \"updated\": \"2024-06-24T21:22:59Z\",\n \"affects\": [\n {\n \"ref\": \"0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.yaml/snakeyaml@1.23 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd\n\n- Group: org.yaml\n\n- Name: snakeyaml\n\n- Version: 1.23\n\n- Description: YAML 1.1 parser and emitter for Java\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "ratings": "GITHUB - medium", + "published": "2021-12-17T20:00:50Z", + "updated": "2023-01-30T05:04:55Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "id": "GHSA-668q-qrv7-99fm", + "desc": "Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"bdd3f85b-5284-4163-be5b-0dd84b9300ac\",\n \"id\": \"GHSA-668q-qrv7-99fm\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.\",\n \"published\": \"2021-12-17T20:00:50Z\",\n \"updated\": \"2023-01-30T05:04:55Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "0d58391c-d0fe-4b46-8f8d-6a49db7fb354", + "ratings": "GITHUB - high", + "published": "2023-11-29T12:30:16Z", + "updated": "2023-12-05T21:31:13Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "id": "GHSA-vmq6-5m68-f53m", + "desc": "Description: A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"0d58391c-d0fe-4b46-8f8d-6a49db7fb354\",\n \"id\": \"GHSA-vmq6-5m68-f53m\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"A serialization vulnerability in logback receiver component part of logback allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed. See https://logback.qos.ch/manual/receivers.html\",\n \"published\": \"2023-11-29T12:30:16Z\",\n \"updated\": \"2023-12-05T21:31:13Z\",\n \"affects\": [\n {\n \"ref\": \"5e7cd916-704f-4746-83a0-ec3850bb3f49\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-core@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 5e7cd916-704f-4746-83a0-ec3850bb3f49\n\n- Group: ch.qos.logback\n\n- Name: logback-core\n\n- Version: 1.2.3\n\n- Description: logback-core module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component ch.qos.logback/logback-classic@1.2.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 6d8385bd-f9a9-4a97-9031-3a1c717209b7\n\n- Group: ch.qos.logback\n\n- Name: logback-classic\n\n- Version: 1.2.3\n\n- Description: logback-classic module\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "ratings": "GITHUB - medium", + "published": "2021-03-10T03:46:47Z", + "updated": "2023-02-01T05:05:09Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "id": "GHSA-m394-8rww-3jr7", + "desc": "Description: ### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"17d2faa1-cd26-4ac7-8c68-c4a44ec398a8\",\n \"id\": \"GHSA-m394-8rww-3jr7\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact When Jetty handles a request containing request headers with a large number of “quality” (i.e. q) parameters (such as what are seen on the `Accept`, `Accept-Encoding`, and `Accept-Language` request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. The only features within Jetty that can trigger this behavior are: - Default Error Handling - the `Accept` request header with the `QuotedQualityCSV` is used to determine what kind of content to send back to the client (html, text, json, xml, etc) - `StatisticsServlet` - uses the `Accept` request header with the `QuotedQualityCSV` to determine what kind of content to send back to the client (xml, json, text, html, etc) - `HttpServletRequest.getLocale()` - uses the `Accept-Language` request header with the `QuotedQualityCSV` to determine which “preferred” language is returned on this call. - `HttpservletRequest.getLocales()` - is similar to the above, but returns an ordered list of locales based on the quality values on the `Accept-Language` request header. - `DefaultServlet` - uses the `Accept-Encoding` request header with the `QuotedQualityCSV` to determine which kind of pre-compressed content should be sent back for static content (content that is not matched against a url-pattern in your web app) ### Versions `QuotedQualityCSV` was introduced to Jetty 9.3.9.v20160517 and the bug that introduced the vulnerability was in 9.4.6.v20170531. Currently, known vulnerable versions include: - 9.4.6.v20170531 thru to 9.4.36.v20210114 - 10.0.0 - 11.0.0 ### Workarounds Quality ordered values are used infrequently by jetty so they can be avoided by: * Do not use the default error page/handler. * Do not deploy the `StatisticsServlet` exposed to the network * Do not call `getLocale` API * Do not enable precompressed static content in the `DefaultServlet` ### Patches All patches are available for download from the Eclipse Jetty website at [https://www.eclipse.org/jetty/download.php](https://www.eclipse.org/jetty/download.php) - 9.4.37.v20210219 and greater - 10.0.1 and greater - 11.0.1 and greater\",\n \"published\": \"2021-03-10T03:46:47Z\",\n \"updated\": \"2023-02-01T05:05:09Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "AC-12" + ], + "cci": [ + "CCI-002361" + ], + "cwe": [ + "CWE-613" + ], + "bom-ref": "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "ratings": "GITHUB - low", + "published": "2021-06-23T20:23:04Z", + "updated": "2023-02-01T05:05:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "id": "GHSA-m6cp-vxjx-65j6", + "desc": "Description: ### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"f32ca540-f068-4392-bea0-c0d7b050b7d1\",\n \"id\": \"GHSA-m6cp-vxjx-65j6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 613\n ],\n \"description\": \"### Impact If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. ### Workarounds The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations.\",\n \"published\": \"2021-06-23T20:23:04Z\",\n \"updated\": \"2023-02-01T05:05:59Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-551", + "CWE-755" + ], + "bom-ref": "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "ratings": "GITHUB - high", + "published": "2021-04-06T17:31:30Z", + "updated": "2023-09-26T11:11:47Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "id": "GHSA-26vr-8j45-3r4w", + "desc": "Description: ### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\"sslContextFactory\") SslContextFactory factory, @Name(\"next\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\"Encrypted buffer max length exceeded\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"6d35c4e5-f5ee-4572-af28-1ca71cf48158\",\n \"id\": \"GHSA-26vr-8j45-3r4w\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 551,\n 755\n ],\n \"description\": \"### Impact When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. ### Workarounds The problem can be worked around by compiling the following class: ```java package org.eclipse.jetty.server.ssl.fix6072; import java.nio.ByteBuffer; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.BufferUtil; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; public class SpaceCheckingSslConnectionFactory extends SslConnectionFactory { public SpaceCheckingSslConnectionFactory(@Name(\\\"sslContextFactory\\\") SslContextFactory factory, @Name(\\\"next\\\") String nextProtocol) { super(factory, nextProtocol); } @Override protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, isDirectBuffersForEncryption(), isDirectBuffersForDecryption()) { @Override protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuffer output) throws SSLException { SSLEngineResult results = super.unwrap(sslEngine, input, output); if ((results.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW || results.getStatus() == SSLEngineResult.Status.OK && results.bytesConsumed() == 0 && results.bytesProduced() == 0) && BufferUtil.space(input) == 0) { BufferUtil.clear(input); throw new SSLHandshakeException(\\\"Encrypted buffer max length exceeded\\\"); } return results; } }; } } ``` This class can be deployed by: + The resulting class file should be put into a jar file (eg sslfix6072.jar) + The jar file should be made available to the server. For a normal distribution this can be done by putting the file into ${jetty.base}/lib + Copy the file `${jetty.home}/modules/ssl.mod` to `${jetty.base}/modules` + Edit the `${jetty.base}/modules/ssl.mod` file to have the following section: ``` [lib] lib/sslfix6072.jar ``` + Copy the file `${jetty.home}/etc/jetty-https.xml` and`${jetty.home}/etc/jetty-http2.xml` to `${jetty.base}/etc` + Edit files `${jetty.base}/etc/jetty-https.xml` and `${jetty.base}/etc/jetty-http2.xml`, changing any reference of `org.eclipse.jetty.server.SslConnectionFactory` to `org.eclipse.jetty.server.ssl.fix6072.SpaceCheckingSslConnectionFactory`. For example: ```xml http/1.1 ``` + Restart Jetty\",\n \"published\": \"2021-04-06T17:31:30Z\",\n \"updated\": \"2023-09-26T11:11:47Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "ratings": "GITHUB - low", + "published": "2023-04-18T22:19:57Z", + "updated": "2023-11-06T05:01:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "id": "GHSA-p26g-97m4-6q7c", + "desc": "Description: Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\"b; JSESSIONID=1337; c=d\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"d5c5815d-1742-46b6-953a-a4ed90fdd920\",\n \"id\": \"GHSA-p26g-97m4-6q7c\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `\\\"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE=\\\"b; JSESSIONID=1337; c=d\\\"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server. ### Patches * 9.4.51.v20230217 - via PR #9352 * 10.0.15 - via PR #9339 * 11.0.15 - via PR #9339 ### Workarounds No workarounds ### References * https://www.rfc-editor.org/rfc/rfc2965 * https://www.rfc-editor.org/rfc/rfc6265\",\n \"published\": \"2023-04-18T22:19:57Z\",\n \"updated\": \"2023-11-06T05:01:53Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-770" + ], + "bom-ref": "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ratings": "GITHUB - medium", + "published": "2023-04-19T18:15:45Z", + "updated": "2023-11-06T05:02:06Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "id": "GHSA-qw69-rqj8-6qw8", + "desc": "Description: ### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f6ff72c7-6603-4627-899d-658f8f7c5f23\",\n \"id\": \"GHSA-qw69-rqj8-6qw8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 770\n ],\n \"description\": \"### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). Limiting multipart parameter `maxFileSize` won't be enough because an attacker can send a large number of parts that summed up will cause memory issues. ### References * https://github.com/eclipse/jetty.project/issues/9076 * https://github.com/jakartaee/servlet/blob/6.0.0/spec/src/main/asciidoc/servlet-spec-body.adoc#32-file-upload\",\n \"published\": \"2023-04-19T18:15:45Z\",\n \"updated\": \"2023-11-06T05:02:06Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-4" + ], + "cci": [ + "CCI-001090" + ], + "cwe": [ + "CWE-226" + ], + "bom-ref": "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6", + "ratings": "GITHUB - medium", + "published": "2020-12-02T18:28:18Z", + "updated": "2024-02-21T17:23:14Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "id": "GHSA-86wm-rrjm-8wh8", + "desc": "Description: ### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"ebc03317-a0b4-4b53-9cd0-7ae4281c02e6\",\n \"id\": \"GHSA-86wm-rrjm-8wh8\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 226\n ],\n \"description\": \"### Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see that body prepended to it's body. The attacker will not see any data, but may inject data into the body of the subsequent request CVE score is [4.8 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L&version=3.1) ### Workarounds The problem can be worked around by either: - Disabling compressed request body inflation by GzipHandler. - By always fully consuming the request content before sending a response. - By adding a `Connection: close` to any response where the servlet does not fully consume request content.\",\n \"published\": \"2020-12-02T18:28:18Z\",\n \"updated\": \"2024-02-21T17:23:14Z\",\n \"affects\": [\n {\n \"ref\": \"4e012695-d45a-4296-b37b-54a8b6893a50\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 4e012695-d45a-4296-b37b-54a8b6893a50\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The core jetty server artifact.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-20" + ], + "bom-ref": "c19b779d-2699-44de-a189-a0d18d8dc953", + "ratings": "GITHUB - low", + "published": "2022-07-07T20:55:34Z", + "updated": "2023-01-29T05:06:01Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-cj7v-27pg-wf7q", + "desc": "Description: ### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"c19b779d-2699-44de-a189-a0d18d8dc953\",\n \"id\": \"GHSA-cj7v-27pg-wf7q\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 20\n ],\n \"description\": \"### Description URI use within Jetty's `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`. A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. However, `HttpURI.host` returns `localhost;` which is definitely wrong. ### Impact This can lead to errors with Jetty's `HttpClient`, and Jetty's `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. ### Patches Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10 ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:34Z\",\n \"updated\": \"2023-01-29T05:06:01Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-130" + ], + "bom-ref": "a2897b13-bdeb-4a6c-802e-abf09fef10a9", + "ratings": "GITHUB - medium", + "published": "2023-09-14T16:17:27Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "id": "GHSA-hmr7-m48g-48f6", + "desc": "Description: ### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \"+\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"a2897b13-bdeb-4a6c-802e-abf09fef10a9\",\n \"id\": \"GHSA-hmr7-m48g-48f6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 130\n ],\n \"description\": \"### Impact Jetty accepts the '+' character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. ### Workarounds There is no workaround as there is no known exploit scenario. ### Original Report [RFC 9110 Secion 8.6](https://www.rfc-editor.org/rfc/rfc9110#section-8.6) defined the value of Content-Length header should be a string of 0-9 digits. However we found that Jetty accepts \\\"+\\\" prefixed Content-Length, which could lead to potential HTTP request smuggling. Payload: ``` POST / HTTP/1.1 Host: a.com Content-Length: +16 Connection: close ​ 0123456789abcdef ``` When sending this payload to Jetty, it can successfully parse and identify the length. When sending this payload to NGINX, Apache HTTPd or other HTTP servers/parsers, they will return 400 bad request. This behavior can lead to HTTP request smuggling and can be leveraged to bypass WAF or IDS.\",\n \"published\": \"2023-09-14T16:17:27Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"c1abfd09-121f-418c-befa-4d6b9e164769\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-http@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c1abfd09-121f-418c-befa-4d6b9e164769\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-http\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-378", + "CWE-379", + "CWE-552" + ], + "bom-ref": "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442", + "ratings": "GITHUB - high", + "published": "2020-11-04T17:50:24Z", + "updated": "2023-11-27T23:07:53Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "id": "GHSA-g3wg-6mcf-8jj6", + "desc": "Description: ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\"java.io.tmpdir\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \".dir\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442\",\n \"id\": \"GHSA-g3wg-6mcf-8jj6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 378,\n 379,\n 552\n ],\n \"description\": \"### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. Additionally, any user code uses of [WebAppContext::getTempDirectory](https://www.eclipse.org/jetty/javadoc/9.4.31.v20200723/org/eclipse/jetty/webapp/WebAppContext.html#getTempDirectory()) would similarly be vulnerable. Additionally, any user application code using the `ServletContext` attribute for the tempdir will also be impacted. See: https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#TEMPDIR For example: ```java import java.io.File; import java.io.IOException; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ExampleServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { File tempDir = (File)getServletContext().getAttribute(ServletContext.TEMPDIR); // Potentially compromised // do something with that temp dir } } ``` Example: The JSP library itself will use the container temp directory for compiling the JSP source into Java classes before executing them. ### CVSSv3.1 Evaluation This vulnerability has been calculated to have a [CVSSv3.1 score of 7.8/10 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&version=3.1) ### Patches Fixes were applied to the 9.4.x branch with: - https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb - https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f These will be included in releases: 9.4.33, 10.0.0.beta3, 11.0.0.beta3 ### Workarounds A work around is to set a temporary directory, either for the server or the context, to a directory outside of the shared temporary file system. For recent releases, a temporary directory can be created simple by creating a directory called `work` in the ${jetty.base} directory (the parent directory of the `webapps` directory). Alternately the java temporary directory can be set with the System Property `java.io.tmpdir`. A more detailed description of how jetty selects a temporary directory is below. The Jetty search order for finding a temporary directory is as follows: 1. If the [`WebAppContext` has a temp directory specified](https://www.eclipse.org/jetty/javadoc/current/org/eclipse/jetty/webapp/WebAppContext.html#setTempDirectory(java.io.File)), use it. 2. If the `ServletContext` has the `javax.servlet.context.tempdir` attribute set, and if directory exists, use it. 3. If a `${jetty.base}/work` directory exists, use it (since Jetty 9.1) 4. If a `ServletContext` has the `org.eclipse.jetty.webapp.basetempdir` attribute set, and if the directory exists, use it. 5. Use `System.getProperty(\\\"java.io.tmpdir\\\")` and use it. Jetty will end traversal at the first successful step. To mitigate this vulnerability the directory must be set to one that is not writable by an attacker. To avoid information leakage, the directory should also not be readable by an attacker. #### Setting a Jetty server temporary directory. Choices 3 and 5 apply to the server level, and will impact all deployed webapps on the server. For choice 3 just create that work directory underneath your `${jetty.base}` and restart Jetty. For choice 5, just specify your own `java.io.tmpdir` when you start the JVM for Jetty. ``` shell [jetty-distribution]$ java -Djava.io.tmpdir=/var/web/work -jar start.jar ``` #### Setting a Context specific temporary directory. The rest of the choices require you to configure the context for that deployed webapp (seen as `${jetty.base}/webapps/.xml`) Example (excluding the DTD which is version specific): ``` xml /var/web/webapps/foo.war /var/web/work/foo ``` ### References - https://github.com/eclipse/jetty.project/issues/5451 - [CWE-378: Creation of Temporary File With Insecure Permissions](https://cwe.mitre.org/data/definitions/378.html) - [CWE-379: Creation of Temporary File in Directory with Insecure Permissions](https://cwe.mitre.org/data/definitions/379.html) - [CodeQL Query PR To Detect Similar Vulnerabilities](https://github.com/github/codeql/pull/4473) ### Similar Vulnerabilities Similar, but not the same. - JUnit 4 - https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information The original report of this vulnerability is below: > On Thu, 15 Oct 2020 at 21:14, Jonathan Leitschuh wrote: > Hi WebTide Security Team, > > I'm a security researcher writing some custom CodeQL queries to find Local Temporary Directory Hijacking Vulnerabilities. One of my queries flagged an issue in Jetty. > > https://lgtm.com/query/5615014766184643449/ > > I've recently been looking into security vulnerabilities involving the temporary directory because on unix-like systems, the system temporary directory is shared between all users. > There exists a race condition between the deletion of the temporary file and the creation of the directory. > > ```java > // ensure file will always be unique by appending random digits > tmpDir = File.createTempFile(temp, \\\".dir\\\", parent); // Attacker knows the full path of the file that will be generated > // delete the file that was created > tmpDir.delete(); // Attacker sees file is deleted and begins a race to create their own directory before Jetty. > // and make a directory of the same name > // SECURITY VULNERABILITY: Race Condition! - Attacker beats Jetty and now owns this directory > tmpDir.mkdirs(); > ``` > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L511-L518 > > In several cases the `parent` parameter will not be the system temporary directory. However, there is one case where it will be, as the last fallback. > > > https://github.com/eclipse/jetty.project/blob/1b59672b7f668b8a421690154b98b4b2b03f254b/jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebInfConfiguration.java#L467-L468 > > If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. > > Would your team be willing to open a GitHub security advisory to continue the discussion and disclosure there? https://github.com/eclipse/jetty.project/security/advisories > > **This vulnerability disclosure follows Google's [90-day vulnerability disclosure policy](https://www.google.com/about/appsecurity/) (I'm not an employee of Google, I just like their policy). Full disclosure will occur either at the end of the 90-day deadline or whenever a patch is made widely available, whichever occurs first.** > > Cheers, > Jonathan Leitschuh\",\n \"published\": \"2020-11-04T17:50:24Z\",\n \"updated\": \"2023-11-27T23:07:53Z\",\n \"affects\": [\n {\n \"ref\": \"71f396a0-0285-465e-8ce3-6eacb47be941\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-webapp@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 71f396a0-0285-465e-8ce3-6eacb47be941\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-webapp\n\n- Version: 9.4.18.v20190429\n\n- Description: Jetty web application support\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "76910119-ee18-4144-855b-b2fdab20e33c", + "ratings": "GITHUB - low", + "published": "2023-07-10T21:52:39Z", + "updated": "2023-09-05T22:39:32Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "id": "GHSA-58qw-p7qm-5rvh", + "desc": "Description: ### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"76910119-ee18-4144-855b-b2fdab20e33c\",\n \"id\": \"GHSA-58qw-p7qm-5rvh\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"### From the reporter > `XmlParser` is vulnerable to XML external entity (XXE) vulnerability. > XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit > this vulnerability in order to achieve SSRF or cause a denial of service. > One possible scenario is importing a (remote) malicious WAR into a Jetty’s server, while the > WAR includes a malicious web.xml. ### Impact There are no circumstances in a normally deployed Jetty server where potentially hostile XML is given to the XmlParser class without the attacker already having arbitrary access to the server. I.e. in order to exploit `XmlParser` the attacker would already have the ability to deploy and execute hostile code. Specifically, Jetty has no protection against malicious web application and potentially hostile web applications should only be run on an isolated virtualisation. Thus this is not considered a vulnerability of the Jetty server itself, as any such usage of the jetty XmlParser is equally vulnerable as a direct usage of the JVM supplied SAX parser. No CVE will be allocated to this advisory. However, any direct usage of the `XmlParser` class by an application may be vulnerable. The impact would greatly depend on how the application uses `XmlParser`, but it could be a denial of service due to large entity expansion, or possibly the revealing local files if the XML results are accessible remotely. ### Patches Ability to configure the SAXParserFactory to fit the needs of your particular XML parser implementation have been merged as part of PR #10067 ### Workarounds Don't use `XmlParser` to parse data from users.\",\n \"published\": \"2023-07-10T21:52:39Z\",\n \"updated\": \"2023-09-05T22:39:32Z\",\n \"affects\": [\n {\n \"ref\": \"39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-xml@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-xml\n\n- Version: 9.4.18.v20190429\n\n- Description: The jetty xml utilities.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8" + ], + "cci": [ + "CCI-002418" + ], + "cwe": [ + "CWE-200" + ], + "bom-ref": "d8add710-4eed-448d-b198-ecff8ffe86ea", + "ratings": "GITHUB - medium", + "published": "2021-06-10T15:43:22Z", + "updated": "2023-02-01T05:05:51Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "id": "GHSA-gwcr-j4wh-j3cq", + "desc": "Description: Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"d8add710-4eed-448d-b198-ecff8ffe86ea\",\n \"id\": \"GHSA-gwcr-j4wh-j3cq\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200\n ],\n \"description\": \"Requests to the `ConcatServlet` and `WelcomeFilter` are able to access protected resources within the `WEB-INF` directory. For example a request to the `ConcatServlet` with a URI of `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. This occurs because both `ConcatServlet` and `WelcomeFilter` decode the supplied path to verify it is not within the `WEB-INF` or `META-INF` directories. It then uses this decoded path to call `RequestDispatcher` which will also do decoding of the path. This double decoding allows paths with a doubly encoded `WEB-INF` to bypass this security check. ### Impact This affects all versions of `ConcatServlet` and `WelcomeFilter` in versions before 9.4.41, 10.0.3 and 11.0.3. ### Workarounds If you cannot update to the latest version of Jetty, you can instead deploy your own version of the [`ConcatServlet`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/ConcatServlet.java) and/or the [`WelcomeFilter`](https://github.com/eclipse/jetty.project/blob/4204526d2fdad355e233f6bf18a44bfe028ee00b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/WelcomeFilter.java) by using the code from the latest version of Jetty.\",\n \"published\": \"2021-06-10T15:43:22Z\",\n \"updated\": \"2023-02-01T05:05:51Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-149" + ], + "bom-ref": "123b8eaf-5572-4945-975d-21ed3c2f101d", + "ratings": "GITHUB - low", + "published": "2023-09-14T16:16:00Z", + "updated": "2023-11-06T05:01:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "id": "GHSA-3gh6-v5v9-6v9j", + "desc": "Description: If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\"' && execCmd.contains(\" \")) execCmd = \"\\\"\" + execCmd + \"\\\"\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"123b8eaf-5572-4945-975d-21ed3c2f101d\",\n \"id\": \"GHSA-3gh6-v5v9-6v9j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 149\n ],\n \"description\": \"If a user sends a request to a `org.eclipse.jetty.servlets.CGI` Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. For example, if a request references a binary called file” name “here, the escaping algorithm will generate the command line string “file” name “here”, which will invoke the binary named file, not the one that the user requested. ```java if (execCmd.length() > 0 && execCmd.charAt(0) != '\\\"' && execCmd.contains(\\\" \\\")) execCmd = \\\"\\\\\\\"\\\" + execCmd + \\\"\\\\\\\"\\\"; ``` ### Exploit Scenario The cgi-bin directory contains a binary named exec and a subdirectory named exec” commands, which contains a file called bin1. The user sends to the CGI servlet a request for the filename exec” commands/bin1. This request will pass the file existence check on lines 194 through 205. The servlet will add quotation marks around this filename, resulting in the command line string “exec” commands/bin1”. When this string is passed to Runtime.exec, instead of executing the bin1 binary, the server will execute the exec binary with the argument commands/file1”. In addition to being incorrect, this behavior may bypass alias checks, and it may cause other unintended behaviors if a command prefix is configured. If the useFullPath configuration setting is off, the command need not pass the existence check. The attack would not rely on a binary and subdirectory having similar names, and the attack will succeed on a much wider variety of directory structures. ### Impact Users of the `org.eclipse.jetty.servlets.CGI` Servlet with a very specific command structure may have the wrong command executed. ### Patches No patch. In Jetty 9.x, 10.x, and 11.x the `org.eclipse.jetty.servlets.CGI` has been deprecated. In Jetty 12 (all environments) the `org.eclipse.jetty.servlets.CGI` has been entirely removed. ### Workarounds The `org.eclipse.jetty.servlets.CGI` Servlet should not be used. Fast CGI support is available instead. ### References * https://github.com/eclipse/jetty.project/pull/9516 * https://github.com/eclipse/jetty.project/pull/9889 * https://github.com/eclipse/jetty.project/pull/9888\",\n \"published\": \"2023-09-14T16:16:00Z\",\n \"updated\": \"2023-11-06T05:01:59Z\",\n \"affects\": [\n {\n \"ref\": \"7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty/jetty-servlets@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc\n\n- Group: org.eclipse.jetty\n\n- Name: jetty-servlets\n\n- Version: 9.4.18.v20190429\n\n- Description: Utility Servlets from Jetty\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SC-8", + "AC-3" + ], + "cci": [ + "CCI-002418", + "CCI-000213" + ], + "cwe": [ + "CWE-200", + "CWE-732" + ], + "bom-ref": "499117ae-d134-4505-8674-ed498531e7a9", + "ratings": "GITHUB - medium", + "published": "2020-10-12T17:33:00Z", + "updated": "2023-02-01T05:04:50Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "id": "GHSA-269g-pwp5-87pp", + "desc": "Description: ### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\"myfile.txt\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\"subfolder\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"499117ae-d134-4505-8674-ed498531e7a9\",\n \"id\": \"GHSA-269g-pwp5-87pp\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 200,\n 732\n ],\n \"description\": \"### Vulnerability The JUnit4 test rule [TemporaryFolder](https://junit.org/junit4/javadoc/4.13/org/junit/rules/TemporaryFolder.html) contains a local information disclosure vulnerability. Example of vulnerable code: ```java public static class HasTempFolder { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Test public void testUsingTempFolder() throws IOException { folder.getRoot(); // Previous file permissions: `drwxr-xr-x`; After fix:`drwx------` File createdFile= folder.newFile(\\\"myfile.txt\\\"); // unchanged/irrelevant file permissions File createdFolder= folder.newFolder(\\\"subfolder\\\"); // unchanged/irrelevant file permissions // ... } } ``` ### Impact On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability **does not** allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. When analyzing the impact of this vulnerability, here are the important questions to ask: 1. Do the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder? - If yes, this vulnerability impacts you, but only if you also answer 'yes' to question 2. - If no, this vulnerability does not impact you. 2. Do the JUnit tests ever execute in an environment where the OS has other untrusted users. _This may apply in CI/CD environments but normally won't be 'yes' for personal developer machines._ - If yes, and you answered 'yes' to question 1, this vulnerability impacts you. - If no, this vulnerability does not impact you. ### Patches Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. - Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. - Java 1.6 and lower users: **no patch is available, you must use the workaround below.** ### Workarounds If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. ### References - [CWE-200: Exposure of Sensitive Information to an Unauthorized Actor](https://cwe.mitre.org/data/definitions/200.html) - Fix commit https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae #### Similar Vulnerabilities - Google Guava - https://github.com/google/guava/issues/4011 - Apache Ant - https://nvd.nist.gov/vuln/detail/CVE-2020-1945 - JetBrains Kotlin Compiler - https://nvd.nist.gov/vuln/detail/CVE-2020-15824 ### For more information If you have any questions or comments about this advisory, please pen an issue in [junit-team/junit4](https://github.com/junit-team/junit4/issues).\",\n \"published\": \"2020-10-12T17:33:00Z\",\n \"updated\": \"2023-02-01T05:04:50Z\",\n \"affects\": [\n {\n \"ref\": \"8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component junit/junit@4.12 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8005328c-f1b3-4ac3-8aa6-1e5013d8cef2\n\n- Group: junit\n\n- Name: junit\n\n- Version: 4.12\n\n- Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\",\n \"url\": \"http://www.eclipse.org/legal/epl-v10.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "ratings": "INTERNAL - high" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "INT-f70z-tbpp-4o5d", + "id": "INT-f70z-tbpp-4o5d", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"4ad3464b-09c7-40fa-ab51-754f3f196cd4\",\n \"id\": \"INT-f70z-tbpp-4o5d\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [], + "bom-ref": "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad", + "ratings": "INTERNAL - low" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "INTERNAL" + } + } + ] + } + ], + "source_location": {}, + "title": "testing", + "id": "INT-63e3-49kp-blqt", + "desc": "Description: testing", + "impact": 0.3, + "code": "{\n \"bom-ref\": \"0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad\",\n \"id\": \"INT-63e3-49kp-blqt\",\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"INTERNAL\"\n },\n \"severity\": \"low\",\n \"method\": \"other\"\n }\n ],\n \"description\": \"testing\",\n \"affects\": [\n {\n \"ref\": \"0052b14c-fb6a-404e-89fb-48cad6d2535d\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component net.bytebuddy/byte-buddy@1.9.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 0052b14c-fb6a-404e-89fb-48cad6d2535d\n\n- Group: net.bytebuddy\n\n- Name: byte-buddy\n\n- Version: 1.9.7\n\n- Description: Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "1f182b73-afb8-424c-8e08-533a0f702076", + "ratings": "GITHUB - high", + "published": "2022-02-09T22:57:29Z", + "updated": "2024-06-27T16:39:59Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "id": "GHSA-j8jw-g6fq-mp7h", + "desc": "Description: A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"1f182b73-afb8-424c-8e08-533a0f702076\",\n \"id\": \"GHSA-j8jw-g6fq-mp7h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.\",\n \"published\": \"2022-02-09T22:57:29Z\",\n \"updated\": \"2024-06-27T16:39:59Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-89" + ], + "bom-ref": "8ba20df5-3877-4825-a8f2-b52e2d2f86d8", + "ratings": "GITHUB - medium", + "published": "2022-02-10T23:05:04Z", + "updated": "2024-06-27T18:05:49Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "id": "GHSA-8grg-q944-cch5", + "desc": "Description: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8ba20df5-3877-4825-a8f2-b52e2d2f86d8\",\n \"id\": \"GHSA-8grg-q944-cch5\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 89\n ],\n \"description\": \"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.\",\n \"published\": \"2022-02-10T23:05:04Z\",\n \"updated\": \"2024-06-27T18:05:49Z\",\n \"affects\": [\n {\n \"ref\": \"8c0378f7-4c0e-4ee3-849d-740b0035c371\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.hibernate/hibernate-core@5.2.18.Final is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 8c0378f7-4c0e-4ee3-849d-740b0035c371\n\n- Group: org.hibernate\n\n- Name: hibernate-core\n\n- Version: 5.2.18.Final\n\n- Description: The core O/RM functionality as provided by Hibernate\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"GNU Lesser General Public License\",\n \"url\": \"http://www.gnu.org/licenses/lgpl-2.1.html\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "55ebe39e-12f6-4360-aeba-9913ef7efb68", + "ratings": "GITHUB - critical", + "published": "2020-06-05T16:13:36Z", + "updated": "2023-01-27T05:02:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "id": "GHSA-hwj3-m3p6-hj38", + "desc": "Description: dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.", + "impact": 1, + "code": "{\n \"bom-ref\": \"55ebe39e-12f6-4360-aeba-9913ef7efb68\",\n \"id\": \"GHSA-hwj3-m3p6-hj38\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to `dom4j:dom4j` version 1.x legacy artifacts. To resolve this a change to the latest version of `org.dom4j:dom4j` is recommended.\",\n \"published\": \"2020-06-05T16:13:36Z\",\n \"updated\": \"2023-01-27T05:02:30Z\",\n \"affects\": [\n {\n \"ref\": \"627bb70b-4b85-4801-8239-f03de04ca5db\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.dom4j/dom4j@2.1.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 627bb70b-4b85-4801-8239-f03de04ca5db\n\n- Group: org.dom4j\n\n- Name: dom4j\n\n- Version: 2.1.1\n\n- Description: flexible XML framework for Java\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"BSD 3-clause New License\",\n \"url\": \"https://github.com/dom4j/dom4j/blob/master/LICENSE\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-79" + ], + "bom-ref": "8c0002e8-9326-40f7-9209-51020755ff02", + "ratings": "GITHUB - medium", + "published": "2021-06-03T23:40:23Z", + "updated": "2023-02-01T05:05:30Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "id": "GHSA-7r82-7xv7-xcpj", + "desc": "Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"8c0002e8-9326-40f7-9209-51020755ff02\",\n \"id\": \"GHSA-7r82-7xv7-xcpj\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 79\n ],\n \"description\": \"Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.\",\n \"published\": \"2021-06-03T23:40:23Z\",\n \"updated\": \"2023-02-01T05:05:30Z\",\n \"affects\": [\n {\n \"ref\": \"893beba4-580b-4ada-a4cf-067fbe145507\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.apache.httpcomponents/httpclient@4.5.7 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 893beba4-580b-4ada-a4cf-067fbe145507\n\n- Group: org.apache.httpcomponents\n\n- Name: httpclient\n\n- Version: 4.5.7\n\n- Description: Apache HttpComponents Client\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "bom-ref": "7b0674fc-e326-47d0-b34b-b5bfb523784b", + "ratings": "GITHUB - critical", + "published": "2022-03-05T00:00:45Z", + "updated": "2023-01-27T05:02:46Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "id": "GHSA-jvfv-hrrc-6q72", + "desc": "Description: The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.", + "impact": 1, + "code": "{\n \"bom-ref\": \"7b0674fc-e326-47d0-b34b-b5bfb523784b\",\n \"id\": \"GHSA-jvfv-hrrc-6q72\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"critical\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"The XMLChangeLogSAXParser() function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference.\",\n \"published\": \"2022-03-05T00:00:45Z\",\n \"updated\": \"2023-01-27T05:02:46Z\",\n \"affects\": [\n {\n \"ref\": \"ab3bfc00-8d35-4a4d-b314-86573681d910\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.liquibase/liquibase-core@3.6.3 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: ab3bfc00-8d35-4a4d-b314-86573681d910\n\n- Group: org.liquibase\n\n- Name: liquibase-core\n\n- Version: 3.6.3\n\n- Description: Liquibase is a tool for managing and executing database changes.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"Apache-2.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400", + "CWE-410" + ], + "bom-ref": "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "ratings": "GITHUB - high", + "published": "2022-07-07T20:55:40Z", + "updated": "2023-07-24T19:39:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "id": "GHSA-wgmr-mf83-7x4j", + "desc": "Description: ### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c3fdf61d-7886-423b-8a29-b6ab6790c127\",\n \"id\": \"GHSA-wgmr-mf83-7x4j\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400,\n 410\n ],\n \"description\": \"### Description Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. ### Impact A malicious client may render the server unresponsive. ### Patches The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10. ### Workarounds No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) ### For more information If you have any questions or comments about this advisory: * Email us at security@webtide.com.\",\n \"published\": \"2022-07-07T20:55:40Z\",\n \"updated\": \"2023-07-24T19:39:20Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "affa7af3-427f-4223-8028-d9ac45e80e08", + "ratings": "GITHUB - medium", + "published": "2023-10-10T21:28:24Z", + "updated": "2024-06-21T21:34:00Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "id": "GHSA-qppj-fm5r-hxr3", + "desc": "Description: ## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"affa7af3-427f-4223-8028-d9ac45e80e08\",\n \"id\": \"GHSA-qppj-fm5r-hxr3\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"## HTTP/2 Rapid reset attack The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require the client and server to coordinate the cancellation in any way, the client may do it unilaterally. The client may also assume that the cancellation will take effect immediately when the server receives the RST_STREAM frame, before any other data from that TCP connection is processed. Abuse of this feature is called a Rapid Reset attack because it relies on the ability for an endpoint to send a RST_STREAM frame immediately after sending a request frame, which makes the other endpoint start working and then rapidly resets the request. The request is canceled, but leaves the HTTP/2 connection open. The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth. In a typical HTTP/2 server implementation, the server will still have to do significant amounts of work for canceled requests, such as allocating new stream data structures, parsing the query and doing header decompression, and mapping the URL to a resource. For reverse proxy implementations, the request may be proxied to the backend server before the RST_STREAM frame is processed. The client on the other hand paid almost no costs for sending the requests. This creates an exploitable cost asymmetry between the server and the client. Multiple software artifacts implementing HTTP/2 are affected. This advisory was originally ingested from the `swift-nio-http2` repo advisory and their original conent follows. ## swift-nio-http2 specific advisory swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new `Channel`s to serve the traffic. This can easily overwhelm an `EventLoop` and prevent it from making forward progress. swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.\",\n \"published\": \"2023-10-10T21:28:24Z\",\n \"updated\": \"2024-06-21T21:34:00Z\",\n \"affects\": [\n {\n \"ref\": \"55521fe9-aed2-403e-9df2-75fc5af90f54\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-server@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 55521fe9-aed2-403e-9df2-75fc5af90f54\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-server\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "ratings": "GITHUB - high", + "published": "2024-02-26T20:13:46Z", + "updated": "2024-05-02T18:38:19Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "id": "GHSA-rggv-cv7r-mw98", + "desc": "Description: ### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"bc8ec43b-7cba-4167-9a9d-901fcb443ac8\",\n \"id\": \"GHSA-rggv-cv7r-mw98\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers. ### Patches Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6 ### Workarounds Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected. ### References * https://github.com/jetty/jetty.project/issues/11256.\",\n \"published\": \"2024-02-26T20:13:46Z\",\n \"updated\": \"2024-05-02T18:38:19Z\",\n \"affects\": [\n {\n \"ref\": \"f4a06b14-3945-4381-b3dd-b46407b02b6b\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-common@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: f4a06b14-3945-4381-b3dd-b46407b02b6b\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-common\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-190" + ], + "bom-ref": "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9", + "ratings": "GITHUB - high", + "published": "2023-10-10T21:16:23Z", + "updated": "2024-06-21T21:33:57Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "id": "GHSA-wgh7-54f2-x98r", + "desc": "Description: An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\"Header too large %d > %d\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634", + "impact": 0.7, + "code": "{\n \"bom-ref\": \"c8bd5d7e-e9be-459c-b6e2-05de86a00bb9\",\n \"id\": \"GHSA-wgh7-54f2-x98r\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"high\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 190\n ],\n \"description\": \"An integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java 291 public void checkSize(int length, boolean huffman) throws SessionException 292 { 293 // Apply a huffman fudge factor 294 if (huffman) 295 length = (length * 4) / 3; 296 if ((_size + length) > _maxSize) 297 throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); 298 } ``` However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. (_size+length) will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. In `MetaDataBuilder.java`, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: ```java public void checkSize(int length, boolean huffman) throws SessionException { // Apply a huffman fudge factor if (huffman) length = (length * 4) / 3; if ((_size + length) > _maxSize) throw new HpackException.SessionException(\\\"Header too large %d > %d\\\", _size + length, _maxSize); } ``` However, no exception is thrown in the case of a negative size. Later, in `Huffman.decode`, the user-entered length is multiplied by 2 before allocating a buffer: ```java public static String decode(ByteBuffer buffer, int length) throws HpackException.CompressionException { Utf8StringBuilder utf8 = new Utf8StringBuilder(length * 2); // ... ``` This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. ### Exploit Scenario 1 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ffffffffff02. Each time this header is decoded: + `HpackDecode.decode` will determine that a Huffman-coded value of length 805306494 needs to be decoded. + `MetaDataBuilder.checkSize` will approve this length. + Huffman.decode will allocate a 1.6 GB string array. + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens. (Note: this can be delayed by appending valid huffman-coded characters to the end of the header.) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Exploit Scenario 2 An attacker repeatedly sends HTTP messages with the HPACK header 0x00ff8080ffff0b. Each time this header is decoded: + HpackDecode.decode will determine that a Huffman-coded value of length -1073758081 needs to be decoded + MetaDataBuilder.checkSize will approve this length + The number will be multiplied by 2 to get 2147451134, and Huffman.decode will allocate a 2.1 GB string array + Huffman.decode will have a buffer overflow error, and the array will be deallocated the next time garbage collection happens (Note that this deallocation can be delayed by adding valid Huffman-coded characters to the end of the header) Depending on the timing of garbage collection, the number of threads, and the amount of memory available on the server, this may cause the server to run out of memory. ### Impact Users of HTTP/2 can be impacted by a remote denial of service attack. ### Patches Fixed in Jetty 10.0.16 and Jetty 11.0.16 Fixed in Jetty 9.4.53 Jetty 12.x is unaffected. ### Workarounds No workarounds possible, only patched versions of Jetty. ### References * https://github.com/eclipse/jetty.project/pull/9634\",\n \"published\": \"2023-10-10T21:16:23Z\",\n \"updated\": \"2024-06-21T21:33:57Z\",\n \"affects\": [\n {\n \"ref\": \"d2a5e2bf-ead6-4768-866a-385166eb6709\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: d2a5e2bf-ead6-4768-866a-385166eb6709\n\n- Group: org.eclipse.jetty.http2\n\n- Name: http2-hpack\n\n- Version: 9.4.18.v20190429\n\n- Description: The Eclipse Jetty Project\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"EPL-1.0\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-295" + ], + "bom-ref": "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "ratings": "GITHUB - medium", + "published": "2018-10-18T18:06:08Z", + "updated": "2023-01-09T05:03:38Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "id": "GHSA-w4g2-9hj6-5472", + "desc": "Description: Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"f987bc98-65f5-402b-8b39-7e8e3e730ebe\",\n \"id\": \"GHSA-w4g2-9hj6-5472\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 295\n ],\n \"description\": \"Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.\",\n \"published\": \"2018-10-18T18:06:08Z\",\n \"updated\": \"2023-01-09T05:03:38Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-400" + ], + "bom-ref": "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a", + "ratings": "GITHUB - medium, GITHUB - info", + "published": "2023-10-24T01:49:09Z", + "updated": "2023-11-05T05:04:23Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "id": "GHSA-mm8h-8587-p46h", + "desc": "Description: ### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \"A\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\"Send Finish\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\"Received Length : \" + s.length()); }else{ System.out.println(\"null\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"5acc2eee-8433-4a66-b9c5-3dcc7be5b29a\",\n \"id\": \"GHSA-mm8h-8587-p46h\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"medium\",\n \"method\": \"other\"\n },\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 400\n ],\n \"description\": \"### Summary `maxBodyLebgth` was not used when receiving Message objects. Attackers could just send a very large Message causing a memory overflow and triggering an OOM Error. ### PoC #### RbbitMQ * Use RabbitMQ 3.11.16 as MQ and specify Message Body size 512M (here it only needs to be larger than the Consumer memory) * Start RabbitMQ #### Producer * Build a String of length 256M and send it to Consumer ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Producer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); String s = \\\"A\\\"; for(int i=0;i<28;++i){ s = s + s; System.out.println(i); } amqpTemplate.convertAndSend(s); System.out.println(\\\"Send Finish\\\"); } } ``` #### Consumer * First set the heap memory size to 128M * Read the message sent by the Producer from the MQ and print the length ``` package org.springframework.amqp.helloworld; import org.springframework.amqp.core.AmqpTemplate; import org.springframework.amqp.core.Message; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; public class Consumer { public static void main(String[] args) { ApplicationContext context = new AnnotationConfigApplicationContext(HelloWorldConfiguration.class); AmqpTemplate amqpTemplate = context.getBean(AmqpTemplate.class); Object o = amqpTemplate.receiveAndConvert(); if(o != null){ String s = o.toString(); System.out.println(\\\"Received Length : \\\" + s.length()); }else{ System.out.println(\\\"null\\\"); } } } ``` #### Results * Run the Producer first, then the Consumer * Consumer throws OOM Exception ### Impact Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer.\",\n \"published\": \"2023-10-24T01:49:09Z\",\n \"updated\": \"2023-11-05T05:04:23Z\",\n \"affects\": [\n {\n \"ref\": \"2687d928-5b18-4ce5-ab4c-8ef513f0b48c\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component com.rabbitmq/amqp-client@4.4.1 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: 2687d928-5b18-4ce5-ab4c-8ef513f0b48c\n\n- Group: com.rabbitmq\n\n- Name: amqp-client\n\n- Version: 4.4.1\n\n- Description: The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.\n\n- Licenses: [\n {\n \"license\": {\n \"id\": \"MPL-1.1\"\n }\n }\n]", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-502" + ], + "bom-ref": "815a1358-2bd4-4028-bd3e-8219747c78f6", + "ratings": "GITHUB - unknown", + "published": "2022-01-06T23:55:09Z", + "updated": "2023-02-25T00:31:20Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "id": "GHSA-h376-j262-vhq6", + "desc": "Description: ### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"815a1358-2bd4-4028-bd3e-8219747c78f6\",\n \"id\": \"GHSA-h376-j262-vhq6\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"unknown\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 502\n ],\n \"description\": \"### Impact H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet). It is also possible to load them by creation a linked table in these versions, but it requires `ADMIN` privileges and user with `ADMIN` privileges has full access to the Java process by design. These privileges should never be granted to untrusted users. ### Patches Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used. ### Workarounds H2 Console should never be available to untrusted users. `-webAllowOthers` is a dangerous setting that should be avoided. H2 Console Servlet deployed on a web server can be protected with a security constraint: https://h2database.com/html/tutorial.html#usingH2ConsoleServlet If `webAllowOthers` is specified, you need to uncomment and edit `` and `` as necessary. See documentation of your web server for more details. ### References This issue was found and privately reported to H2 team by [JFrog Security](https://www.jfrog.com/)'s vulnerability research team with detailed information.\",\n \"published\": \"2022-01-06T23:55:09Z\",\n \"updated\": \"2023-02-25T00:31:20Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "results": [ + { + "status": "skipped", + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cci": [ + "CCI-002605", + "CCI-001643" + ], + "cwe": [ + "CWE-88" + ], + "bom-ref": "c8a50465-16df-44e0-84e9-7acff5870a51", + "ratings": "GITHUB - info", + "published": "2022-01-21T23:07:39Z", + "updated": "2023-08-18T15:47:05Z" + }, + "descriptions": [], + "refs": [ + { + "ref": [ + { + "source": { + "name": "GITHUB", + "url": "https://github.com/advisories" + } + } + ] + } + ], + "source_location": {}, + "title": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "id": "GHSA-45hx-wfhj-473x", + "desc": "Description: H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.", + "impact": 0.5, + "code": "{\n \"bom-ref\": \"c8a50465-16df-44e0-84e9-7acff5870a51\",\n \"id\": \"GHSA-45hx-wfhj-473x\",\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"GITHUB\",\n \"url\": \"https://github.com/advisories\"\n },\n \"severity\": \"info\",\n \"method\": \"other\"\n }\n ],\n \"cwes\": [\n 88\n ],\n \"description\": \"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.\",\n \"published\": \"2022-01-21T23:07:39Z\",\n \"updated\": \"2023-08-18T15:47:05Z\",\n \"affects\": [\n {\n \"ref\": \"c19e7b95-5753-489e-b720-c9dd79f15cc8\"\n }\n ]\n}", + "results": [ + { + "status": "skipped", + "code_desc": "Component com.h2database/h2@1.4.197 is vulnerable", + "message": "-Component Summary-\n\n- Type: library\n\n- Bom-ref: c19e7b95-5753-489e-b720-c9dd79f15cc8\n\n- Group: com.h2database\n\n- Name: h2\n\n- Version: 1.4.197\n\n- Description: H2 Database Engine\n\n- Licenses: [\n {\n \"license\": {\n \"name\": \"MPL 2.0 or EPL 1.0\",\n \"url\": \"http://h2database.com/html/license.html\"\n }\n }\n]", + "start_time": "", + "skip_message": "Manual review required because a CycloneDX rating severity is set to `info` or `unknown`." + } + ] + } + ], + "sha256": "22b4ee8c7d3d66424b9fe6ad562b5434f836acc2fb780c89216dbea1d0c21bc7" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "bom-ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "group": "org.eclipse.jetty.alpn", + "name": "alpn-api", + "version": "1.1.3.v20160715", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "18383950cc83169b8ed61c03fd926e0c" + }, + { + "alg": "SHA-1", + "content": "a1bf3a937f91b4c953acd13e8c9552347adc2198" + }, + { + "alg": "SHA-256", + "content": "07be99758b699e194f70fb9784d94202dc6c98212877829e3d72b020f2660576" + }, + { + "alg": "SHA-512", + "content": "b9570b3323337dcdc192e640288633743736ef9206adc4cda88db7da77df49732bba0a4e85613225ffec32ac72c415a84fcd2353c04f8708dad85142a2b439f8" + }, + { + "alg": "SHA3-256", + "content": "c7e69d1f5833cd414f62dfb456a8dee75520366e88a1af4db9b76a14d800b356" + }, + { + "alg": "SHA3-512", + "content": "3a4c64a3cb12158119183584c79e5523bc2e460ae942a2927a9f5452e3b0c032442748f4e426466921a3d9f618095901f26a0de77f4e30650c8e22ee79da873c" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.alpn/alpn-api@1.1.3.v20160715?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.alpn.git/tree" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "group": "com.rabbitmq", + "name": "amqp-client", + "version": "4.4.1", + "description": "The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.", + "hashes": [ + { + "alg": "MD5", + "content": "1a2a6feac205524a636c06d86af2df2c" + }, + { + "alg": "SHA-1", + "content": "c442f6501595a6fb9c029409eca94888cc9a3106" + }, + { + "alg": "SHA-256", + "content": "fcbe7ddc4be88823b881f35c12bca55b561c795d03aefe746a0452029ec179cc" + }, + { + "alg": "SHA-512", + "content": "8d78db5a1a3939a20a10b33f41b2ca3adb746672b276e87cc08aabb84dd27a069755294bd23c483ecf0d25c0e669fddae6f96742dd127d8476a9d6a6f8e22e57" + }, + { + "alg": "SHA3-256", + "content": "4866a931a2e38b4b0b4bcec77f77e8b83edf3b4b527913f827767a926c8b3b24" + }, + { + "alg": "SHA3-512", + "content": "a1b503bd1f8762c0b0434af451f6a579b20225aa5f23548cd521e3f007c17fedaf2c9fd7667606c06bbb63cdfbfbce28800de9506bb2c2564020b34447d600c9" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-1.1" + } + } + ], + "purl": "pkg:maven/com.rabbitmq/amqp-client@4.4.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.rabbitmq.com" + }, + { + "type": "vcs", + "url": "https://github.com/rabbitmq/rabbitmq-java-client" + } + ], + "affectingVulnerabilities": [ + "f987bc98-65f5-402b-8b39-7e8e3e730ebe", + "5acc2eee-8433-4a66-b9c5-3dcc7be5b29a" + ] + }, + { + "type": "library", + "bom-ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "group": "org.codehaus.mojo", + "name": "animal-sniffer-annotations", + "version": "1.14", + "description": "Animal Sniffer Parent project.", + "hashes": [ + { + "alg": "MD5", + "content": "9d42e46845c874f1710a9f6a741f6c14" + }, + { + "alg": "SHA-1", + "content": "775b7e22fb10026eed3f86e8dc556dfafe35f2d5" + }, + { + "alg": "SHA-256", + "content": "2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d" + }, + { + "alg": "SHA-512", + "content": "9e5e3ea9e06e0ac9463869fd0e08ed38f7042784995a7b50c9bfd7f692a53f0e1430b9e1367dc772d0d4eafe5fd2beabbcc60da5008bd792f9e7ec8436c0f136" + }, + { + "alg": "SHA3-256", + "content": "9b624360f936e928bc63bf44e475d8fd052148c0d0cc56c3c88c26429b430c08" + }, + { + "alg": "SHA3-512", + "content": "5f0a62a96445cfeaf101d2ddc56472621f5c3dafc54ad4b230a373012833b7da83e96af7c07b60a586768361b3bce3f3626ed2cc09fbbd84e840e0714d6344ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.codehaus.mojo/animal-sniffer-annotations@1.14?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://jira.codehaus.org/browse/MANIMALSNIFFER" + }, + { + "type": "vcs", + "url": "http://fisheye.codehaus.org/browse/mojo/tags/animal-sniffer-parent-1.14" + }, + { + "type": "website", + "url": "http://codehaus.org" + }, + { + "type": "build-system", + "url": "http://bamboo.ci.codehaus.org/browse/MOJO" + }, + { + "type": "mailing-list", + "url": "http://markmail.org/list/org.codehaus.mojo.dev" + }, + { + "type": "distribution", + "url": "https://nexus.codehaus.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "group": "antlr", + "name": "antlr", + "version": "2.7.7", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "f8f1352c52a4c6a500b597596501fc64" + }, + { + "alg": "SHA-1", + "content": "83cd2cd674a217ade95a4bb83a8a14f351f48bd0" + }, + { + "alg": "SHA-256", + "content": "88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c" + }, + { + "alg": "SHA-512", + "content": "311c3115f9f6651d1711c52d1739e25a70f25456cacb9a2cdde7627498c30b13d721133cc75b39462ad18812a82472ef1b3b9d64fab5abb0377c12bf82043a74" + }, + { + "alg": "SHA3-256", + "content": "babce5c8beb1d5907a7ed6354589e991da7d8d5cbd86c479abfa1e1dfc4d2eb8" + }, + { + "alg": "SHA3-512", + "content": "3a8ce565280a157dd6e08fb68c317a4c28616099c56bc4992c38cf74a10a54a89e18e7c45190ce8511360798a87adc92f432382f9d9bdde0d56664b50044b517" + } + ], + "licenses": [ + { + "license": { + "name": "BSD License", + "url": "http://www.antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/antlr/antlr@2.7.7?type=jar" + }, + { + "type": "library", + "bom-ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "group": "org.antlr", + "name": "antlr-runtime", + "version": "3.4", + "description": "A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.", + "hashes": [ + { + "alg": "MD5", + "content": "0e0318be407e51fdf7ba6777eabfdf73" + }, + { + "alg": "SHA-1", + "content": "8f011408269a8e42b8548687e137d8eeb56df4b4" + }, + { + "alg": "SHA-256", + "content": "5b7cf53b7b30b034023f58030c8147c433f2bee0fe7dec8fae6bebf3708c5a63" + }, + { + "alg": "SHA-512", + "content": "1786aff2df4664483adcb319e64be7b69b643ac9508c3f11796b5aa45b9072b46f53f0a21b2ff7291162afe81506de16161746273e4532ebad75adbd81203f0d" + }, + { + "alg": "SHA3-256", + "content": "3f6cf631e9f792a41128400f8690266d915c0588ef85073a6cae73624a155b10" + }, + { + "alg": "SHA3-512", + "content": "13d1f73c44e807b36946c21cfd506e91e8cbdf685b770cbc0dcb4e55ec28b5bc91bd90eb7f24ebfd13386a47eccf552dd2a1ab277fccabafdb7a9b40aa9d4fc5" + } + ], + "purl": "pkg:maven/org.antlr/antlr-runtime@3.4?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/antlr" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "group": "org.glassfish.hk2.external", + "name": "aopalliance-repackaged", + "version": "2.5.0-b32", + "description": "Dependency Injection Kernel", + "hashes": [ + { + "alg": "MD5", + "content": "99809f55109881865ce8b47f03522fb6" + }, + { + "alg": "SHA-1", + "content": "6af37c3f8ec6f9e9653ec837eb508da28ce443cd" + }, + { + "alg": "SHA-256", + "content": "32a44ed0258c00bb8f0acf7e4dbf000a377bd48702465f6195f878a6dc2024d6" + }, + { + "alg": "SHA-512", + "content": "5afda7e897fb1135e4cf8ceb1f9f2ae68521c6178552dbe38243461e8422d50011f379e4f66d237190e7609e2d1ba2e9c09267637ecd588d7e286c1a6bfb8b4d" + }, + { + "alg": "SHA3-256", + "content": "3808bbe7fc89ea384068d5edf32f4ebf61cead5fe0fff58c7ac13c23392b8860" + }, + { + "alg": "SHA3-512", + "content": "ea988d271b897cb61a17ddd642f7f31935711bb33710947a812e0c1ab3469077c45247a5224e55a9258bfcdfd502f64286064aa1063b2df07dc880a880e034e3" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/aopalliance-repackaged@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "group": "org.apiguardian", + "name": "apiguardian-api", + "version": "1.0.0", + "description": "@API Guardian", + "hashes": [ + { + "alg": "MD5", + "content": "e3695c130292987799af0d18754fa3fc" + }, + { + "alg": "SHA-1", + "content": "3ef5276905e36f4d8055fe3cb0bdcc7503ffc85d" + }, + { + "alg": "SHA-256", + "content": "1f58b77470d8d147a0538d515347dd322f49a83b9e884b8970051160464b65b3" + }, + { + "alg": "SHA-512", + "content": "127f7e6381642f3f0f8298e5129f31cae947b81c4867caaa419803e6dcfeee5da61f0262d2c10c8ad151f24e82f708ce81b2fda217c31dbb21794e6c9ec71e0a" + }, + { + "alg": "SHA3-256", + "content": "a0c6a10c739f2c5d18a639804edb717b2e100aec3ab73b5560e947c28b829f22" + }, + { + "alg": "SHA3-512", + "content": "54879680c4ac863b6eb3dd2528c02f8c977b127ed2a1d7e123e65baec3c9b33c3d80fd5f0de0cf43eb4f912b6899b2a4753f93bf9883d51e2fd8b8766df3e0c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apiguardian/apiguardian-api@1.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/apiguardian-team/apiguardian" + } + ] + }, + { + "type": "library", + "bom-ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "group": "net.sourceforge.argparse4j", + "name": "argparse4j", + "version": "0.8.1", + "description": "The command-line parser library based on Python's argparse", + "hashes": [ + { + "alg": "MD5", + "content": "8a3077fbee51bc51d0e140be455b6df5" + }, + { + "alg": "SHA-1", + "content": "2c8241f84acf6c924bd75be0dbd68e8d74fbcd70" + }, + { + "alg": "SHA-256", + "content": "98cb5468cac609f3bc07856f2e34088f50dc114181237c48d20ca69c3265d044" + }, + { + "alg": "SHA-512", + "content": "d9c1e626403b0ad0143fffb62a055b71aacb7d59c9957b232a2e7b7ab2cd9299932784d19e6ef8b0172736ab1625eb2d1e25101eaf1666acfc566b7fcd7c819f" + }, + { + "alg": "SHA3-256", + "content": "3b8a944e495c72b5d7e185effda10431dbe60cfa30c9e31d7cd5ebfdfe0fb20e" + }, + { + "alg": "SHA3-512", + "content": "718cec233f4b67bc0fe9210629202aa235aea2bf58a3cc65425cb9d43661d3002677c0534685e08cea3b86cdcb9c5021026c4efdb1820c9700158756bd6bc7b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/net.sourceforge.argparse4j/argparse4j@0.8.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/tatsuhiro-t/argparse4j/issues" + }, + { + "type": "vcs", + "url": "https://github.com/tatsuhiro-t/argparse4j" + } + ] + }, + { + "type": "library", + "bom-ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "group": "org.assertj", + "name": "assertj-core", + "version": "3.9.1", + "description": "Rich and fluent assertions for testing for Java", + "hashes": [ + { + "alg": "MD5", + "content": "b6b5e7d7ab3e4368244ce2ed48b77b2f" + }, + { + "alg": "SHA-1", + "content": "c5ce126b15f28d56cd8f960c1a6a058b9c9aea87" + }, + { + "alg": "SHA-256", + "content": "b433d96281d663d8f97d7b2eda24f6d05345ef3bd7bf9a4ed440d75728bfdb00" + }, + { + "alg": "SHA-512", + "content": "153df8b2394db5c54db79930a26ce45ac8ddcaacbaeb800988c41f17d4f39356a32ba8d17fbe143c412a79c2006e53cc1877b409f880e43d96888801bf92766a" + }, + { + "alg": "SHA3-256", + "content": "da01a0373df89903d5d40eabb595618fb15b14b7cd6420598b85d05bc72242fa" + }, + { + "alg": "SHA3-512", + "content": "8bf381925a0fb7635e8fafbf1b75930a8b129dd3ae9db2ec9d079ad12442a73eb92d34fa454bc3684b7ad59ee2e40cc1509c8a93f1dcded39368fa78b499cbe1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.assertj/assertj-core@3.9.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/joel-costigliola/assertj-core/issues" + }, + { + "type": "mailing-list", + "url": "http://groups.google.com/group/assertj" + }, + { + "type": "build-system", + "url": "https://assertj.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/joel-costigliola/assertj-maven-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "group": "net.bytebuddy", + "name": "byte-buddy", + "version": "1.9.7", + "description": "Byte Buddy is a Java library for creating Java classes at run time. This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.", + "hashes": [ + { + "alg": "MD5", + "content": "3038371407163c76c89749c3a7c458b0" + }, + { + "alg": "SHA-1", + "content": "8fea78fea6449e1738b675cb155ce8422661e237" + }, + { + "alg": "SHA-256", + "content": "69a9140c11de463789a1badfe6c3dcdc17608c4304cb443c5c3a179585b78b39" + }, + { + "alg": "SHA-512", + "content": "20547c1915d941c170b855babf102b6d4b7b651cb76d4328fdc5e67be4cfb898e22d76512b2ed402ba2486ba4954ee75e1753e7de6303a94201ee12056ffb2b7" + }, + { + "alg": "SHA3-256", + "content": "fa80df92900c958e6c9c957552698a20f0a817a309947ee232b97c699db77d3e" + }, + { + "alg": "SHA3-512", + "content": "50b10f18e33843c1ec103ce809a83698f785de2675dd6f1da386db8c6158a6539e6b93ec2e10d1c82c819c3cf4c1f33ca9c2cd68a21d0a5520a707acb7a072fb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ], + "affectingVulnerabilities": [ + "4ad3464b-09c7-40fa-ab51-754f3f196cd4", + "0cdbb69e-0ac6-4efd-ad09-2f8ead5b2aad" + ] + }, + { + "type": "library", + "bom-ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "group": "net.bytebuddy", + "name": "byte-buddy-agent", + "version": "1.9.7", + "description": "The Byte Buddy Java agent allows to access the JVM's HotSwap feature.", + "hashes": [ + { + "alg": "MD5", + "content": "f2c5583a5856a1b68275f70fca2f96fc" + }, + { + "alg": "SHA-1", + "content": "8e7d1b599f4943851ffea125fd9780e572727fc0" + }, + { + "alg": "SHA-256", + "content": "145ce0fab5390374e69b2b4070d65fedaa2b07c3cfad06b330bea1b6dcfa826f" + }, + { + "alg": "SHA-512", + "content": "3b1344ae23e91e02a4465848757f3436f5a51ff58f8a0fe47b032ce5097086a985d927eb23507cc7b29b7a8917ab22942f039949b376f3f27708d3da232e7afb" + }, + { + "alg": "SHA3-256", + "content": "0fc9f6c6083208ef913a49fd9d61d7202477d6ed4c26e0324f4475e656b4fbd6" + }, + { + "alg": "SHA3-512", + "content": "75a397fe519f03352763554688a7e6432c028b2b154a0553d5d647f7873eb5f066e83f454092438a48976f99cfc0c4b7a41b033852129b9cbc29d09cb22f6ec4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.bytebuddy/byte-buddy-agent@1.9.7?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/raphw/maven/ByteBuddy" + }, + { + "type": "issue-tracker", + "url": "https://github.com/raphw/byte-buddy/issues" + } + ] + }, + { + "type": "library", + "bom-ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "group": "org.checkerframework", + "name": "checker-compat-qual", + "version": "2.0.0", + "description": "Checker Qual is the set of annotations (qualifiers) and supporting classes used by the Checker Framework to type check Java source code. Please see artifact: org.checkerframework:checker", + "hashes": [ + { + "alg": "MD5", + "content": "b6fb2610dacd211a3e2c3d8af1b60d0f" + }, + { + "alg": "SHA-1", + "content": "fc89b03860d11d6213d0154a62bcd1c2f69b9efa" + }, + { + "alg": "SHA-256", + "content": "a40b2ce6d8551e5b90b1bf637064303f32944d61b52ab2014e38699df573941b" + }, + { + "alg": "SHA-512", + "content": "fdecc20efd6943426e7f8bdfb8bef9d28258f9f934cf29090e2f5b297c501454606cc28593cd7d089a5c14f6d2dcafc59f4606053405d7f91d623a0e3202f4a8" + }, + { + "alg": "SHA3-256", + "content": "6332c0be53250aaf67b95786e10337e1134ca645aed3b4cc596c68a3555c07fc" + }, + { + "alg": "SHA3-512", + "content": "74780f6c4d9e615c5be2f7149540721bfccd43e71b2d912054b98cf4f1a5ae5506497eca9c76f9e09f988d988bba8a1ec0588684379722044d894594dc787ea4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.checkerframework/checker-compat-qual@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/typetools/checker-framework.git" + } + ] + }, + { + "type": "library", + "bom-ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "group": "com.fasterxml", + "name": "classmate", + "version": "1.4.0", + "description": "Library for introspecting types with full generic information including resolving of field and method types.", + "hashes": [ + { + "alg": "MD5", + "content": "85716d3adddffaaacb5e316be6681bf0" + }, + { + "alg": "SHA-1", + "content": "291658ac2ce2476256c7115943652c0accb5c857" + }, + { + "alg": "SHA-256", + "content": "2829acc59abf4aa6b72579697a0391c0fc69df7772ae59c58e0237f909cd6803" + }, + { + "alg": "SHA-512", + "content": "0bb96809e508b3ec20f8da070cdf5c795b71e17311a1a7d09818a93410ceb60cbbd95482c2d13bb920d391f5a5eee3a959cf739533a94f6539775458fe7229d0" + }, + { + "alg": "SHA3-256", + "content": "2cb64a48cd3ca0136553131ce87fe52d5a0f322334d65fbab60132df09d3c8d6" + }, + { + "alg": "SHA3-512", + "content": "56fb69f960f9e15c7dedc17d8d762c03bbae850180c2911ace44c4b7e1f0ce4a6dcad784e6acf01d63cad81a2d3746e4863a8d43a4d78e620506bf125d9340ec" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml/classmate@1.4.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://fasterxml.com" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/java-classmate" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "group": "commons-codec", + "name": "commons-codec", + "version": "1.11", + "description": "The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "567159b1ae257a43e1391a8f59d24cfe" + }, + { + "alg": "SHA-1", + "content": "3acb4705652e16236558f0f4f2192cc33c3bd189" + }, + { + "alg": "SHA-256", + "content": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d" + }, + { + "alg": "SHA-512", + "content": "d9586162b257386b5871e7e9ae255a38014a9efaeef5148de5e40a3b0200364dad8516bddd554352aa2e5337bec2cc11df88c76c4fdde96a40f3421aa60650d7" + }, + { + "alg": "SHA3-256", + "content": "90ec34f9701a8b212c65e6167c505ea6417289f910deedcac8517075b8349728" + }, + { + "alg": "SHA3-512", + "content": "101bc04efae2bd16d7923e61bca922c4a006b0e4b34909e0f8865196cb4df4f4f6269737c17880b4dfd0309cb487b806e88d09c6e1a7dc70237563b3f4312f7f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/commons-codec/commons-codec@1.11?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/CODEC" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/codec/trunk" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "group": "org.apache.commons", + "name": "commons-lang3", + "version": "3.8.1", + "description": "Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang.", + "hashes": [ + { + "alg": "MD5", + "content": "540b1256d887a6993ecbef23371a3302" + }, + { + "alg": "SHA-1", + "content": "6505a72a097d9270f7a9e7bf42c4238283247755" + }, + { + "alg": "SHA-256", + "content": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68" + }, + { + "alg": "SHA-512", + "content": "fb0fe98385496a565678a000c26a3245082abfbf879cc29a35112b4bf18c966697a7a63bb1fd2fae4a42512cd3de5a2e6dc9d1df4a4058332a6ddeae06cdf667" + }, + { + "alg": "SHA3-256", + "content": "4e708ddf8ed0c6dbd8c6bba07e06425b5d263d899884b91bf11f86ec0d6f8463" + }, + { + "alg": "SHA3-512", + "content": "f43e89519e803e976f7b4d756d934be802ab36077cf2dc38dd9aa901eaf7104e58157859f45ccef7b38e072007a60f17270923e2ed7eabd41a4c776dee1458e1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-lang3@3.8.1?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/LANG" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-lang.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "group": "org.apache.commons", + "name": "commons-math3", + "version": "3.2", + "description": "The Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.", + "hashes": [ + { + "alg": "MD5", + "content": "aaa32530c0f744813570ff73db018698" + }, + { + "alg": "SHA-1", + "content": "ec2544ab27e110d2d431bdad7d538ed509b21e62" + }, + { + "alg": "SHA-256", + "content": "6268a9a0ea3e769fc493a21446664c0ef668e48c93d126791f6f3f757978fee2" + }, + { + "alg": "SHA-512", + "content": "80fb66a51688c4247b957f9787921e5acb9144d71a4ab0b03b2c30f46427e50c53e6e31ca5ddb04dab2cf5e7c0eedae168103c719f8074be464918ab2e4d6e6d" + }, + { + "alg": "SHA3-256", + "content": "4e5c701b4c417493bdb70d4c3f3bfb6019a6eec3c5f17dcce028158de624318c" + }, + { + "alg": "SHA3-512", + "content": "3a19552d33cbe62a0d174efa39054fbe5e23f7cb466c46616c27480381f232daa2c64c868b354ed965c5d84fbfece08e30e59bc672e3891baf2bb8141b5db8c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-math3@3.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/MATH" + }, + { + "type": "vcs", + "url": "http://svn.apache.org/viewvc/commons/proper/math/trunk" + }, + { + "type": "build-system", + "url": "http://vmbuild.apache.org/continuum/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "group": "org.apache.commons", + "name": "commons-text", + "version": "1.2", + "description": "Apache Commons Text is a library focused on algorithms working on strings.", + "hashes": [ + { + "alg": "MD5", + "content": "c0aec8d4d92fc9e1a4752884f5f880f0" + }, + { + "alg": "SHA-1", + "content": "74acdec7237f576c4803fff0c1008ab8a3808b2b" + }, + { + "alg": "SHA-256", + "content": "d4a57bbc1627da7c391308fd0fe910b83170fb66afd117236a5b111d2db1590b" + }, + { + "alg": "SHA-512", + "content": "97ca47f05b18a8dd67a253bae7d5ec6adab93a061c2565615773f0efc07382193c9ce29ed1f8abdd67dbe62b033e17bf2f71f67a3db2a99abb7aa3215b541c11" + }, + { + "alg": "SHA3-256", + "content": "5527aa3ffcd1303fac2779f9908f3a39bd3745c03a840fbc106aa952d5a0a128" + }, + { + "alg": "SHA3-512", + "content": "1b87bf1800138c403b67c273346fc7ea721fac09903e8cf6b11f8cfa57f2f91c577000834ad1f38e2b21f695685ea6c03ae9bd21323fe4a7690c7dca3344e350" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.commons/commons-text@1.2?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/TEXT" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=commons-text.git" + }, + { + "type": "build-system", + "url": "https://builds.apache.org/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/commons-user/" + }, + { + "type": "website", + "url": "https://www.apache.org/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "group": "com.github.spullara.mustache.java", + "name": "compiler", + "version": "0.9.6", + "description": "Implementation of mustache.js for Java", + "hashes": [ + { + "alg": "MD5", + "content": "9245fdbf50ad59ea81781ebdaa8cdb02" + }, + { + "alg": "SHA-1", + "content": "1b8707299c34406ed0ba40bbf8513352ac4765c9" + }, + { + "alg": "SHA-256", + "content": "c4d697fd3619cb616cc5e22e9530c8a4fd4a8e9a76953c0655ee627cb2d22318" + }, + { + "alg": "SHA-512", + "content": "d29e5022a4e7c99a8cc4b9f171471cf3e96103aeed26f32ae7a5db38e62811b3dc97e47ce8659c0b430fd11f1cb3f679c5465cab0458d7a474fba7e78a987887" + }, + { + "alg": "SHA3-256", + "content": "e17ec4a48044d5cbc941cdd9020fdda30b5402c2d533bec6a910729293d2aa89" + }, + { + "alg": "SHA3-512", + "content": "7e61b2eb36f9e239c4e2679c529d87ab2b2ed0ecb8537cbbd89b604bfce9b09ed716c2a95a80cf9a75eee2d0b85a2958e44bc6540ba5b22f163090a5912c6ad6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/com.github.spullara.mustache.java/compiler@0.9.6?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/spullara/mustache.java" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "group": "org.dom4j", + "name": "dom4j", + "version": "2.1.1", + "description": "flexible XML framework for Java", + "hashes": [ + { + "alg": "MD5", + "content": "f5710c1d5f5627ae5ce850a0b12ea87a" + }, + { + "alg": "SHA-1", + "content": "3dce5dbb3571aa820c677fadd8349bfa8f00c199" + }, + { + "alg": "SHA-256", + "content": "a2ef5fb4990b914a31176c51f6137f6f04253dd165420985051f9fd4fb032128" + }, + { + "alg": "SHA-512", + "content": "547da0752ffb12ce40800449376f2f7e20f053f816de4ae8adf1a4fad5a3b87ce4e98e95650671a6c9cdcbbf7c20a4b61e711e5ae8d324c923d508bcb07e02e1" + }, + { + "alg": "SHA3-256", + "content": "e0d00e2f06b89df74355383e657d0b7b2a67b4fe3b5de58967eaa27fa0efad90" + }, + { + "alg": "SHA3-512", + "content": "00e4ce0afa1bff9f0abd1d9fd07d76157f26347b4d6931314f6f082c528bb5e60c32eb9bb16c23f5adc5ee5dcb902135fed2a4a5cb3995afb143f1fe1f938959" + } + ], + "licenses": [ + { + "license": { + "name": "BSD 3-clause New License", + "url": "https://github.com/dom4j/dom4j/blob/master/LICENSE" + } + } + ], + "purl": "pkg:maven/org.dom4j/dom4j@2.1.1?type=jar", + "affectingVulnerabilities": [ + "55ebe39e-12f6-4360-aeba-9913ef7efb68" + ] + }, + { + "type": "library", + "bom-ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "group": "io.dropwizard", + "name": "dropwizard-assets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3719b35ea00aaf249df2f6c237e0d461" + }, + { + "alg": "SHA-1", + "content": "f2aa63c48a04fc2fdbbc43d3bb25c306417c30ab" + }, + { + "alg": "SHA-256", + "content": "81df72b28d351db2a8df88899ef172c3fefc8135149e6e5016c3f88db340fdcf" + }, + { + "alg": "SHA-512", + "content": "1136296518c97a285e68b0bbd6800c3183b8cd208e2b316ecf0e6b24147b278559e479705b7df3ce83913df5b8d93108afd20ca91ddfaa23d1924d6534f82d11" + }, + { + "alg": "SHA3-256", + "content": "fe44aa9d27c700520603cec3f51df630e228e0f73d1c450e01c3f9e21f02610e" + }, + { + "alg": "SHA3-512", + "content": "ef1c4284b016ba0c303aa74ce20271314cdd9c63686837c73b55656eacf0a22f2d3d883732f6e513dac055842b6b1c1d0e9fa970c7017d969b82ef1c77b2f8de" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-assets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "group": "io.dropwizard", + "name": "dropwizard-auth", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "b70d5efcdd606fa0dc0d866a0ba76e0b" + }, + { + "alg": "SHA-1", + "content": "b232e9397558341feed096a54e04e32ab81c7aad" + }, + { + "alg": "SHA-256", + "content": "94927a479eb07d3cab2242750463569dd6da9c75908b93986dab8c2eda5300b7" + }, + { + "alg": "SHA-512", + "content": "33c794f002c01a3f2880aef2b64b12af4a1d612bc2e7e751f24d65a178e49f7b2158c00486515b1392c340471d7a5e52d73259da7673c32d6b9dfc3870eeffa6" + }, + { + "alg": "SHA3-256", + "content": "d13a6eedc14842abeadc3c0e773ff1bd759de2157099a8df5d62ee1d6da1f949" + }, + { + "alg": "SHA3-512", + "content": "c5ae17254f77d668b20aa32542daf77ef398d428fc34601e6e6aebb8f0676fc8c16c5f0dc8906b58f7ecef3623e29386d296aff07d7f7d54618591da72edb88d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-auth@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "group": "io.dropwizard", + "name": "dropwizard-client", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a7e212ddc51872656b8cde14c6375558" + }, + { + "alg": "SHA-1", + "content": "774ee66da2e18ddb9757c309a9f288a7a95d4ab5" + }, + { + "alg": "SHA-256", + "content": "e1f12b97fab5cbfbefd54f7206f708b1abb767f7db2979ee67a12cced9145af7" + }, + { + "alg": "SHA-512", + "content": "a15aa34a681004c1c41380a85f0f99b5117e426bfbac1bef90fade5f9644443b63e74caf9022fa53fde98eddc915ce52ed37c59a06257b7c21b9fc55367f9995" + }, + { + "alg": "SHA3-256", + "content": "77d63d4f7774e74722101d0e3fe4a3d7aa1aa0dac2d95f823cacf7ea445d372b" + }, + { + "alg": "SHA3-512", + "content": "3856b47365e22680311c71e7740f4327786a88af275fe7d2f6a44b34dc12227b3a76396d87c101c31994993d2fa78db6fbfcffc848c5739d5bc9231186fe4681" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-client@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "group": "io.dropwizard", + "name": "dropwizard-configuration", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "a53483c0d1034d24eb068eacc2b18cc2" + }, + { + "alg": "SHA-1", + "content": "64ede8340cf7e51e9d679876bb8873b5e4900bcb" + }, + { + "alg": "SHA-256", + "content": "a579796dd6a5476f35a7d3e3fde89321c0f1e5afb6c2fcfecf34b1d1b7c2db57" + }, + { + "alg": "SHA-512", + "content": "fc3e2bfe3e0b9ec39a09a6735fa477ea2296d4dbbda6f92a4bf624f3ecdc4e0a226a44f3e433a74e6343012012e1e80b483483696ae6b846249167e5255f207e" + }, + { + "alg": "SHA3-256", + "content": "851afb7c02c5ef78a1b4d8e4a6ac6393b1d105643a4de355a767fa665e44aa13" + }, + { + "alg": "SHA3-512", + "content": "b837c8c006d5909453293a262a826ea24a533a89f9a7c53a67129b3597a07a77b5ba0e95f391806087ee7f82cb12592e6149dbf26bf75fc0c54cab84a9b2c56d" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-configuration@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "group": "io.dropwizard", + "name": "dropwizard-core", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "74aec7bf09a957081b1f607b25bfd532" + }, + { + "alg": "SHA-1", + "content": "53889ab39746957180bddc1636f6680eca0db5d7" + }, + { + "alg": "SHA-256", + "content": "a2799ff0fa69d1b0945f9170e6dd29cdd77ed9618ab48abbfcc56111e85effb5" + }, + { + "alg": "SHA-512", + "content": "1fb1b50c2575c36cb518f48e9153a1253d11c0c5e4576dd3866df0d5171694c8507d8f9b78ca983749dd6a8156b81ceac66e8012583d2bb1d6e55c0f5920fd3f" + }, + { + "alg": "SHA3-256", + "content": "19e5d7375794f5eece12bb30304c2a7fec0076902c1bfba468ee96d9ac83f110" + }, + { + "alg": "SHA3-512", + "content": "b955d7c995291eddc86eee34f8c75301f580c4ce6431053b94f197c03f15ed90cc02025214d7ba1864ba76b809af2c2afe8942b5595993ba81a57078b2946852" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-core@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "group": "io.dropwizard", + "name": "dropwizard-db", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d9ddd3b9a686d7332cdec2628f5b752e" + }, + { + "alg": "SHA-1", + "content": "88dfe54a2b0b04d4254c39b5929a6bccb73c0fb8" + }, + { + "alg": "SHA-256", + "content": "718fc5d891166a4febb26f92560148b8b7a1c39a9f4c5719ca7380974430634f" + }, + { + "alg": "SHA-512", + "content": "3615d6aa65fb7df9f5338d2bd4bccff6e0cebbaceaa067bae04e43a7a1a6852157b23f929ea6a6212fe2928b8b1c6ad3282dfe4c37e60e77df7eea3b716105d5" + }, + { + "alg": "SHA3-256", + "content": "e49bcfe1ce234abeefb3fe5f739322eba64b36ebb0a13cca193da7ab496d29fd" + }, + { + "alg": "SHA3-512", + "content": "6ff81a052e35eb6a923c2af9dea65ab43048e5a839ff8cb94dfd2d13d8666f2ce5bf3160bbd98ef81bea4f7b5e42f8019d4f25e1d93c16411027c8e3e40c4c90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-db@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "group": "io.dropwizard", + "name": "dropwizard-forms", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4038942f9fa1f452cc8ab9fb395e0dae" + }, + { + "alg": "SHA-1", + "content": "171287fe38f430ed81bef0dc5808a6f58f01bd48" + }, + { + "alg": "SHA-256", + "content": "cf55b3d0ae45c0b905380a374a3bfd14fee33f3ec5b5f16a046dc66d505ab4c4" + }, + { + "alg": "SHA-512", + "content": "89e4509a55811c296371099ff91850faa32992eede0f9224c25f395a4d93560f0a4a846060bedc1747fe3bf5a4596b928a4237894292dcbe23762b4ae9c40ea3" + }, + { + "alg": "SHA3-256", + "content": "f205cd66f09419d7e958c1c9be0bb3c3226c74a34cefa4a092474612532ae5c2" + }, + { + "alg": "SHA3-512", + "content": "6f336ddb136efabe64b158f60f11dbcccf606df36600a2195d5cac15d2900f5625ba8eb5a0dba213f4e27386423233e5214f9b188f77816d08e75435cb8047f5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-forms@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "group": "io.dropwizard", + "name": "dropwizard-hibernate", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "449361636c3b63eb9d3acb08c1d36297" + }, + { + "alg": "SHA-1", + "content": "56eda4258aa81aa3abde8e6663bbe6297b870495" + }, + { + "alg": "SHA-256", + "content": "5589a9532d592c6dead117b5990386c178a81d4ec7cb8eab9888a576ce47d24d" + }, + { + "alg": "SHA-512", + "content": "bc121e23e932a8989bb81eb72ce3a65822406dd1b9358f9169f2db7c817585420d7725b0e4a011e8ac82b64879167437180a55469a9aa21ec706d9953f4f8e96" + }, + { + "alg": "SHA3-256", + "content": "782695767ab3f4bd238716842e98c56c4311098d142b388ecb08e92159a85873" + }, + { + "alg": "SHA3-512", + "content": "5e6c66c0cf9fa889b516e485cd233af2234b3e2a4f82962b03c59e95a731392744be7fde88f13c3576141b8866dfb6e6915ed20183a6b06e6aa11226ebaec623" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-hibernate@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "group": "io.dropwizard", + "name": "dropwizard-http2", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "fdc320175f8ebf1f5931a5f8943cfc32" + }, + { + "alg": "SHA-1", + "content": "b8573b698da0fe8b2cf30becf2d4c069085e230b" + }, + { + "alg": "SHA-256", + "content": "c21be0fb74a7e086a39d48f464ffb0b730dc8c2292935f8f6524aa217c36f135" + }, + { + "alg": "SHA-512", + "content": "67759f73350a276e2dda77608f16e2fb6d2b2908af7bb5fc83687508793bd27bcc6998c570945e4ec3e49caeeb05e9ee4d3d4fdb8a77b2147bbc5fd1d1c573e3" + }, + { + "alg": "SHA3-256", + "content": "085dd33c5b983cd03552e8eb69e47ae5a3de85aa363175526e5470bce0f4f69b" + }, + { + "alg": "SHA3-512", + "content": "43a4af9e25df30b2e3c561f921bcdbebc9d782b94faa85f8706e1c79ca77bdeae161b18a4f707509599564115d49152ac03f7bab14bb2cb9d130a4975d8f7315" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-http2@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "group": "io.dropwizard", + "name": "dropwizard-jackson", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "cce5d50fb36cf2ccb1f6020cf2c53092" + }, + { + "alg": "SHA-1", + "content": "498fdd1b14e0341fa4b2ed480520d632470709c0" + }, + { + "alg": "SHA-256", + "content": "1ddb7e6852bcc605f52e5dd4927a532e6e4f6970e8477329cc0cf6e02bcb11bb" + }, + { + "alg": "SHA-512", + "content": "54920733f634fff24fa42e16048e60cbcd8ca9e348c4dae5e8eb6d1606e36d86ba8c32f49a9fb00418a9e2038781599383cc3c1d01353d8e5117d4c366f414e5" + }, + { + "alg": "SHA3-256", + "content": "6dfe904993c5350ef8f04f9eea9335ea5f5179e9d02b2cc057426f96a0aeb485" + }, + { + "alg": "SHA3-512", + "content": "d2e9bddc00edf43a43bc91ee0e74cbf3beff49627fc02fee1870888cc552a9e7a2a518149f0b628a744d5ae00a4f47b3912edba8081c0b5f40e3b289a7fe0822" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jackson@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "group": "io.dropwizard", + "name": "dropwizard-jersey", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "5d4b25a8d01ef9534d6291f004ca8421" + }, + { + "alg": "SHA-1", + "content": "5045bfc77cd931d0020e9d67ef5d3d47916d978f" + }, + { + "alg": "SHA-256", + "content": "3e03434acca7bf73d6e8dc72239d41b28e087200d3cd3759b26319aa49c5cccf" + }, + { + "alg": "SHA-512", + "content": "389fdc36005f478f75687d796f147800d81bafca189233ba7bd6bad263ced8ba2bed450b73b7a2ebe14750186da51970f006835c7dbf6380f5535bece7bb947d" + }, + { + "alg": "SHA3-256", + "content": "7c9a03749ca86a271678b15d9278890b605bf1fe85927c07d4412f481483c45f" + }, + { + "alg": "SHA3-512", + "content": "59da92cfc19ce969cfbb29f597519cdb692d838d191a93d02a6014d896091a8669bd6ed5ddff39bcaabd14866106131be23b6a984b6a8a7813fd655faede4b81" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jersey@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "group": "io.dropwizard", + "name": "dropwizard-jetty", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3e61f73e3ad1a7c63d7b16bcfc6038a0" + }, + { + "alg": "SHA-1", + "content": "bd34674496ae9997dd20d88a9fcda937bd21840e" + }, + { + "alg": "SHA-256", + "content": "7657190b578c7647d3e6d91de4a959580320a0317378b210d9a416635f4e1384" + }, + { + "alg": "SHA-512", + "content": "cb92715afa048b32d0879593f9709d558e4b1b6aa468802b8a1d08b7b6b1fa72eae12c8658c329ef0d8e073fb7a1bab4a9b833bac2887ccaa5d953625470f4db" + }, + { + "alg": "SHA3-256", + "content": "38e8c121e10d2af68bdde88d8136622d76139d018df01b944c7708c8dd9cefe6" + }, + { + "alg": "SHA3-512", + "content": "7cfe066ea4e585b3bc0077332b0a08db9f998e9d83b95480cc148054895728ea72fe5e3b20e249f603e96cbe09ee9985eea527f207d88abef0914b19940af1d5" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-jetty@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "group": "io.dropwizard", + "name": "dropwizard-lifecycle", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "52e054873a8e62623e81231c43cd56a9" + }, + { + "alg": "SHA-1", + "content": "f26a5a8be815680b9d6fcf4df7495c33ff403f80" + }, + { + "alg": "SHA-256", + "content": "20abb321d0095312b8d618b30533d84b12f37d9c3e7bfc473ce205a56a8cf4a5" + }, + { + "alg": "SHA-512", + "content": "fc9ae0ff1d4c94b2456777d6e7b68a8017ff13a04fb49f85344904f6b010fc638f33e8e6ebf9119a450232e5e74c70a8ed55b980afe47d827f320019ab9973a7" + }, + { + "alg": "SHA3-256", + "content": "cba7094cc6a46821fab3edc413e5d07c36e78b7760ba6c5e44df94acaaca98e8" + }, + { + "alg": "SHA3-512", + "content": "daba93cc2420eab38f11389a1eabd408713855ea97772dd87d6be05cd8cf60de1e2de303785721daa85f61e246e75c4bbeaf7602a580d88b2585c090d8957dab" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-lifecycle@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "group": "io.dropwizard", + "name": "dropwizard-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "8f56476f15da17fb8aff8d06a8cd39c9" + }, + { + "alg": "SHA-1", + "content": "3df1411464adf080b5ac7360926eacab3f5120d7" + }, + { + "alg": "SHA-256", + "content": "fcaaf6bcb2f29a0443f4740d5515f6a8b12a0c38e626fa6a503d9bb685275a38" + }, + { + "alg": "SHA-512", + "content": "32435101cf0981814396444592a7d805d35d073fff7c06b2ae1551e6cc6ac7e7686cc740dec87a05a15026cc4d89b208986c770cbf999e3993980c8e4112db47" + }, + { + "alg": "SHA3-256", + "content": "2d848583811a6d544b4212f63805bdf65b849da145e4fa3f6be66d387e34a5e5" + }, + { + "alg": "SHA3-512", + "content": "2daa20182aeebbcd99ff706f08f3a10a68db0ff2874ed93811eb8922b71ca2bb516213ae53eff4efc412c5ea1a940268d9a832fe8e680151f5cacbfe62ec5844" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "group": "io.dropwizard", + "name": "dropwizard-metrics", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "231e9b5003b31c72836118b2b60e6b9c" + }, + { + "alg": "SHA-1", + "content": "4dcf98534424a25e2666c714e0bb4f8ce6c7cc61" + }, + { + "alg": "SHA-256", + "content": "fe67a902fa099d798179aaf8cb73fa2881e18a820b762422e9e25bda84968304" + }, + { + "alg": "SHA-512", + "content": "80d4133cdc506a51f34bdfa35f9e79d11d9e1a6cfbda6d13e10035a286f200a172314aa52b737a7bc4d8a334b6725c20a45cb4d8cb56dabdbbd8378e9aa1b355" + }, + { + "alg": "SHA3-256", + "content": "55e8d3aae67454a70282570b80e4a5b50d19cede8ed6db54609bdba3b7291309" + }, + { + "alg": "SHA3-512", + "content": "88be53fa6a98860edd603e40320f2d59206e08451a11356e089f28bcb9ee36586012f9cb6d0c63ca6b85b527f8f0434c3aa1e3619cf607883a7aed8817fdbdfa" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "group": "io.dropwizard", + "name": "dropwizard-metrics-graphite", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "014be7a674c15f505dc0816c5c544314" + }, + { + "alg": "SHA-1", + "content": "d5be85278fe138a4736bc0e229c73dcd1de2b400" + }, + { + "alg": "SHA-256", + "content": "0739188661d32b28544377073c1966d29a56ea9e28776b5ae7e201c50c580f09" + }, + { + "alg": "SHA-512", + "content": "f2e433cc520f4e49d62cf5af209d353629409d9b1ad3f1b6613d0bc1790a575f528bc88784e0b2517ea044e46e9e67ecef5b1d02cc7f6c1a510d75457bea2c16" + }, + { + "alg": "SHA3-256", + "content": "dba4bed00333d55d4dc55ddd9b9815fdb3b9b575faeae3ba8ff19ef949ee6f61" + }, + { + "alg": "SHA3-512", + "content": "24a0c90e1f97326dd032e5c657792d6623c727efa7144891be439e00bff5323f4e3e9d35e34005b7348ec92f97f3c4210aeb4b7e15930ef7a910735d0f982d62" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-metrics-graphite@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "group": "io.dropwizard", + "name": "dropwizard-migrations", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "3d2f7b15b764e2906916c0d4bfc75bc6" + }, + { + "alg": "SHA-1", + "content": "74a81b867ab00475910d013fe18d4a788984cccf" + }, + { + "alg": "SHA-256", + "content": "156a9c79a74c81d173637d613a9931451188228bea38cce621f63f51bee1c2f9" + }, + { + "alg": "SHA-512", + "content": "3cfff65847ee29772f5c8f091557373ce3dfa59974e82c0bbfd0eaa636fdf91361b753e777810d0f5878c4b5534ef555a5b260af29a6be9af0851c4a2de56c5e" + }, + { + "alg": "SHA3-256", + "content": "1150637f334a3f0354d00cc21e7e180e8fd647ba3b9f6028c4eafd30c614c157" + }, + { + "alg": "SHA3-512", + "content": "8340a3fb797a8fdeedfc31e50c5d28ad3b3eb204f262f45f390c1a8c3a8ff798cb2f8235d97dd9bbe6947d2d986bb4b91d332f5d0ed23fb7dc0bece454b29d90" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-migrations@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "group": "io.dropwizard", + "name": "dropwizard-request-logging", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "4ed78ec6ad895643d486a210151c6da3" + }, + { + "alg": "SHA-1", + "content": "fcd1015d1762059bd9aa27ee06f7fff9a9857d7b" + }, + { + "alg": "SHA-256", + "content": "1795c56717239e25f835211356963f307f596d0efdd16550337ffccbab08bbf3" + }, + { + "alg": "SHA-512", + "content": "f8c521200f29a6301fd92d87eb21ffb765d7c2a05f65fdbfa572955f91b6870604628df1b0f18d4c3d73482d1398bc5730fa2744c6b19b51f909758d614e4de8" + }, + { + "alg": "SHA3-256", + "content": "5cde2026d5ac54d5b1baac22503608eaef11b8753954473d0102d5f87565f944" + }, + { + "alg": "SHA3-512", + "content": "8d0dfb8c508948c131f0f92b8debf3a9f7ed3f1ec8e1dc4341a68132658143dcecaf890cc11aa22ff9e1959e96a51f311d15ca6d49bc7090c71c9457fedaca29" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-request-logging@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "group": "io.dropwizard", + "name": "dropwizard-servlets", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "c738851aae5f6e431c4bad54ef8bd30f" + }, + { + "alg": "SHA-1", + "content": "f93e103f42b677e1fdeca6fb6cb6c22353a78b57" + }, + { + "alg": "SHA-256", + "content": "b5c9432f659aad54fbe25209366a5c93a43f2c8a0cc5428440c28f3576a5bf61" + }, + { + "alg": "SHA-512", + "content": "07fff649594cf8bf3eb10bad998cc0ccb5fe1049d21c47ca3321b6187eed0f480caa52c5683e454f9abcf107f1e3d6fa5e3d6858e4d250ba65a36e81dd20c5ee" + }, + { + "alg": "SHA3-256", + "content": "eb28576f779876ffe7218c4b596ba2f2f302daa85375fc57784da3d050062086" + }, + { + "alg": "SHA3-512", + "content": "e2ce67e331b95a1e7dea43a174e3e4a1b0c9653716c4378656114d54b1858fa818142f2afee7ffeb86439b7dec848a09eee12efa963be0c00b71d038051c448b" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-servlets@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "group": "io.dropwizard", + "name": "dropwizard-testing", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "800103447329e58030242b6bfc2e9cca" + }, + { + "alg": "SHA-1", + "content": "cee4838ba05de7920309985229df59917ff6e58a" + }, + { + "alg": "SHA-256", + "content": "d52ef3eda88a2b93e01731b035bbd277eb4d395c3a076c6f5cd6a3874f17e433" + }, + { + "alg": "SHA-512", + "content": "c2ccc3c13d2007b728574b1c3df388043c2517ed3efb8256dde9c09ebbed6c18ac5e7f3281ce7b35b9e2c969124772ef0062234bfb195c27898b0674fa0900a4" + }, + { + "alg": "SHA3-256", + "content": "f7fba2c7f9ccb345c29c4e52bcda601a6528d20527f32af63f8cadfaeca04a0f" + }, + { + "alg": "SHA3-512", + "content": "e0c421a568cf98a63432088a1b5f18382cce3095db4ce8cfd1ccba7e9dc95aa7d2ec365b1d8b25614c4700d28f7f75744acac96c5358de4c50946fea4a2a2e5f" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-testing@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "group": "io.dropwizard", + "name": "dropwizard-util", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "e73fff60736c50b06c0afcfb5d5f003c" + }, + { + "alg": "SHA-1", + "content": "4e2a956ce355a40fb7e1c8d5772eab956a8f7f5c" + }, + { + "alg": "SHA-256", + "content": "3bc2379c8d410405cab54636b1b8129a53e5227acc6cb286adea720fa73f03f0" + }, + { + "alg": "SHA-512", + "content": "3a1b826aa9ff4fe9543aaff7b5f5d191164cc0a488365158502eb2c52b5e215ea96395767f2feed880376c3b569ea672414ef951667ea5628236920dbf2026bf" + }, + { + "alg": "SHA3-256", + "content": "9cadcfa4c2db331cc05c069a66d1445d3a156605a75f8741eb80935834ae56a4" + }, + { + "alg": "SHA3-512", + "content": "df9fc0e1dcebe145a5cfff74ca87470923f0163f78ead0a93bf5b4f1c905ad5aaf7034891ae0cab005927cbbbea86546f1222e7f271c90cb4d3b0f745f8cb78e" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-util@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "group": "io.dropwizard", + "name": "dropwizard-validation", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "0557207f6f05c684958ff0c524ed97de" + }, + { + "alg": "SHA-1", + "content": "d82c4a2157cd8b4ed6f85d12fcc5f63e7f2ee9d2" + }, + { + "alg": "SHA-256", + "content": "6141e64cfed3633ad729e9d343eac4bfa475232c90c83c178f02da2d4c3e7360" + }, + { + "alg": "SHA-512", + "content": "e3f832e4b6ea092229b2ecbfad0790170a086b043be74c58cd2f0169cae4fc219d4a7163e6e581350efc7441dd8908e7cfe395b19c802e93834443eb45888d67" + }, + { + "alg": "SHA3-256", + "content": "95187066ffe37d52916b0ec33bce13baa8d76afa80502c4526205fb3721c01bc" + }, + { + "alg": "SHA3-512", + "content": "39a0130b80426db95faba737c484fb2e0c1db64f8e81e21cffcbd0b27b4dff4c4334cf9698b0c067549d0e8adaf7669dce867f2ad962c25f647b35829fbfee61" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-validation@1.3.15?type=jar", + "affectingVulnerabilities": [ + "f2fa9b19-418a-4901-9840-a8631227701e", + "00bc944f-fead-400b-8bbd-0c5b56ba2b14" + ] + }, + { + "type": "library", + "bom-ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "group": "io.dropwizard", + "name": "dropwizard-views", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "ffa529c90a76cf83b7468c63c24c2da9" + }, + { + "alg": "SHA-1", + "content": "27b9dfe51ed0740b2359c28eca9942388247f877" + }, + { + "alg": "SHA-256", + "content": "69ba25bd9f7b5577aa29b79337b3e716be629a784a83d9a2af1456a556800dfd" + }, + { + "alg": "SHA-512", + "content": "818f881806c644bfd0518d2864d1f0c2c6b132e6b81ca1e4b272e20ab91294e954805f986f55ba5389b9ffa5c6573dde827929d6a82b8b4066b2344d003e0f40" + }, + { + "alg": "SHA3-256", + "content": "021a6eba574c0c79246d1a8b446c4655f5a7183e24fcc9df010bffb11ea680f2" + }, + { + "alg": "SHA3-512", + "content": "9ed4dd16ddabeaf7e7933cdef7911ac194a14a93a4a8a4d057554dfc094ca5ed84090922e6b5e53f23a24af582209c8d5a9b50521d3b35132a32e74399d5e055" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "group": "io.dropwizard", + "name": "dropwizard-views-freemarker", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "d78343dfbf1f4c99fc5115aea93b6382" + }, + { + "alg": "SHA-1", + "content": "9b64dcbd00e184c4683a8a44ae4ff4726595c73c" + }, + { + "alg": "SHA-256", + "content": "621f2168b343cc24618b63e5c0c07ca330eef8e1f930c1a4c374ab210fd5ea44" + }, + { + "alg": "SHA-512", + "content": "19298c6ae1500e0c16575b55d30f2ab34cbab881cd735fefc203118c326dd4a47604f8f8d595b32cec4ecbaae032129d2ede99dc36325bc8f4a18ffa5e786aeb" + }, + { + "alg": "SHA3-256", + "content": "1870845187ef726d85d29ee42ccc35b66018304d23167f614b79a7deb3768e2c" + }, + { + "alg": "SHA3-512", + "content": "389d2cd752a7269b28815c723ed68700c47c0f5f6780df2bc35f18eb3ea4b77cdc18ca83d556f4de80c1f3e434f399f73b03a76b88d1da2af520b09195a938c1" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-freemarker@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "group": "io.dropwizard", + "name": "dropwizard-views-mustache", + "version": "1.3.15", + "hashes": [ + { + "alg": "MD5", + "content": "99d7beaccb842cbe8a68c37361e665df" + }, + { + "alg": "SHA-1", + "content": "1a2a4e775b77f452893189020c2e34d60c0235a2" + }, + { + "alg": "SHA-256", + "content": "19ce7554a48be097bac2b3c51f55fe468c7253a60d1a43683ae830cfe06a58e3" + }, + { + "alg": "SHA-512", + "content": "1f24026f35f9a4e4316d04ac41a7cdcf440fc510075e5f8297a55b63d95d3f1e5deb06acd8ef9a61b73fbf1fc054ea370c6d74ed1a06aa19ba673069aebad294" + }, + { + "alg": "SHA3-256", + "content": "7856836a099d2a7f326dbc033442e49b176213fd340a8b2aa2d9dea3a9175ab6" + }, + { + "alg": "SHA3-512", + "content": "af431eff733b17b92ae1718165b3b10e103376bb216e63b8e39284f3572b69926084937fd370a42a018f62389744a7212a0c68959e0e76950ad751ba3ba9745a" + } + ], + "purl": "pkg:maven/io.dropwizard/dropwizard-views-mustache@1.3.15?type=jar" + }, + { + "type": "library", + "bom-ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "group": "com.google.errorprone", + "name": "error_prone_annotations", + "version": "2.1.3", + "description": "Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/", + "hashes": [ + { + "alg": "MD5", + "content": "97504b36cf871722d81a4b9e114f2a16" + }, + { + "alg": "SHA-1", + "content": "39b109f2cd352b2d71b52a3b5a1a9850e1dc304b" + }, + { + "alg": "SHA-256", + "content": "03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8" + }, + { + "alg": "SHA-512", + "content": "bd2135cc9eb2c652658a2814ec9c565fa3e071d4cff590cbe17b853885c78c9f84c1b7b24ba736f4f30ed8cec60a6af983827fcbed61ff142f27ac808e97fc6b" + }, + { + "alg": "SHA3-256", + "content": "5c7b2ffc8d4073700647681ed44dd783049648aa8e174f37d2510339a65f5466" + }, + { + "alg": "SHA3-512", + "content": "3f05def83905268da5044c8bd6fbf62b89499d77351b56a357de8d27ef872c6c300385a6bca009590d61be90a39a0f417c4d8358a13b09847ba0452ef416db06" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.errorprone/error_prone_annotations@2.1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/google/error-prone" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "group": "net.jodah", + "name": "expiringmap", + "version": "0.5.6", + "description": "A high performance thread-safe map that expires entries", + "hashes": [ + { + "alg": "MD5", + "content": "fd4b2d42dac784648fe6fd1b2b612d12" + }, + { + "alg": "SHA-1", + "content": "11833abbdd64050d455187f374dc096944f9ffb0" + }, + { + "alg": "SHA-256", + "content": "06f1ac1fdb0044a83bbf5cd55e86f88ded92175cb2a7a0b57ba53eb011600a52" + }, + { + "alg": "SHA-512", + "content": "3e7bf8da26296f1de8da960e4f8b9b25962d3db1a941c0818c649174c61bf571a6c7b0336b154be104c853a8fa148cd0f007f8a210a98854036a09fe1069eded" + }, + { + "alg": "SHA3-256", + "content": "a421ccc1ee40dad4e7239f21862e7f35a8eb6493d3eccf6e245202d1f3d1e9a8" + }, + { + "alg": "SHA3-512", + "content": "2ebbaf3eb9f96fcd4cc5b5c28e68d8a6d1aa8735dca7d763cc18daeeec2706d3370384c535dad32463ba8da92ee8a3ddfecd7f2559847772829782964d05a0aa" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/net.jodah/expiringmap@0.5.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "group": "org.freemarker", + "name": "freemarker", + "version": "2.3.28", + "description": "FreeMarker is a \"template engine\"; a generic tool to generate text output based on templates.", + "hashes": [ + { + "alg": "MD5", + "content": "c5e35d814518da7b0247d42311b8e296" + }, + { + "alg": "SHA-1", + "content": "7200064467a935052f99d114c2c05c3d189bc6d6" + }, + { + "alg": "SHA-256", + "content": "de92d103d3a86c2287307218ff50dc1c941de283f7b9e1fb23e93fc7220838bf" + }, + { + "alg": "SHA-512", + "content": "44435cb2b6ba02abacdc4a21bea44a2dc50faa1b486fc5b2f79097a68f1f98ca24aa835448ac5dec33a1869eed1b8a32ac285e95fdabbdafaa810d575951894e" + }, + { + "alg": "SHA3-256", + "content": "d55883bf61b72d616dcd12e87d6f90b3b1fc761fcbcf5b8f3860e17bb34fc654" + }, + { + "alg": "SHA3-512", + "content": "7664cb34b0598e0eec19ecba1fba7b83ff09b574bf2320b84a09016d88aaabf902460e3bcd2b2290f59988462b8594e817eebcd777321608762dc141c1335a20" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.freemarker/freemarker@2.3.28?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://apache.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.apache.org/jira/browse/FREEMARKER/" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/freemarker-dev/" + }, + { + "type": "vcs", + "url": "https://git-wip-us.apache.org/repos/asf?p=freemarker.git" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "group": "com.google.guava", + "name": "guava", + "version": "24.1.1-jre", + "description": "Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.", + "hashes": [ + { + "alg": "MD5", + "content": "361459dd415a18e4750b7fa0cdd9e747" + }, + { + "alg": "SHA-1", + "content": "2e3014320a8005e3f3c1800cb246ed42db8cab81" + }, + { + "alg": "SHA-256", + "content": "490c16878c7a2c22e136728ad473c4190b21b82b46e261ba84ad2e4a5c28fbcf" + }, + { + "alg": "SHA-512", + "content": "f7b02666ecd26e8865d4f6040a14a87d08e38124a625252594b05fa9d1a00e7c5a1fd30c5bd08ca9399bad50eef5fcaf7c95e17a59a2462ac42d7fdd4aaf516c" + }, + { + "alg": "SHA3-256", + "content": "182f368980a8c526ec88c65acd877738fe2bad06b72ab9756edb66f2b281d083" + }, + { + "alg": "SHA3-512", + "content": "245bcf15e331889bceb96faa2f9f67baf442fe1cb291601fa92a0e3327382a636d30788939d8f0ccd05a735b8149637e3d44c7e13a636a19950d0e7a33ae9517" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.guava/guava@24.1.1-jre?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/google/guava" + }, + { + "type": "issue-tracker", + "url": "https://github.com/google/guava/issues" + }, + { + "type": "vcs", + "url": "https://github.com/google/guava" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "affectingVulnerabilities": [ + "b7a12947-7a8d-4031-b59d-640d33dbad6a", + "bb03c210-ea12-450d-85df-17d81a75ede2" + ] + }, + { + "type": "library", + "bom-ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "group": "com.h2database", + "name": "h2", + "version": "1.4.197", + "description": "H2 Database Engine", + "hashes": [ + { + "alg": "MD5", + "content": "f9893acfa22b7fe1492dd9c515af2e5b" + }, + { + "alg": "SHA-1", + "content": "bb391050048ca8ae3e32451b5a3714ecd3596a46" + }, + { + "alg": "SHA-256", + "content": "37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842" + }, + { + "alg": "SHA-512", + "content": "aa4af17f766a1cfb0326d0301e1c40fc884b27e73aed4e60141d284275da70f483a3ce54d65f79f9ba66e9a53c5a68102dfc5e40a36e9d2c0a2aa9a7f7321688" + }, + { + "alg": "SHA3-256", + "content": "ef7da52a3b656aee47bc85b9e98db3bb91d7f079d19012787fbbd65c32151203" + }, + { + "alg": "SHA3-512", + "content": "1a5538cc48c5b99e496ee5924f80df410fecc555e3619a79b8c6204156dc333cf0cbebae05bca5a8144ab89b2f2fe4802080128d76b1e94a51acced8aedb4354" + } + ], + "licenses": [ + { + "license": { + "name": "MPL 2.0 or EPL 1.0", + "url": "http://h2database.com/html/license.html" + } + } + ], + "purl": "pkg:maven/com.h2database/h2@1.4.197?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/h2database/h2database" + } + ], + "affectingVulnerabilities": [ + "815a1358-2bd4-4028-bd3e-8219747c78f6", + "c8a50465-16df-44e0-84e9-7acff5870a51" + ] + }, + { + "type": "library", + "bom-ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "group": "org.hamcrest", + "name": "hamcrest-core", + "version": "1.3", + "description": "This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.", + "hashes": [ + { + "alg": "MD5", + "content": "6393363b47ddcbba82321110c3e07519" + }, + { + "alg": "SHA-1", + "content": "42a25dc3219429f0e5d060061f71acb49bf010a0" + }, + { + "alg": "SHA-256", + "content": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9" + }, + { + "alg": "SHA-512", + "content": "e237ae735aac4fa5a7253ec693191f42ef7ddce384c11d29fbf605981c0be077d086757409acad53cb5b9e53d86a07cc428d459ff0f5b00d32a8cbbca390be49" + }, + { + "alg": "SHA3-256", + "content": "f679af77deedf69b3c3066f7916583848c6fd32a950f9c0b0e2ef1da121717ba" + }, + { + "alg": "SHA3-512", + "content": "bca821931e438a1977b7b4356b5f8cebf485634f82159d505c48267c34e6a0f4fde9c2917331365f66dc0e52e2ca3a2db5256863584110c27ecebefc28741f63" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:maven/org.hamcrest/hamcrest-core@1.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/hamcrest/JavaHamcrest" + } + ] + }, + { + "type": "library", + "bom-ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "group": "org.hibernate.common", + "name": "hibernate-commons-annotations", + "version": "5.0.1.Final", + "description": "Common reflection code used in support of annotation processing", + "hashes": [ + { + "alg": "MD5", + "content": "2a9d6f5a4ece96557bc4300ecc4486fb" + }, + { + "alg": "SHA-1", + "content": "71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879" + }, + { + "alg": "SHA-256", + "content": "9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df" + }, + { + "alg": "SHA-512", + "content": "5714692bef862355cf7f9fcf82aa663321da193920adf4b584fe69f559535555c4c53858a2465410ffb990aad7847124dbea28ed95dcec5df525a1164288791f" + }, + { + "alg": "SHA3-256", + "content": "60cf1ea8120252eaa90e0e86662f4d0b97f718c3c6c09422f2b85c1b36222ea5" + }, + { + "alg": "SHA3-512", + "content": "a2972a8464a8b38468994ef496d6e816262eef6e9422f4c83d5eb998aea4134ac1160726c71fb577df664064fa13c564c52c6fa577ad2477515291ed825fe79c" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HCANN" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-commons-annotations" + } + ] + }, + { + "type": "library", + "bom-ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "group": "org.hibernate", + "name": "hibernate-core", + "version": "5.2.18.Final", + "description": "The core O/RM functionality as provided by Hibernate", + "hashes": [ + { + "alg": "MD5", + "content": "a5e6ac320c1b5fd739d213dc050cfc29" + }, + { + "alg": "SHA-1", + "content": "c1861a015d47f55ffc6cb120216d17af177e0b90" + }, + { + "alg": "SHA-256", + "content": "4688003fc081063f0d73f43424b309bac9bd8589fecb5767e0ad26788a5bfdff" + }, + { + "alg": "SHA-512", + "content": "1b8c1f0d64ec27e8daf8b4b9b1be9511d0a5e99573836c527c79f026048c5acfe10aeda34a5b0c77bf30fc6ebd92976838eb43a065f192e9871531116d686b37" + }, + { + "alg": "SHA3-256", + "content": "ce9cffadac4242733e7743f88c0abb2f659526e54ddab26e60a180cd658a0782" + }, + { + "alg": "SHA3-512", + "content": "4e4006d93d10553191cf914ab76f486f222e82ca30d81d786913142c599f6463be48892b5fdb4b5e3dec75c20290f11a0f3d3600dcc306bff81c114e24eba66a" + } + ], + "licenses": [ + { + "license": { + "name": "GNU Lesser General Public License", + "url": "http://www.gnu.org/licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-core@5.2.18.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://hibernate.org" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/browse/HHH" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-orm" + } + ], + "affectingVulnerabilities": [ + "1f182b73-afb8-424c-8e08-533a0f702076", + "8ba20df5-3877-4825-a8f2-b52e2d2f86d8" + ] + }, + { + "type": "library", + "bom-ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "group": "org.hibernate.javax.persistence", + "name": "hibernate-jpa-2.1-api", + "version": "1.0.0.Final", + "description": "Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details", + "hashes": [ + { + "alg": "MD5", + "content": "01b091825023c97fdfd6d2bceebe03ff" + }, + { + "alg": "SHA-1", + "content": "5e731d961297e5a07290bfaf3db1fbc8bbbf405a" + }, + { + "alg": "SHA-256", + "content": "ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd" + }, + { + "alg": "SHA-512", + "content": "696dd1548504c9ea8d8526411e81bee8b752f12861979da2707d1059b35a8ccb3f018a1d4e2d12436e7c9daec8e63b97fcf980e03032981867cea63d4301f3da" + }, + { + "alg": "SHA3-256", + "content": "fdbf800d9175e82d7e68f9829f1372b65768252d3e165dfeee9c0345b817b8be" + }, + { + "alg": "SHA3-512", + "content": "8e1e5baa5e4b6f67019bad7ed90a9abf41096ff00b62c9d6f326a756b8ee7e5b62d41068441aa5d9050369a1000a5fbd7898155cb8b18e80367e9cb7c0d3b137" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/org/documents/edl-v10.php" + } + } + ], + "purl": "pkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/JPA" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-jpa-api" + } + ] + }, + { + "type": "library", + "bom-ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "group": "org.hibernate", + "name": "hibernate-validator", + "version": "5.4.3.Final", + "description": "Hibernate's Bean Validation (JSR-303) reference implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "ccae8426d40e4fa16ecde928b84965f6" + }, + { + "alg": "SHA-1", + "content": "7c3d91629e81937b33dffd5b170956ef9c76af97" + }, + { + "alg": "SHA-256", + "content": "8abc0fb282075e145efe50d742f4512bb1f2c0222e78e7562f34f8809cf22d25" + }, + { + "alg": "SHA-512", + "content": "38c1bc5692588fabc86904f75dd3481ca13be43bfda2f33278cb91a0ae229c7abd0f095989fa23e25b78aff51b2b7232f271579e13bd062595e498f9c92ea830" + }, + { + "alg": "SHA3-256", + "content": "176d9129f2812df9a71514c72d0ffe1efb86ceb73310ebeee2b416bf752c65f4" + }, + { + "alg": "SHA3-512", + "content": "0fec7612fa9d4698e183cc954381e172a3f8cf188a1b2e0518a39f9cd4cb15163720183d306d050757e2d979a3a1d224a3edd7e9c2ee59b938df48e4f4eb1342" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.hibernate/hibernate-validator@5.4.3.Final?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "http://ci.hibernate.org/view/Validator/" + }, + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://hibernate.atlassian.net/projects/HV/summary" + }, + { + "type": "vcs", + "url": "http://github.com/hibernate/hibernate-validator" + } + ] + }, + { + "type": "library", + "bom-ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "group": "org.glassfish.hk2", + "name": "hk2-api", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "93322931c4ec277c5190c7cddf7ad155" + }, + { + "alg": "SHA-1", + "content": "6a576c9653832ce610b80a2f389374ef19d96171" + }, + { + "alg": "SHA-256", + "content": "b3fe4f295ab8e74ea9d641717dc55e5768f1e5db3709e84235346a4d6bcde5c2" + }, + { + "alg": "SHA-512", + "content": "9f143940ff31e6abdc5bce5223c12ea91fe1852338f317aa614221bec67bd5252ef905075d78125ba777ff2f36c5d39fe35a5b3876ea19255fc91da949179d00" + }, + { + "alg": "SHA3-256", + "content": "7dbffae41a1edb93e525d9841a6831f574fc408edb7568b5b192d7b026aeb750" + }, + { + "alg": "SHA3-512", + "content": "594dc7b77f5a85574331483bbc2b795c1456fe174b55ca7253519a8fe94bd914167face505c561f3829c9738b7d9e7f80421f5b97427952cdd78fe388c17c282" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-api@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "group": "org.glassfish.hk2", + "name": "hk2-locator", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "5baf0f144cf8552a9fe476b096fc18a7" + }, + { + "alg": "SHA-1", + "content": "195474f8ad0a8d130e9ea949a771bcf1215fc33b" + }, + { + "alg": "SHA-256", + "content": "27cacf80e8c088cc50f73b56344b779bdb7418e590a037659ab66b2b0cd9c492" + }, + { + "alg": "SHA-512", + "content": "4b8819cfb299d4b5be13fee8c5a04c803010abe7636eab9d126a40a41bc79131753ff09ea062c624c6ecc5785749b120a3f6f0411307eb05b74e6bc46a1bd410" + }, + { + "alg": "SHA3-256", + "content": "3b0c862b6be53e5a085e9caf77f6a90fe45365dc58cc4a69cf1bd13e20b91536" + }, + { + "alg": "SHA3-512", + "content": "9d3acd0f1048b63ca1c30a864463d10c3b2d724d4d245c2bc0116dbd8597772fecb9ace1601d60d9abae9058a2b9fc50422333be583189e00b31c3bbd21c59de" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-locator@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "group": "org.glassfish.hk2", + "name": "hk2-utils", + "version": "2.5.0-b32", + "description": "${project.name}", + "hashes": [ + { + "alg": "MD5", + "content": "acc873aece4f8e89814ac0300b549e3e" + }, + { + "alg": "SHA-1", + "content": "5108a926988c4ceda7f1e681dddfe3101454a002" + }, + { + "alg": "SHA-256", + "content": "3912c470e621eb3e469c111f4c9a4dee486e2ce9db09a65b7609e006b6c3d38e" + }, + { + "alg": "SHA-512", + "content": "1d100879b218d4ed75760514b78a3833f43f67126691dc7cab6566af8488c4cb9e72258b649f8a4eef0376813c25df326ba29d6f29c275e8f75e549cfc17fdf5" + }, + { + "alg": "SHA3-256", + "content": "699d1fba60b9403b292ce22cb0db2d6b070a1152531afe3f2c08a5196779b3a9" + }, + { + "alg": "SHA3-512", + "content": "47ad643c3727bb9fb45b6748e4da67c4788aeac69783c56c60f73ccf37f979972f699ffa96714056c551cb29109dba6722ac3b57004eea1ae47f8833f9c73d34" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/hk2-utils@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "group": "org.eclipse.jetty.http2", + "name": "http2-common", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d4f0dede20f81acfb53f97c01fae71cf" + }, + { + "alg": "SHA-1", + "content": "6e3306d394aaaf41876220a818fb639faf5963b0" + }, + { + "alg": "SHA-256", + "content": "d402e22a14230a49a93e045dc922d62ab330f99b26b928ca3fc6c6761941f601" + }, + { + "alg": "SHA-512", + "content": "79af5a27a59a8706769cb2d500869029bf1c6762bbc4908ffea56bc57f578e14d46e271e8fa2d40fa68dc8fc0e33cf297186df8b4b231db50547d98a10d0d6c4" + }, + { + "alg": "SHA3-256", + "content": "edba30c10f03aaa94eec187d3709ca23d1082d555e0031dbddbcb21a2e6cd451" + }, + { + "alg": "SHA3-512", + "content": "4d4d7e9a24b0d2f0814f071f0b352a104b2c91974213c10ca434c4d119c3ca15ac679f06f5aea3586ef11e5b4280d9db505ef8f4b63b19893c07cdf646d03a15" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-common@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "bc8ec43b-7cba-4167-9a9d-901fcb443ac8", + "affa7af3-427f-4223-8028-d9ac45e80e08" + ] + }, + { + "type": "library", + "bom-ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "group": "org.eclipse.jetty.http2", + "name": "http2-hpack", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0323c6dd472c456a99d068f171cbd661" + }, + { + "alg": "SHA-1", + "content": "aa5f5c2b0cec925ad7f2e73a1dc7a3b3dc496e87" + }, + { + "alg": "SHA-256", + "content": "7f2fde0ed27abe088933dcd5b1516e6ed08701ff19aa8b00d12a4ef30344c9bf" + }, + { + "alg": "SHA-512", + "content": "075e9b42f4204aabb15fb1e0f0e08ac67b6a2ea4dff9bcd69db778fc0868d1959b38c4ac3e5a4738b8c3acab26f8416ea8c89d2e4fa66e474ca366e14ee55ebd" + }, + { + "alg": "SHA3-256", + "content": "f4680627e9212635d69a27456bcc815eec595a64d9541b572a7d16667cfb7636" + }, + { + "alg": "SHA3-512", + "content": "efb34683d51d2c09abc7894f5cbf7957041449f66e78f50bc4aeeed48fbcb92bcbe60713b084346ce93d0552955f7b8c53a3c557386894959d27667b8ac808ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-hpack@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c8bd5d7e-e9be-459c-b6e2-05de86a00bb9" + ] + }, + { + "type": "library", + "bom-ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "group": "org.eclipse.jetty.http2", + "name": "http2-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "9c82833f49671905299a1a0d0edc031d" + }, + { + "alg": "SHA-1", + "content": "6d0ca7e7ee2e5d55fb6fb03c4c1a248b1dc3d31d" + }, + { + "alg": "SHA-256", + "content": "99f96c3656c87d674d069ec1039a6fd7cbd979bb81a083823a04bd529c73308e" + }, + { + "alg": "SHA-512", + "content": "49a9f2c895244d0a632e5b267661f99e812d8e90299085df37479667517ad991575808d97d32204f34bf8a130804d4d2b87c9405d3e61b6d9d410d62a25373f6" + }, + { + "alg": "SHA3-256", + "content": "866de2610f4bbe4ce7b551b31f7f9a51e26e9607e54f112de194b3d92bd90132" + }, + { + "alg": "SHA3-512", + "content": "447c34744cdc616cf90742043ee49c431823ff46e745417eac6d21b78d1e9a00b36c1c93b0e291187e00e7c4d5d9b6a98f32afcc9d0671b63a02cd23f48f37ac" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.http2/http2-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c3fdf61d-7886-423b-8a29-b6ab6790c127", + "affa7af3-427f-4223-8028-d9ac45e80e08" + ] + }, + { + "type": "library", + "bom-ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "group": "org.apache.httpcomponents", + "name": "httpclient", + "version": "4.5.7", + "description": "Apache HttpComponents Client", + "hashes": [ + { + "alg": "MD5", + "content": "deed71468af21d6f0cf02bf853ac02ec" + }, + { + "alg": "SHA-1", + "content": "dda059f4908e1b548b7ba68d81a3b05897f27cb0" + }, + { + "alg": "SHA-256", + "content": "807e9c73f27a4b19dd04b1b67126532fc74b0a37bd8d13fbad073ad74d078330" + }, + { + "alg": "SHA-512", + "content": "459349c2482338644578502cbdfeb7110c3eaaa71f8bbc715d53556b186f16ad1256244e752cec7c32c66f77e08228bdadf7c9138542b0aa8e845a249e2e0bac" + }, + { + "alg": "SHA3-256", + "content": "9e5093efad2b3a44e71b077eae4ca7df86e2fd2ad78d5ca25541e4316ce631c8" + }, + { + "alg": "SHA3-512", + "content": "f16fb6262810546026c6c68842f69eb17831669e444cafb75832ae3567f47407504424c13fea596e9c02ccf853f6b55d54a904cbf2d21e171f77cc615d740014" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpclient@4.5.7?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCLIENT" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ], + "affectingVulnerabilities": [ + "8c0002e8-9326-40f7-9209-51020755ff02" + ] + }, + { + "type": "library", + "bom-ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "group": "org.apache.httpcomponents", + "name": "httpcore", + "version": "4.4.11", + "description": "Apache HttpComponents Core (blocking I/O)", + "hashes": [ + { + "alg": "MD5", + "content": "9299550b06219959d0f2223b1a8bb337" + }, + { + "alg": "SHA-1", + "content": "de748cf874e4e193b42eceea9fe5574fabb9d4df" + }, + { + "alg": "SHA-256", + "content": "d799522d579aac06b170603f8f080f6e3248dadc01f9652cdd7ea7bc318c21ce" + }, + { + "alg": "SHA-512", + "content": "1f45a26f97e5488bf1985f5f5c88c5e2744f46d422040708f7641deb14bb04561bcec35c9284c1dce606fcdcb768edc3ef970ef965bd6bb591ec362dfd417c74" + }, + { + "alg": "SHA3-256", + "content": "0807acdffb841394a948175382b04dfdb49087e19212851dbb63fbfadfae6f5f" + }, + { + "alg": "SHA3-512", + "content": "10f7974d10971a2c0911a1050e3418e898c4255300a120959ef38f546d10dc5ba5217a32a53a21577613ca13034a8200393b0b7ddee0b195f26b92f3e6b2f1cf" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.httpcomponents/httpcore@4.4.11?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.apache.org/" + }, + { + "type": "issue-tracker", + "url": "http://issues.apache.org/jira/browse/HTTPCORE" + }, + { + "type": "mailing-list", + "url": "http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/" + }, + { + "type": "distribution", + "url": "https://repository.apache.org/service/local/staging/deploy/maven2" + } + ] + }, + { + "type": "library", + "bom-ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "group": "com.google.j2objc", + "name": "j2objc-annotations", + "version": "1.1", + "description": "A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation.", + "hashes": [ + { + "alg": "MD5", + "content": "49ae3204bb0bb9b2ac77062641f4a6d7" + }, + { + "alg": "SHA-1", + "content": "ed28ded51a8b1c6b112568def5f4b455e6809019" + }, + { + "alg": "SHA-256", + "content": "2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6" + }, + { + "alg": "SHA-512", + "content": "a4a0b58ffc2d9f9b516f571bcd0ac14e4d3eec15aacd6320a4a1a12045acce8c6081e8ce922c4e882221cedb2cc266399ab468487ae9a08124d65edc07ae30f0" + }, + { + "alg": "SHA3-256", + "content": "275370eeb5f02c15358168ea134c4eab1afed8d27750a8a326b9f9f506dfc9f2" + }, + { + "alg": "SHA3-512", + "content": "d9e2a3943373e1eab933b45f49997b24e01466eb99a177c40f21c7107c9f21ebb135e14d191b0a5b699e3985d20de8e87662e92c0bf59e5e054d3da85fd777dd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.j2objc/j2objc-annotations@1.1?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "group": "com.fasterxml.jackson.core", + "name": "jackson-annotations", + "version": "2.9.10", + "description": "Core annotations used for value types, used by Jackson data binding package.", + "hashes": [ + { + "alg": "MD5", + "content": "26c2b6f7bc704ccadc64c83995e0ff7f" + }, + { + "alg": "SHA-1", + "content": "53ab2f0f92e87ea4874c8c6997335c211d81e636" + }, + { + "alg": "SHA-256", + "content": "c876f2e85d0f108a34cdd11ccc9d8d7875697367efc75bf10a89c2c26aee994c" + }, + { + "alg": "SHA-512", + "content": "6b1ae1d7036ce2fff81bf8fc2a3a55e4ea7eb081de806ad05301d2eb126bed1dda487027f3ccfa618c488e680e2f5ff22bc3f106e7c0af27b34d327d83083b46" + }, + { + "alg": "SHA3-256", + "content": "6ebca301e4a201a89630bd7235d27e48a795c7e6fca7727ac08f3cc87e6a5049" + }, + { + "alg": "SHA3-512", + "content": "8d33540c9df56541a0dca99ca51432a8d0d9642813377c62f6df5602af1c8d04c3d62cf24a9cde5c79fcd63b287de19cfc84ea475f8dd0ca037a72baed3d50ee" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-annotations" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "group": "com.fasterxml.jackson.core", + "name": "jackson-core", + "version": "2.9.10", + "description": "Core Jackson processing abstractions (aka Streaming API), implementation for JSON", + "hashes": [ + { + "alg": "MD5", + "content": "d62d9b1d1d83dd553e678bc8fce8f809" + }, + { + "alg": "SHA-1", + "content": "66b715dec9dd8b0f39f3296e67e05913bf422d0c" + }, + { + "alg": "SHA-256", + "content": "65fe26d7554a4409652c86ee38f2e94bc42934326d88b3c78c61f66ff2222c53" + }, + { + "alg": "SHA-512", + "content": "ea053f07b73b087fe81ef49d949ec812bf03e536a8a608d6b7c7ff9f001e6764e86125c5e99d46ba4002d7aab620f57527e246fe8ca754b47cfd812976a3e337" + }, + { + "alg": "SHA3-256", + "content": "0cd87bff64e1569e1ae1fa6023caf005c17d5feb6f75c2bb587546d9e3e43efa" + }, + { + "alg": "SHA3-512", + "content": "936d596d972971e8fc02a6adc7ef11b9d3ac302fbc4134982f3bf128f61741b6bc8c34dd0d16d0ef52a7760a2ad5bcc20b26c4d9c6e8345e826b8b2a83f8fb4d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-core" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "group": "com.fasterxml.jackson.core", + "name": "jackson-databind", + "version": "2.9.10", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "hashes": [ + { + "alg": "MD5", + "content": "ff43d79c624b0f7d465542fee6648474" + }, + { + "alg": "SHA-1", + "content": "e201bb70b7469ba18dd58ed8268aa44e702fa2f0" + }, + { + "alg": "SHA-256", + "content": "49bb71a73fcdcdf59c40a1a01d7245f41d3a8ba96ea6182b720f0c6167241757" + }, + { + "alg": "SHA-512", + "content": "18db8ee61a24498803352c6fc40b83cc1f277033fd4cd743505e3bfa1660c84d8522a70b06401f834b405cbc6e686f6f5c4d54aff034751e9addbf1b4603b2c2" + }, + { + "alg": "SHA3-256", + "content": "470b46a826c8edeb12852d9cbab9f5ab0c3a0b0989a7f2b0a8756c9a88aae89f" + }, + { + "alg": "SHA3-512", + "content": "35616596eff2bafc2e047ce7cbfc4c0b8ce83af277953a2af6b41e43885c74b0809d14dd339290991c2ecb82e82190832b616bca0e3225aa113bfb483fa1b2b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-databind" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ], + "affectingVulnerabilities": [ + "d097e083-0b0a-4e3c-9f29-fc936f27ec6f", + "f57dc81d-6b2d-4060-8c15-7613c1a37981", + "600ecfb9-66c7-4fc2-88e8-2bf9efe40628", + "36dba0ba-dc6c-4f8a-822c-e51ca444d1bf", + "e5cba611-d1ce-48a5-8fc2-ac68ba133947", + "9e292de9-f4f7-4d45-9ecb-846c4b972f6f", + "343cd240-f667-4770-aecf-ddc11f9d0172", + "0f7e16f6-f01e-4cc0-a835-08f3ba72625f", + "c2e5f22d-f91f-4689-bdb1-782974d6fa7a", + "49fa1888-bfa1-480a-8564-3b62b8bf5c3c", + "97981cb2-9228-4b8b-a172-ad12f550a19f", + "941d2fac-724b-4a2c-a8ba-c5a434fa3bf7", + "7e3a7481-266e-4cb7-af3b-94dcaf462942", + "db7cfe67-0b1d-4504-af8b-da26e12af73a", + "7c0af63e-ef57-43aa-9c91-d79c7e37ab20", + "c037af59-a132-4727-8cc3-c6095c490df7", + "0b8d112a-b683-414d-93b6-48fa2cabb7c9", + "e8b21aeb-ce1d-4df2-8102-577b813e712f", + "e141c668-bc18-4738-b3b6-e7ba1057d124", + "7aec5714-d04e-4e86-8f4c-51f5cf2568d9", + "6af6635c-bedd-40e5-88b8-324d3a80a33e", + "3ad04380-a25c-41d8-8fad-259c2561795b", + "86f78c35-adfb-48e4-9428-88084373e1c0", + "6d73d38a-3ff6-4fac-8c03-b09b64e9e537", + "00033bff-66dc-4a36-ab38-a10b0625409f", + "14e2856b-f78d-4a6d-99eb-470c8566df29", + "c224f923-be9a-4faa-a930-ef4db611bc2b", + "5201940b-1f04-4668-ae86-8261448d817d", + "b267fb08-27eb-4c71-a2a7-f17fe5fbf4fd", + "4fcb77a9-67b3-4b3f-bc01-684b8ba72294", + "950cff67-088e-4f41-9818-25943c9e17c0", + "53eda8c2-268a-4866-89ac-234bfe7f74ce", + "9edaa51d-929b-457e-aab5-0fffecdb4938", + "6d5189b4-d549-419a-b886-43a62cc43d40", + "135c6dab-529e-4855-ab72-a0138e2110c8", + "57f41366-73de-4a9c-ba15-4d09c9f60e33", + "ccd0ef88-c0fe-4a10-a648-c779ce82b888", + "726a055c-f364-4cb7-a75a-d3c541dad0fa", + "75d8b4d7-7c79-4627-b229-8d5e38fc5d8b", + "cc0ff323-0529-4064-8a2d-1f7a8e2a1332", + "7c4227e3-a0a9-4361-8eab-6ab5fa9550b2", + "87742746-bd8b-423d-979d-d9aa81a8ccfd", + "5c0b94e1-0577-42c9-8028-f244d68f61da" + ] + }, + { + "type": "library", + "bom-ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "group": "com.fasterxml.jackson.dataformat", + "name": "jackson-dataformat-yaml", + "version": "2.9.10", + "description": "Support for reading and writing YAML-encoded data via Jackson abstractions.", + "hashes": [ + { + "alg": "MD5", + "content": "ebecc5b67b96874c08068151fd89d0b5" + }, + { + "alg": "SHA-1", + "content": "561275877edf6321692f29e66ae5ccc7b1664939" + }, + { + "alg": "SHA-256", + "content": "338e27fd71a825c948c98a2a3fedd79bd14e6c7bcc9b6d21fd8b17abfd28bcc0" + }, + { + "alg": "SHA-512", + "content": "6730698c771ee3308c57b8336c35c3c1d437c7ef2e8f1a6bc66a251404449ae7f531fb240c5c877097a5c85a99e6a77c885265d61ad0d8da18c68da13c89eea4" + }, + { + "alg": "SHA3-256", + "content": "189e39704cf30896198937a59f48dca0230a882f0613ceb941241f327f4f1c2c" + }, + { + "alg": "SHA3-512", + "content": "336fa4689e758f35a45ebc5648f3bfb395bf8ff7387b783b7fa62d431e835760782df3c6f5c737224853970891eca22c69b990ad8d7b96e628002b5ef6a88305" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-dataformats-text/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-dataformats-text" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-guava", + "version": "2.9.10", + "description": "Add-on datatype-support module for Jackson (https://github.com/FasterXML/jackson) that handles Guava (http://code.google.com/p/guava-libraries/) types (currently mostly just collection ones)", + "hashes": [ + { + "alg": "MD5", + "content": "bf3d62117a113e2ad3442aede0565365" + }, + { + "alg": "SHA-1", + "content": "fe2fe045ca3bd6f9ea1bba5b03d228b4abf8c1cb" + }, + { + "alg": "SHA-256", + "content": "f6f05294767905ebfe3e982ec456eb0982e52b8e89cfcf02f46722f87414e87e" + }, + { + "alg": "SHA-512", + "content": "d12fc51a0261d7af4319c2659b5168f7bbe91c235ecc013056ae444917d87281137df52bae9c4f345cf1874220f7b2aebc314cf74d4334dda96c3a3cca3de3da" + }, + { + "alg": "SHA3-256", + "content": "d7d456bb103296753158c2e16328887d8b6f339e941f34328229c9c62a2f1cac" + }, + { + "alg": "SHA3-512", + "content": "c5741407e1a9054dc65f40fd6e70483c867a8b9847bfe7ff0e9fabe24be1827c75d7ce561100db82d25c7fd0f12c16ba18a3ca8038ba4a99da7fc394dc63b39f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-guava@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatypes-collections" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-hibernate5", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Hibernate (http://hibernate.org) version 5.x data types.", + "hashes": [ + { + "alg": "MD5", + "content": "686f24ec51b113e18d8a7a6e656830af" + }, + { + "alg": "SHA-1", + "content": "391c524dbc0414399dec5a405760744d3ed600a8" + }, + { + "alg": "SHA-256", + "content": "de588c8a51eb6d11cced0d2c140d66e9c51266622ecda28ccbef92050f671f0e" + }, + { + "alg": "SHA-512", + "content": "854f01a862d1ea67a47863bbb3481b63deb1839d3b89ca616362fe097e55ebc87196f4ed7ae48ed8557b4244d72db72f3c293b6a7dc3965fa787a6a67d634998" + }, + { + "alg": "SHA3-256", + "content": "ff874c69d9dc846e993d16b1bcb74a4d3d81865aaffc16b6063ff83e0f1626d0" + }, + { + "alg": "SHA3-512", + "content": "312371566e7eacb4621ecec83b7e99a4dfed8be158ba71c77e9b9fcd91577104771dec04d7eeb1c12e574e4b8ca247bd2b4faeef7ba69aa384d93cb67672b5a3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-hibernate5@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-hibernate" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jdk8", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support JDK 8 data types.", + "hashes": [ + { + "alg": "MD5", + "content": "e35c18c99ad1737571b1c8004ca8528d" + }, + { + "alg": "SHA-1", + "content": "6aa764caf0a275d98b8765f6687bd4ec6c8cb9eb" + }, + { + "alg": "SHA-256", + "content": "b305510c0fec81480cbc3516948f9ac5b326811e35c4b6563d2ccfe330079db6" + }, + { + "alg": "SHA-512", + "content": "e537db4253733d8ca0e93e6245c2f25eef366333480a5fd0901603e69a8cf92dd69ec0ffa813c2fef685849f383b7e3850b2b286d255486192f7ff9698fc6c46" + }, + { + "alg": "SHA3-256", + "content": "768bc29f9f15aa07b9c2294d3c3b1bf06396b507397a6b1da2515eefbbc85172" + }, + { + "alg": "SHA3-512", + "content": "734b59492a053eec994840092c8e4f4d703e03b481d8a603b0d934b4fab25261fd98504f72fd0512705a8735dde4b36299c2295f0359afb0f18d129c0dfc70c5" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-joda", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support Joda (http://joda-time.sourceforge.net/) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "7ef56a5376978b3befc264d5c7f690ba" + }, + { + "alg": "SHA-1", + "content": "b8b45ff38fb46eaf8bdf19586743a4f446c485fd" + }, + { + "alg": "SHA-256", + "content": "ec60ff466ec6bf489e58cf83bb012dd3d2735eb581be47113b17b1ce6499cdd8" + }, + { + "alg": "SHA-512", + "content": "589f9ef55f9aef7b2e4c1fe45bad157e566042f304989ffe8257a5547426c7dea281326cf66cb1af84add2cb0531b623d04bc15d9e3ac0da25052f8c2109ceec" + }, + { + "alg": "SHA3-256", + "content": "7a4e62a859262aec2ae33d7b6ec5b0ddadcf0897c1a90984cbdd82f8e2c8abb2" + }, + { + "alg": "SHA3-512", + "content": "bf11f541461a5ab4fbb3372d8c8d617a7b20a2dda00d8af733ac8d496cf4a7e1f7f422d90d11b17b7d783ed2a25f4323046468c264ea204bd672adff82a3477a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-datatype-joda" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5694b066-2847-4855-8230-77e902b37502", + "group": "com.fasterxml.jackson.datatype", + "name": "jackson-datatype-jsr310", + "version": "2.9.10", + "description": "Add-on module to support JSR-310 (Java 8 Date & Time API) data types.", + "hashes": [ + { + "alg": "MD5", + "content": "8353db784cc75e2ef48439c89ffb962b" + }, + { + "alg": "SHA-1", + "content": "bf7ea35ca4fafa385701580163ef983622e0bfb1" + }, + { + "alg": "SHA-256", + "content": "a86f035a641f1a36aebacce8415e14568ce5b0088e3ad5b8cf3ea3c9c0c5b64e" + }, + { + "alg": "SHA-512", + "content": "c9e27a5a2c7a7edacdacc2cd93371561ed991e85027e06820004bc47802f32df3aa99fe6d94667805c7862467fcc9e4e0555f1e5a3317c239e8ec0f37fc48b89" + }, + { + "alg": "SHA3-256", + "content": "ee3952b4ffb44ea67445ed736ce33410ed631146ab47071c5fa4ae578623c446" + }, + { + "alg": "SHA3-512", + "content": "434938cf7a81ea81511bbf14a0942eaa790c71ab2e4a5e3049dfbb5cc1523034eacd0d14d0b520e88155376b4213129cc59cec21a2a93940b7fba5658d46c8f0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-base", + "version": "2.9.10", + "description": "Pile of code that is shared by all Jackson-based JAX-RS providers.", + "hashes": [ + { + "alg": "MD5", + "content": "3dde182860e6f59fea3871880b1875b9" + }, + { + "alg": "SHA-1", + "content": "8f13207626ffab14943da9e7447dc065f7762a4e" + }, + { + "alg": "SHA-256", + "content": "4a76bd0d1f5f66293867bb9e021bcf8ba179bdd69cf69852d623204297fe85eb" + }, + { + "alg": "SHA-512", + "content": "608054e863d9233f92fcbf9ea6896a78caa0e1fac197a3b15f7833231f25bc10ac93e54f362d0364a60e7348825e505107e507590269edef11e3fd1e136b1ab5" + }, + { + "alg": "SHA3-256", + "content": "3b43e3742dec5d06ca7a73b45e485120e0adf0f0e66208b9afa56d329ccf0768" + }, + { + "alg": "SHA3-512", + "content": "512f238b2f5d2f70c48cd60dc45da652e2e3ade8aaf03f8031ad0a1ab9222726a82f53a9dcd15b5ecb49e8f8b9aef6789c993d8edd8c68acddd7776bf835f948" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "group": "com.fasterxml.jackson.jaxrs", + "name": "jackson-jaxrs-json-provider", + "version": "2.9.10", + "description": "Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.", + "hashes": [ + { + "alg": "MD5", + "content": "5a6659fa62763f65fb7e187dca166346" + }, + { + "alg": "SHA-1", + "content": "89a2f5d0adc42c3e37a7167e0759641de55aafdd" + }, + { + "alg": "SHA-256", + "content": "0fe7309bb8d0fa8f48cd6846bc3a27eef04b0263b6533ac58ef7ad85b1bdf38c" + }, + { + "alg": "SHA-512", + "content": "254d53edb320ecc9f697d3bb4c7dd1e385d04759bad65caeedcb5beda7fa29f915636324309bec3052205fa91ec29892fed809c8da4e7d284cc0d62b8cf29508" + }, + { + "alg": "SHA3-256", + "content": "1e98e50a06dd5830aa5517da99a0f503760f745029a9fe992f21b45f2417fb76" + }, + { + "alg": "SHA3-512", + "content": "ee026cf5697ab3d3785aa59d1a69e074d6c7db0af06478b36bb19f0d7b303db888bdb6fbd6bb7ffb0b14a4425d3fb0fb9ec971d59db2c7312f979ad83b107a1d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.9.10?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-jaxrs-providers" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-afterburner", + "version": "2.9.10", + "description": "Jackson (https://github.com/FasterXML/jackson) extension module used to enhance performance using bytecode generation to replace use of Reflection for field access and method calls", + "hashes": [ + { + "alg": "MD5", + "content": "eb3073cbfad846a44d81df8bc31c8bf9" + }, + { + "alg": "SHA-1", + "content": "6cca4a73cb54aa8631775023ca8cc37626373cc8" + }, + { + "alg": "SHA-256", + "content": "6d8dd1bdaa13a1e2239e9d8fc008066b02d6fc7d79166fd73e4c3b6e1856ad14" + }, + { + "alg": "SHA-512", + "content": "b56f7485f72c2225cd276e6955e154bae31849a394f5f03ee5d205075a154c27417d1cd7c071c9ba12a7712e23f7b6e8da368aa12acecf53c5c28a5376d620e1" + }, + { + "alg": "SHA3-256", + "content": "488cf9674f84c7d221e4f5955d45f6fc008bca1bd4abf2134d91578a9c1bc0aa" + }, + { + "alg": "SHA3-512", + "content": "d2324aca720bf6816274e93186fdf7d0eaefce8859685dc5c76a96fa8696cd104d64787598bd94473619aa0b89406dac1da8cc697b05104491b8017a54d95e1f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-afterburner@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-jaxb-annotations", + "version": "2.9.10", + "description": "Support for using JAXB annotations as an alternative to \"native\" Jackson annotations, for configuring data-binding.", + "hashes": [ + { + "alg": "MD5", + "content": "fe4cda4049277f5c8758f32a00f2b633" + }, + { + "alg": "SHA-1", + "content": "b7fc3212e95586f42a0d3b5cf1311e42a3ac0248" + }, + { + "alg": "SHA-256", + "content": "72a8ef1246f7a2dc680de67bc5009cc5de71b3825adf98726d290643a36576c0" + }, + { + "alg": "SHA-512", + "content": "df36f846fb1c04e23657f1d7568d05cc589207dc3f751db357ccf33b2b6c7491abf1251aee29763b69b524bf4652e5d04dc77f93d8f001fb23728fc46304f4f0" + }, + { + "alg": "SHA3-256", + "content": "f38cc147a5ef75e5a5f153a2db7c996eb8fe469079b1ef7c843249e8adbf06eb" + }, + { + "alg": "SHA3-512", + "content": "9ba7e2c66e3495260dcd320b179db20fe37d2dd695e1c1a01aaa13a0cc5bd5adaa1c9041c2f4ff6b19607d375c49fcbfc4a962c4939e05a0dd68cc8cdedcc7fc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-base/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-base" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "group": "com.fasterxml.jackson.module", + "name": "jackson-module-parameter-names", + "version": "2.9.10", + "description": "Add-on module for Jackson (http://jackson.codehaus.org) to support introspection of method/constructor parameter names, without having to add explicit property name annotation.", + "hashes": [ + { + "alg": "MD5", + "content": "e8835d22f3153408ace94284be8fa821" + }, + { + "alg": "SHA-1", + "content": "dc8c36832c229df0209dfc98fab5be36cb99af5f" + }, + { + "alg": "SHA-256", + "content": "2b14de63be1abc99d25c1cdc8ca9003dd0e345e87f5d869588c5981f75cffc8a" + }, + { + "alg": "SHA-512", + "content": "452daf576e303ec15480750844e9a49715670ea9b7fa44d3a3d69ef4c90d7177583daabfc25d2a938e0015bba0c21c5fa71c175d2a0a95f3d6f13a92a3a6d611" + }, + { + "alg": "SHA3-256", + "content": "68f9053afc670c7ef2b042f62e7ac34dc7cf5c65fdc2e178b31970c64f0e9353" + }, + { + "alg": "SHA3-512", + "content": "10bdc0751a0dd140f35dd69045dbc1beea08f65d6ce773dcc2c888af4fc013f8af4c09bcb45e1e36c65b86e7e3cca9775c5da472184af784aa577a952c74c073" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.9.10?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://github.com/FasterXML/jackson-modules-java8/issues" + }, + { + "type": "vcs", + "url": "http://github.com/FasterXML/jackson-modules-java8" + }, + { + "type": "website", + "url": "http://fasterxml.com/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "group": "org.jboss", + "name": "jandex", + "version": "2.0.3.Final", + "description": "Parent POM for JBoss projects. Provides default project build configuration.", + "hashes": [ + { + "alg": "MD5", + "content": "77db6e55da888349f5466d2dcf150b14" + }, + { + "alg": "SHA-1", + "content": "bfc4d6257dbff7a33a357f0de116be6ff951d849" + }, + { + "alg": "SHA-256", + "content": "a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727" + }, + { + "alg": "SHA-512", + "content": "ad557228414fb1d75750f4495ced69517deac0d26beaeb81e3233fe21254e3b7e3ccefe381971ffb8dbb0d9e0c1e70973623948ffec31efad99298f1107830ed" + }, + { + "alg": "SHA3-256", + "content": "8e4cbfe8f79e619190a121200bb907e2d06c03b5449b3742a6607580a898a2d9" + }, + { + "alg": "SHA3-512", + "content": "5afc9d16fc77ecbc3dd653628b11ddfb419a5fae2efa72eca87eaa55c7c6014d03e9fcd190ae9c7c3e50edc78e6a30fe439269439cf7c383c27aaaa43281e975" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss/jandex@2.0.3.Final?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + }, + { + "type": "vcs", + "url": "http://github.com/jboss/jboss-parent-pom" + } + ] + }, + { + "type": "library", + "bom-ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "group": "org.javassist", + "name": "javassist", + "version": "3.24.1-GA", + "description": "Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.", + "hashes": [ + { + "alg": "MD5", + "content": "527cebd64b0f941d5058bae3d1726d06" + }, + { + "alg": "SHA-1", + "content": "921b466d6a14a8edbe25923c973fd767fc71c045" + }, + { + "alg": "SHA-256", + "content": "5d57ea5b0ec8cb46143dfe521f888b208028be126f274cc4f852e641755f1553" + }, + { + "alg": "SHA-512", + "content": "b1920ad0b291ab4a7d5d6184e7a6fca91a27576560adc257e4d38a3122865cefa7081df46375a462fcd7e4bfe20c3eeeef140408922cad9cfabaa8c338be1056" + }, + { + "alg": "SHA3-256", + "content": "793f21feb3c4c58edf94d49579b8cd658e44e792e05fefbc23f1b84b7170caf2" + }, + { + "alg": "SHA3-512", + "content": "94f77c5a3ef42bef47e44c9cb9c71a5eeae3b5f94bec53637e8ef3bb5b29b0675c02166241987ac3f3872be09d87bbcfe0235a55731735f4b787a8574714fd2e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.javassist/javassist@3.24.1-GA?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jira.jboss.org/jira/browse/JASSIST/" + } + ] + }, + { + "type": "library", + "bom-ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "group": "javax.annotation", + "name": "javax.annotation-api", + "version": "1.3.1", + "description": "Common Annotations for the JavaTM Platform API", + "hashes": [ + { + "alg": "MD5", + "content": "9a936313da62e705ebb16e81b62f4096" + }, + { + "alg": "SHA-1", + "content": "20a2c0583598d68b0835474bbe07792d4f3b219f" + }, + { + "alg": "SHA-256", + "content": "bc1110630bb4290e798a533ca40a60517826c8804b79f91f8738d18ca425adc5" + }, + { + "alg": "SHA-512", + "content": "9b0c8e45c750f049015da652dcfb43250c24aa72c0cf8fcf917918a486c50b70d6c19201638ae4c23a822551e12ed85215222a59b9bcfb135557c0aca80c00ef" + }, + { + "alg": "SHA3-256", + "content": "81a7132a97ca91c7bf14400e8dc845e3124df73c91b3e2f0a62c4aa3abd84b6d" + }, + { + "alg": "SHA3-512", + "content": "1b7b5f5a5dcf8076155e13d17fe8665b88394c5871583508211f58336cf8d2dae9b3225df8de94e6820a2cc5e077cbd4382c88249c1b0c79e482ce7ae726997b" + } + ], + "purl": "pkg:maven/javax.annotation/javax.annotation-api@1.3.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://javaee.github.io/glassfish" + }, + { + "type": "issue-tracker", + "url": "https://github.com/javaee/javax.annotation/issues" + }, + { + "type": "vcs", + "url": "https://github.com/javaee/javax.annotation" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "group": "org.glassfish", + "name": "javax.el", + "version": "3.0.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "9b413b6b4c57f68cc3e8649f754153f5" + }, + { + "alg": "SHA-1", + "content": "dd532526e7c8de48e40419e6af1183658a973379" + }, + { + "alg": "SHA-256", + "content": "5ed77b9150c1cb6bdc1a195bb536eef6eb65f46f4412e26c24288690ea8033ec" + }, + { + "alg": "SHA-512", + "content": "a31efb2e99fe2429c8f39dbd8b23fce7dc30c3945ad3e6011dd1495a63a74f1d5e8ac422735de37c01938c492832155b73941614e19e06145477f65f4bc9043f" + }, + { + "alg": "SHA3-256", + "content": "6c59f62728693b7a7234a6c93d6329391633de19cd65753ddb74d78a1a79427b" + }, + { + "alg": "SHA3-512", + "content": "7193e9af5274a89a3fa9e04dcb9790db5efd6abffc8d0549c2bb597f61237544e758f98b4aaf55dfad258697bbaf4e4583695f6f5c277c06e98cd9ce21265982" + } + ], + "purl": "pkg:maven/org.glassfish/javax.el@3.0.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://glassfish.org" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/EL_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/el-spec/sources/source-code/show/tags/javax.el-3.0.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "group": "org.glassfish.hk2.external", + "name": "javax.inject", + "version": "2.5.0-b32", + "description": "Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle", + "hashes": [ + { + "alg": "MD5", + "content": "b7e8633eb1e5aad9f44a37a3f3bfa8f5" + }, + { + "alg": "SHA-1", + "content": "b2fa50c8186a38728c35fe6a9da57ce4cc806923" + }, + { + "alg": "SHA-256", + "content": "437c92cf50a0efa6b501b8939b5b92ede7cfe4455cf06b68ec69d1b21ab921ed" + }, + { + "alg": "SHA-512", + "content": "ce72626ebacfcbb1a022d0af22d7f3ae8a0f38db939e5f0b893efb9e3545c74328fa139a92c3b9bf7d833300a2830d7b883f748b0d758ed58abd6b0ce192620a" + }, + { + "alg": "SHA3-256", + "content": "da07452e3cbd7bf8e934d72e70149d317d7299fefa8de7840ac251e3e7fab17b" + }, + { + "alg": "SHA3-512", + "content": "db226d92d3e50eb91d892c9dee1832aedcdc2c11ddbc5948da4a33d10d286906fb1554e226223384bbbe7b30fa2b7b023eb7df03beb46affdd9e012722d66b67" + } + ], + "purl": "pkg:maven/org.glassfish.hk2.external/javax.inject@2.5.0-b32?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/HK2" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/hk2/lists/dev/archive" + }, + { + "type": "vcs", + "url": "https://java.net/projects/hk2/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "group": "javax.servlet", + "name": "javax.servlet-api", + "version": "3.1.0", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "79de69e9f5ed8c7fcb8342585732bbf7" + }, + { + "alg": "SHA-1", + "content": "3cd63d075497751784b2fa84be59432f4905bf7c" + }, + { + "alg": "SHA-256", + "content": "af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482" + }, + { + "alg": "SHA-512", + "content": "32f7e3565c6cdf3d9a562f8fd597fe5059af0cf6b05b772a144a74bbc95927ac275eb38374538ec1c72adcce4c8e1e2c9f774a7b545db56b8085af0065e4a1e5" + }, + { + "alg": "SHA3-256", + "content": "8acc3481503989e1a78ad619bcbdc005b616c13736522b52e5ae5d782e8a0216" + }, + { + "alg": "SHA3-512", + "content": "ab5f85d424640ddcf6fc13a41d12ffdee0be9508cd4cdc581168b31cf7917323f6e0d984a0631068e0e01c098098fe0037d1c4176352fd89ba3a4da5d641ca3d" + } + ], + "purl": "pkg:maven/javax.servlet/javax.servlet-api@3.1.0?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/SERVLET_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "group": "javax.ws.rs", + "name": "javax.ws.rs-api", + "version": "2.0.1", + "description": "Java.net - The Source for Java Technology Collaboration", + "hashes": [ + { + "alg": "MD5", + "content": "edcd111cf4d3ba8ac8e1f326efc37a17" + }, + { + "alg": "SHA-1", + "content": "104e9c2b5583cfcfeac0402316221648d6d8ea6b" + }, + { + "alg": "SHA-256", + "content": "38607d626f2288d8fbc1b1f8a62c369e63806d9a313ac7cbc5f9d6c94f4b466d" + }, + { + "alg": "SHA-512", + "content": "4a85d3b61ea018f354a4dfa43104f3b4967cb4719df203956f82f7a696f75bee9d660540fc0f7bb61e0a5f826461de8929144eddd5622f9cb59a4da289d7297a" + }, + { + "alg": "SHA3-256", + "content": "7d439b6efe13a02aa996c27db07de14c1f14e8c95b60a9205c073cfbe9cbcda1" + }, + { + "alg": "SHA3-512", + "content": "e4bc8aab836157e258f659fe687e59499d445889c6c706d9539e5bbd48a6e80a1a1029e9ae47d25871f5ddf1434c5449ce2bc67b147b5a7b58990309f7aa60a4" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/javax.ws.rs/javax.ws.rs-api@2.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JAX_RS_SPEC" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jax-rs-spec/sources/git/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "group": "org.jboss.logging", + "name": "jboss-logging", + "version": "3.3.0.Final", + "description": "The JBoss Logging Framework", + "hashes": [ + { + "alg": "MD5", + "content": "bc11af4b8ce7138cdc79b7ba8561638c" + }, + { + "alg": "SHA-1", + "content": "3616bb87707910296e2c195dc016287080bba5af" + }, + { + "alg": "SHA-256", + "content": "e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c" + }, + { + "alg": "SHA-512", + "content": "6cd839a07c55a75befa9a95c7cb2e4a87445432d475bc747410fce625ad4496ee5cc6631a445420940ef1cb408d74873980504e4d785d8ec851223301a76807b" + }, + { + "alg": "SHA3-256", + "content": "12fa4c6092728e4d1d780db85e3567ac16a8ec515daac930326513a471f60bd4" + }, + { + "alg": "SHA3-512", + "content": "3f2a0f9e1ce18e1fce8b658a9ce7603eae6a2eeb96b8c26c0a49fde515ea97b319e94f48617fdbd8b102cd51c6a3c957528b456b821e2287ac1b35a3442c35c6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jboss.logging/jboss-logging@3.3.0.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss-logging/jboss-logging" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "group": "org.jboss.spec.javax.transaction", + "name": "jboss-transaction-api_1.2_spec", + "version": "1.0.1.Final", + "description": "The Java Transaction 1.2 API classes", + "hashes": [ + { + "alg": "MD5", + "content": "4d3a6329aa429d92e7bf0c2d34302660" + }, + { + "alg": "SHA-1", + "content": "4441f144a2a1f46ed48fcc6b476a4b6295e6d524" + }, + { + "alg": "SHA-256", + "content": "d35b340768f11e683045d0b3b8c2cf0554a0495a675ae8aab5680b34e5d2a69c" + }, + { + "alg": "SHA-512", + "content": "fb751362223bd2f58d40326018b742ecb8bb49e2362b8babbfa6592e10fb0bd4c52192859771d5b4c67954bf3876bda38581795d54a566bfca66f3fdb0bfd4fb" + }, + { + "alg": "SHA3-256", + "content": "5fec9250840d8ae18ebe934e2b302d9f3c91a7166c5f6e90e8a38d19d5463f4a" + }, + { + "alg": "SHA3-512", + "content": "f4846473a8385f28649593671d9307d0a0a1362c9b36a24ea1b6f72daafb59e05b4945ed45bcadc22e52024a5c3cce9c47e9edadcc7a08f1e391b33a510cd971" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License, Version 2 with the Classpath Exception", + "url": "http://repository.jboss.org/licenses/gpl-2.0-ce.txt" + } + } + ], + "purl": "pkg:maven/org.jboss.spec.javax.transaction/jboss-transaction-api_1.2_spec@1.0.1.Final?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jboss/jboss-transaction-api_spec" + }, + { + "type": "website", + "url": "http://www.jboss.org" + }, + { + "type": "issue-tracker", + "url": "https://issues.jboss.org/" + }, + { + "type": "mailing-list", + "url": "http://lists.jboss.org/pipermail/jboss-user/" + } + ] + }, + { + "type": "library", + "bom-ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "group": "org.slf4j", + "name": "jcl-over-slf4j", + "version": "1.7.26", + "description": "JCL 1.2 implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "06ceba253db8a4d836921324015c9ca5" + }, + { + "alg": "SHA-1", + "content": "33fbc2d93de829fa5e263c5ce97f5eab8f57d53e" + }, + { + "alg": "SHA-256", + "content": "2800417ecc5c927cce2b8a2cd22f0933e4006023c4e4fb255985a27746f5573c" + }, + { + "alg": "SHA-512", + "content": "40c1c8a523687ba06041d5a3c8ae295ae57ea18c0909f106ae9154ee79eeec9d077f7e0c79cb977fdebf2c930c6972372850b528f94e69bb57e95124ff691359" + }, + { + "alg": "SHA3-256", + "content": "8e61ec106e655eb957cf915a6a2ab96d9f78298598af0edb5526d66317695f69" + }, + { + "alg": "SHA3-512", + "content": "bfb810653f89ac499283aa7d860f89369133a07b65398a4112a6f654d53cce6d4a74d2f45acd9ba669233604c94bd338247751171bb8f21d62a183bbe91ba90d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jcl-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "group": "org.jdbi", + "name": "jdbi", + "version": "2.78", + "description": "jDBI is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "ea7256f4877d929815d317c3f918de7e" + }, + { + "alg": "SHA-1", + "content": "7281bb97a89ec38db81a901a3c07ed7204efe828" + }, + { + "alg": "SHA-256", + "content": "a833944751416b95a397768c530b6796fd22fe01ff3d56f44ab80c2087096572" + }, + { + "alg": "SHA-512", + "content": "0699d1cee041bbb7f2e9857f0d4265e55af3c93e62c1d10090fa3472a3af4f052c4b6c1431eca53bf2e2ddb1df1358ac29fba6776fb0406a2c3edbe30fe73607" + }, + { + "alg": "SHA3-256", + "content": "85bab22465bd6c4128b3a3805184b780dd41c6984d6e056d7ec22b904b94649b" + }, + { + "alg": "SHA3-512", + "content": "0d3f050c4f71bfab5404ac1674306bd837ff7710b9b04893dcfe88baa3d0d3f647ee515c3b0a3159d4f6d3791f187927dabed54f05fcfa3b42bd4f0bbae93586" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi@2.78?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "group": "org.jdbi", + "name": "jdbi3-core", + "version": "3.5.1", + "description": "jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "bee3bded3f553bb751676f66de7051d8" + }, + { + "alg": "SHA-1", + "content": "fdb08f92dd4762d9a12864b685961cbef3807adb" + }, + { + "alg": "SHA-256", + "content": "05ba5a61131fee448927dd7d06fe2e0699b9c4756ece6bc844431dc1f5a3b671" + }, + { + "alg": "SHA-512", + "content": "3b8de628e4b5ba4acbedb21b4f74cbf7003fa1ce68125e8e2c8c9bb49ba38c478a34b27505bcda18e5072b47ae706a280e3db7fb53f90196d3f87543148e9b3d" + }, + { + "alg": "SHA3-256", + "content": "7b63cdd3df09bd5e6881f455db13e74d5a4f80764072d376d80814eaf28a423c" + }, + { + "alg": "SHA3-512", + "content": "9de02c1b6f19a44b6a29054da8c80e9139d03c2eeee8e908dbb8592bbffd8926a95f45f9e56f1aee85f77665cf24e2abe7e4d888ebe407fbb01be6f541c9befd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-core@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "group": "org.jdbi", + "name": "jdbi3-guava", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "0f692ba6379649453c8ceeb1c1e567ba" + }, + { + "alg": "SHA-1", + "content": "0b7a55d0eda75405221a8287993c05891ae2dd9a" + }, + { + "alg": "SHA-256", + "content": "dd2c0c13c6d29758235a9b365768cc521b5ee3c86678794e81ca5a9a7aa1de83" + }, + { + "alg": "SHA-512", + "content": "9e74b320cd5ed0ba7de5f2976dac092039ca6efcd5ab070281ce040aab9249d2299d73b3f1566cc495e6b33cd2de7fdb8e82f9410f970650daceb049daeb2bd3" + }, + { + "alg": "SHA3-256", + "content": "fb088209586cf011f4cb41752223e4cb14ca32cf8605ce6bebaa30913a120ef4" + }, + { + "alg": "SHA3-512", + "content": "5e64a7584e5585f922a7bbc3c83f76645752e0a78274d741b4ae8cb7f174ac6b2d840841ce749234955ab1d090b552dcceb7a46c2a1a0eafe95dafa26c1c2819" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-guava@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "group": "org.jdbi", + "name": "jdbi3-jodatime2", + "version": "3.5.1", + "description": "Jdbi is designed to provide convenient tabular data access in Java(tm). It uses the Java collections framework for query results, provides a convenient means of externalizing sql statements, and provides named parameter support for any database being used.", + "hashes": [ + { + "alg": "MD5", + "content": "a1936dd03d5410d8abe4f52bd8a4c219" + }, + { + "alg": "SHA-1", + "content": "76d39448cd536140a737ee7d1eca00cf919dd51e" + }, + { + "alg": "SHA-256", + "content": "693462cf417ed3faadb54f22618b3f7bfd6f8d3cd77cdadde7733c6d9666d2fb" + }, + { + "alg": "SHA-512", + "content": "da80a01e7da71aee51c9c8f9de62a394ac6a1b849675a5a80e0490c4494bc58c5dbd15c34e8f21152cc3355f8259a2d838afeb2f9802063fd3a40b9bbc4d93d0" + }, + { + "alg": "SHA3-256", + "content": "472060a39fbf46395d0fe7b6c2e5610c1532969115b27ac82d0c1434e952012b" + }, + { + "alg": "SHA3-512", + "content": "b54c0e9dc8be03a4b7a0b4ffc2ca1fa90f0beebceabba58abe0f2ddb93b0074141eab88da889577abe3c4eb2c0137cb8db907346882e88185cc0d460531d64c2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-jodatime2@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "group": "org.jdbi", + "name": "jdbi3-sqlobject", + "version": "3.5.1", + "description": "jdbi SqlObject transforms simple annotated interfaces into full-featured DAO implementations.", + "hashes": [ + { + "alg": "MD5", + "content": "fef7548d2dd71524d4e555c8d406449d" + }, + { + "alg": "SHA-1", + "content": "88a6bb67f81900f7e3b4c02e80fbe03c14180b8a" + }, + { + "alg": "SHA-256", + "content": "f5aee0d5ded32e49eddaf51fded6478d01f816a957bccd5ba62fb9eb944793d5" + }, + { + "alg": "SHA-512", + "content": "435126b915d81c594a2fc3194498a815dbd6307c8bd852d421ba866e11d4335bfd825352a58c60dadbe8cbd57a2962b0d8414c46491bd171071f7e606c41b56e" + }, + { + "alg": "SHA3-256", + "content": "8706b9badb23159cd1c690e44d10f7050d82682c025d4a0fb6c2f74cf5982444" + }, + { + "alg": "SHA3-512", + "content": "a61809da92143a4f96e16d97e5d85179f50fac762fbbc8bc36676b8868e4fb8f69cce89c93c8c0e89e3e492c6434725546c29de5b7960b1515a4fe3f0853b959" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/org.jdbi/jdbi3-sqlobject@3.5.1?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/jdbi/jdbi/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "group": "org.glassfish.jersey.connectors", + "name": "jersey-apache-connector", + "version": "2.25.1", + "description": "Jersey Client Transport via Apache", + "hashes": [ + { + "alg": "MD5", + "content": "1249f4c7b0e42fb205fd6479f8212b7f" + }, + { + "alg": "SHA-1", + "content": "778d56a186caae0c0e321afb7bf497452f60ecc6" + }, + { + "alg": "SHA-256", + "content": "98236fdeb22a34405095a70099e63cdfe72c726c3c6588c8105092b234bbca3a" + }, + { + "alg": "SHA-512", + "content": "cd9d72b8e24524fd017fad60bea318cf72b7260bfe9826f3019181d8749f906cc579ff4b25c50d869edc9e7ad92c1a216e4c143957de5d5f810f14f3d2124058" + }, + { + "alg": "SHA3-256", + "content": "51423295a961ef5c2c0b70f2a3e80ff7cd9d356b9fdf0951dbc0d42ee7d283c5" + }, + { + "alg": "SHA3-512", + "content": "f95bb4d125a7146cfe7ff8e9d4480c3f479bffa0fcb5398400a2b2faa1851c3ebda38e1bbf49a0d4d5671dd336ebc665ef1fef26a4ad8f65d715c118f703de36" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.connectors/jersey-apache-connector@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "group": "org.glassfish.jersey.ext", + "name": "jersey-bean-validation", + "version": "2.25.1", + "description": "Jersey extension module providing support for Bean Validation (JSR-349) API.", + "hashes": [ + { + "alg": "MD5", + "content": "f1860b7577c9d0c89758ad14a60485a5" + }, + { + "alg": "SHA-1", + "content": "01971927d79cad0ad2b5a3bfda24967748a2023d" + }, + { + "alg": "SHA-256", + "content": "c7f8b632016d78ac9679c8a77a7333a7979b3a446c56f6c4aa0702495beafcf0" + }, + { + "alg": "SHA-512", + "content": "723afa0898fb909c199491173caa96bf32c5b4a9f8e7211989434f1be4ec581737b1d17e2094890074fd5fd94b640002b98b9f06cb042aa755864ff9e1eb5eb8" + }, + { + "alg": "SHA3-256", + "content": "5eb1703f460fc87775426f894b776891b46e2060d209d8649fbbbf0046ff5541" + }, + { + "alg": "SHA3-512", + "content": "b538a16717eba2f15bae433116819aecfb842d17e9838cb4c67ec3242cf7f62517d7d8ddc9245d26aed83b15489988bba10a792935968c5d9731b0e07902a251" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-bean-validation@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "group": "org.glassfish.jersey.core", + "name": "jersey-client", + "version": "2.25.1", + "description": "Jersey core client implementation", + "hashes": [ + { + "alg": "MD5", + "content": "cbc88e55529984d664eb6ef1b65b3684" + }, + { + "alg": "SHA-1", + "content": "4d563b1f93352ee9fad597e9e1daf2c6159993c6" + }, + { + "alg": "SHA-256", + "content": "10671e430dc7c841eb0bc54c9f3e265dbb60e9f85efaad71d1e39807057e405c" + }, + { + "alg": "SHA-512", + "content": "2355cf157c2c6f6973db046b8eb9f0ac1fad6791e5e62457d37a2aa0d70c180a6dd8eacdf78b987bab5720091cc8197866ba1ac14b209b374db6389f187a0c58" + }, + { + "alg": "SHA3-256", + "content": "88b865b79a07061bda2f0c1b57e4aea4555da1604946eccb83343ea665ac615e" + }, + { + "alg": "SHA3-512", + "content": "ab1297141ee25407b3aaf92ce2d7441aad23badc8d9b2e68e1bb143c7155f5861a273d816d4447ade4045dba027ba6264b22d6823e798d9ebac7514f8a4eef52" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "group": "org.glassfish.jersey.core", + "name": "jersey-common", + "version": "2.25.1", + "description": "Jersey core common packages", + "hashes": [ + { + "alg": "MD5", + "content": "d1f25f421cafb38efb49e2fef0799339" + }, + { + "alg": "SHA-1", + "content": "2438ce68d4907046095ab54aa83a6092951b4bbb" + }, + { + "alg": "SHA-256", + "content": "4df653fc69d5feec7ad1928018f964e12a7513bcea7b5e8b1aa4b1f5a815815f" + }, + { + "alg": "SHA-512", + "content": "2c99617c7d5bbabd39902cd93e028e48ef3917f1017b7417873607681b0bfc31e8d5197bd06c587f64867944d81bb63c0201fe5df66962737d23fdfd7fe88fe0" + }, + { + "alg": "SHA3-256", + "content": "d5d9d3bca931954bed7bf031b299f45e0e29c92e250501f46f12400e475aaf3e" + }, + { + "alg": "SHA3-512", + "content": "dbd5ac4985d2c8e71e3606e491a7814e50ca6ccb1e3571e50073ddcf92bbf484e28ae0a4971d1e487df4d95a4f64016583e88891724a65d9c1c80f20ff7664fb" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-common@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet", + "version": "2.25.1", + "description": "Jersey core Servlet 3.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "80ebd9481c44844884fc70ac0ba333b4" + }, + { + "alg": "SHA-1", + "content": "cf5f7a76fcea38158b890ab7a0142d4db709a882" + }, + { + "alg": "SHA-256", + "content": "3669c50bef23aeeabdae02e5e4b214c9f1eb1019fa4d559f2eeadb563ba598e4" + }, + { + "alg": "SHA-512", + "content": "8db651ca49cebb031823cb6363e3af78f2f400c4857a5cef51b2be2d58ccaad6c06ee5320cb6ceff6f2a053136f00943feb6f98189d847d49ea2455312529d84" + }, + { + "alg": "SHA3-256", + "content": "c77550b169ec358ff293d1599b2897fb4f3ebedaed222257893d83b7343fa915" + }, + { + "alg": "SHA3-512", + "content": "75115f1e1a14cea1e939e3cc30b9af2cd0de853a30d41007f72361e216362cc16a35901434330292840f48edf0dd98ac9ec8bc3e5461c0668eac4a883d7b2be7" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "group": "org.glassfish.jersey.containers", + "name": "jersey-container-servlet-core", + "version": "2.25.1", + "description": "Jersey core Servlet 2.x implementation", + "hashes": [ + { + "alg": "MD5", + "content": "e31db34014609174609f8879d00e0d2a" + }, + { + "alg": "SHA-1", + "content": "400e30bb035a0cdf3c554530224141ce659a0d1e" + }, + { + "alg": "SHA-256", + "content": "232f4f4e59e5944098351379a12aecc715906831c96a855624a81da552192ac4" + }, + { + "alg": "SHA-512", + "content": "beb539ae8f16b5748db941e1beabf21482791ccf04b7adbee50d58a06c224c21e918198badf8496243ab7730284b8abcd71da9e5439702fa7a4d06ba22fa1960" + }, + { + "alg": "SHA3-256", + "content": "bfb3dbfe53102c61b1092ddc80b119fef28b6ee65e020ebdbfcbe51aacc701fa" + }, + { + "alg": "SHA3-512", + "content": "7fe6468606f4ff4c7389e9ca816f82a03c9282b296472112573047d93389b9845a49f6c1740ee67d2e93be9dbe312d89189acd681ba489b9e09716cd20965e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.containers/jersey-container-servlet-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "group": "org.glassfish.jersey.bundles.repackaged", + "name": "jersey-guava", + "version": "2.25.1", + "description": "Jersey Guava Repackaged", + "hashes": [ + { + "alg": "MD5", + "content": "08dc8642c4e990b054882cb4f422f88b" + }, + { + "alg": "SHA-1", + "content": "a2bb4f8208e134cf2cf71dfb8824e42942f7bd06" + }, + { + "alg": "SHA-256", + "content": "8a88a8ebae65cb4d77830b40f681bf742b55ec62e7a44cf91b8577a9396b9f81" + }, + { + "alg": "SHA-512", + "content": "38a59b4e7bf60d373a266e08dbd1703cab87b519e128629aa81abf314cf849ee41a26f8c0404182c6f7364a3bde40eefa61c1be561276e141c4574faf988c5d9" + }, + { + "alg": "SHA3-256", + "content": "0ffbb680d62fc28444cf2c2975cf2947d23bae403c30a381f610af5cf05ede86" + }, + { + "alg": "SHA3-512", + "content": "847cca16e534072ddf9610dc0bd56166deade9aa4efaa3aec1717664b3546964cb0573e4970a38dee5537a09fab81077ea9bd35d988e7cb68b6ca137b31679ea" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.bundles.repackaged/jersey-guava@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-jaxb", + "version": "2.25.1", + "description": "JAX-RS features based upon JAX-B.", + "hashes": [ + { + "alg": "MD5", + "content": "43c2fe9a2848343cb562f855b06b7047" + }, + { + "alg": "SHA-1", + "content": "0d7da0beeed5614a3bfd882662faec602699e24b" + }, + { + "alg": "SHA-256", + "content": "05526bed0ffc07c2cea6b399f4e61ae3c99e44021e28a4af926ed1d867ba3fbe" + }, + { + "alg": "SHA-512", + "content": "589328af6d727d73617a1cff3e7e75bbc858d417cdbcaf8e63ea3ed0086df645fe0f83538a311941744e5afd828d1d7827933b44b8c74f6f8b912c2d7f3e1be4" + }, + { + "alg": "SHA3-256", + "content": "cbc11448fe72f34353de7de8c8b1084530ebf4a7b262bde33219cab6beeea29d" + }, + { + "alg": "SHA3-512", + "content": "18313498ba720e5c1a307927f9782cee90140984ab5c6762cb6b966040d42c2610e39f41d06b9c2ac528aba2fe1b72ba5d1255f92e01848b4580eee11b95b1e4" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-jaxb@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "group": "org.glassfish.jersey.media", + "name": "jersey-media-multipart", + "version": "2.25.1", + "description": "Jersey Multipart entity providers support module.", + "hashes": [ + { + "alg": "MD5", + "content": "0ea1375a975020b60bbbbfd47a76d69c" + }, + { + "alg": "SHA-1", + "content": "1d2db0078ee1b740c4e7ec7413d328a8a7e1c480" + }, + { + "alg": "SHA-256", + "content": "909b669f76b8883a9218fb0fbc5022a286ead7d17b29aafa532b31f19ab4afcc" + }, + { + "alg": "SHA-512", + "content": "17e40bb9186289cd21edcd67cab68765e79c3cce5f2b29ac0ae6dd653395d93c3b8e29c734288e729bf26a59084393680b448ce617689e2064151ab09250c6ad" + }, + { + "alg": "SHA3-256", + "content": "8d8299e02fcbed88c708ae2c948fca016bd985aca513f61304431169441b3bba" + }, + { + "alg": "SHA3-512", + "content": "a8f03f1e4e02c76548b03f77dfc65bad4d97b305a39e17b21e3a380155b85ea428957d0e0f0d4d4b615826d491acbfbb433a3dc9cb31ba29ba0f08bc4665bbb8" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.media/jersey-media-multipart@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "group": "org.glassfish.jersey.ext", + "name": "jersey-metainf-services", + "version": "2.25.1", + "description": "Jersey extension module enabling automatic registration of JAX-RS providers (MBW/MBR/EM) via META-INF/services mechanism.", + "hashes": [ + { + "alg": "MD5", + "content": "b02f1bc0acfdaeba09346c53a49a6b0d" + }, + { + "alg": "SHA-1", + "content": "83376116af614791a26f51a93af1070520345782" + }, + { + "alg": "SHA-256", + "content": "21339af4788eb2e02e144231f6bed95c30a019fe9bdc219725da095e15d8f7e7" + }, + { + "alg": "SHA-512", + "content": "7b4bef415a18702498bd594cea37a2d17fe60b319f40fd4028b5c5e778195bc26df1563332bc359d67bcd0029957d8fe629650ec55216d1a6f84fd7ab4daec90" + }, + { + "alg": "SHA3-256", + "content": "fd690ea72f6586355206aa12a77b03e198776261bcbb1b79a3dcbc234c0c8675" + }, + { + "alg": "SHA3-512", + "content": "822c4d091069ccfd523fbe463124a1827663b488a2df3ce8f5ea9892b8b6dbbd637e52e89ea2533c010601222f3ef7660ff45276b178082f3b928dc314681e39" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext/jersey-metainf-services@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "group": "org.glassfish.jersey.ext.rx", + "name": "jersey-rx-client", + "version": "2.25.1", + "description": "Jersey Reactive Client extension implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "2c180a0fe223e22fc0e0b0b81eedd18f" + }, + { + "alg": "SHA-1", + "content": "b31b3313f48583220986877365f5e2413541f207" + }, + { + "alg": "SHA-256", + "content": "c51bad47579898505a3283f06939c5caa4df5f1bf47ebf114069e04d3cdd33eb" + }, + { + "alg": "SHA-512", + "content": "5743abf930cc5a53cac24b1b3a8a9abcba71ec4c56c11943d8b68f6b8806eccae6268c4659b7321d05ff039f2f7a21daef62308ef4746b65083cbb925bf9c570" + }, + { + "alg": "SHA3-256", + "content": "6c9cde47931076cfade1adbb27e7d708b9ed5549b599677e69e9e7617fa32e84" + }, + { + "alg": "SHA3-512", + "content": "8b9a6428336db948562751a37ad6758cd1b6a678a70759da3dba1a43d5312b86a97dd6ced61d48c5473b9d73a0fa450e103a7d687a791733f0c2edde4e880cf2" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.ext.rx/jersey-rx-client@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "group": "org.glassfish.jersey.core", + "name": "jersey-server", + "version": "2.25.1", + "description": "Jersey core server implementation", + "hashes": [ + { + "alg": "MD5", + "content": "92dad916eab7a19c5398838a78ee9cab" + }, + { + "alg": "SHA-1", + "content": "276e2ee0fd1cdabf99357fce560c5baab675b1a2" + }, + { + "alg": "SHA-256", + "content": "4b9cdae8eae88b75762614b9a458f5aac47cf6486fe408206fc64e38b80469ae" + }, + { + "alg": "SHA-512", + "content": "85d77edd81efcc32a6ac26ca91cc6a8f9f66083897f2b10de5f7576d1e869d96c64dcce4e52112341ffae1a73fff3b18eec466fc484e709ba581d1540fbe44ce" + }, + { + "alg": "SHA3-256", + "content": "60be02edbd8f39c5c33726c0b9602c580a38e22b7c30cf98c0aea1bdfe713ef5" + }, + { + "alg": "SHA3-512", + "content": "065c0c4b5a60ebc0e0ca53e6630e27f7678c762ba4cdf28f2b2cb7d0ac9cd96bf4a92dc6c2235d77d55931e0006f445debc2cc1098d4ddace06c07a08491ad43" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.core/jersey-server@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "group": "org.glassfish.jersey.test-framework", + "name": "jersey-test-framework-core", + "version": "2.25.1", + "description": "Jersey Test Framework Core", + "hashes": [ + { + "alg": "MD5", + "content": "92495cea9331aced97489263f2cb191e" + }, + { + "alg": "SHA-1", + "content": "9368dc18933a8b9f2526c86ab310b02781969aa3" + }, + { + "alg": "SHA-256", + "content": "69343548538ec2489fd4a992ea16e42453e96af94538c586fe3345e364bc578b" + }, + { + "alg": "SHA-512", + "content": "c2a8a227427d3c80cdaf773ef8813fb2609ecc4c64911ef8c8ee8a09a4ab0f4c608d7433901511c132ba39d49141be85f45032a06757a17e7f2e43efd6a22f6f" + }, + { + "alg": "SHA3-256", + "content": "7dd7ace7d4414db08bd4f2dd4d130629d9eef806d3dbd03a582f8f78372dbe63" + }, + { + "alg": "SHA3-512", + "content": "fef833f17bf0c8c9023ffdce1fc6d860d4ce119915fcabc7d8aa48853066fe0967c5220a33c03b41b45c312da4430e1057085652e0db57f5c03485b44715b273" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework/jersey-test-framework-core@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "group": "org.glassfish.jersey.test-framework.providers", + "name": "jersey-test-framework-provider-inmemory", + "version": "2.25.1", + "description": "Jersey Test Framework - InMemory container", + "hashes": [ + { + "alg": "MD5", + "content": "08b74a5a1bd1726464f8cc389dc015e5" + }, + { + "alg": "SHA-1", + "content": "d0bf8edcb87a8e886cf4552e9b5b9a4fddc70794" + }, + { + "alg": "SHA-256", + "content": "95b76e6b4131ec8cc04f3397e3c162219ef34cf661ad52ac86a977ce0b3912b9" + }, + { + "alg": "SHA-512", + "content": "9fcd31b1c2cbb5e615c1412425088c6dbd6f4acbd4b768a178d2c0a8c545486d5a3a6ad266a6b2faedeff65fa2035017e498b6a9a5bf206646e7d14e3b75d529" + }, + { + "alg": "SHA3-256", + "content": "0a4492d926542aee9f91b73691f712157c031388153270aa6121c3b60e638387" + }, + { + "alg": "SHA3-512", + "content": "a1db62f01942f3abb36d5fa867e5fb5f4372965c9c57e0f76d992421e85ce6481a34490ac15682656eb11a410c6f7b803e70cbeed635ac86b0d125f50b832074" + } + ], + "licenses": [ + { + "license": { + "id": "CDDL-1.1", + "url": "http://glassfish.java.net/public/CDDL+GPL_1_1.html" + } + } + ], + "purl": "pkg:maven/org.glassfish.jersey.test-framework.providers/jersey-test-framework-provider-inmemory@2.25.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "build-system", + "url": "http://hudson.glassfish.org/job/Jersey-trunk-multiplatform/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/JERSEY/" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/jersey/lists/announce/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/jersey/sources/code/show" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "94e9fc820f29e4ca7c4d1008b3e52f34" + }, + { + "alg": "SHA-1", + "content": "1379b37b505dc379559e75ae7424941eee924fc7" + }, + { + "alg": "SHA-256", + "content": "f843740357ea316e196703782bcc21313ee77b665f059a28d62ebbbc37aa07ae" + }, + { + "alg": "SHA-512", + "content": "a574f37273ebf3f6d0dc18491cfcfb32288063667cd51962218575438dc3eb4f6202f862a6cef71a9caa16282cac17b77a1696dc632f1852979060e8c1b9c9ef" + }, + { + "alg": "SHA3-256", + "content": "2428547743abb3f101da2f812300e1a3778b672ea26be987b1262821fbc0c693" + }, + { + "alg": "SHA3-512", + "content": "476eb0180972b5b6bb48dfccb1eccebd607420aea3562782f1a19292ecbdadc659bf28aeb11a28e3367bad613677dae9486cb4bfb2dc2168acb8cf612b39ae2a" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-client", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "7dadc5243abb6a0979518998d5c97eeb" + }, + { + "alg": "SHA-1", + "content": "2245454abf7e6374ce92f3ef9222c7dbd43c8f1b" + }, + { + "alg": "SHA-256", + "content": "e629a9bd50ac7d361389dcc21c86f7ee12fd9f9e1c0e92664d01492df135aab1" + }, + { + "alg": "SHA-512", + "content": "592ab00b4aefbfd03fa3eb9619b39be6a59cc5a60dac993cef999433e31bf89d35a97136227966af7ec2fd84e483995b6e3390dc159aa72763246683ec02207a" + }, + { + "alg": "SHA3-256", + "content": "5fc8987e14b500cd8ef3e355548129be984b7d88f02a3b3a9718dc83e2550cbb" + }, + { + "alg": "SHA3-512", + "content": "6e4d74a8ce366f9b1c41ca2636a098566b8e2800b0f2ce3653856d499e3ff683a1ca2afdeac18661a47bd8e319987903dec3b0a3c1cc16ebccb2cc2ff3a00afe" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-client@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-java-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d1e615dd0774f828e80f51cd217dadb1" + }, + { + "alg": "SHA-1", + "content": "a4129b6ad87da0b14ee60dc4cd04321ab7b6928f" + }, + { + "alg": "SHA-256", + "content": "5ac060f9d0f802010aba3ce0452d567ff6ec1f724a8cde860cb3e83aa87918c7" + }, + { + "alg": "SHA-512", + "content": "dbe734b1a1bcd194e3ff275b620aed38fb713a250d24cfa6548d047de12a2cd394840650ad46de122b53ea8103f64cf4c0d7570e781b70e45372dda9180607e3" + }, + { + "alg": "SHA3-256", + "content": "6ca9ed2338f90de1498b7e52c35ff2eae7e13463f9fed7f36f9b797ca0d6f443" + }, + { + "alg": "SHA3-512", + "content": "a591913206657bca1c3be20220c911359537100af3f6561f5d4a454635edbc7a83c51b897efeb8b075996fce37945a1c7836296873d6817e07b7ad3a46cf5450" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-java-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-openjdk8-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "6176ca5468f46113d03982b26b569645" + }, + { + "alg": "SHA-1", + "content": "cd588787b7a232e9db4d2442ef9260baedfe33b1" + }, + { + "alg": "SHA-256", + "content": "13b0943572cc330a0371317cbfbbb0f737655387b89dc75ba9a8ab8d083e1c11" + }, + { + "alg": "SHA-512", + "content": "07373c3c34ce2bb1a84200e09b4f540d6a4cd83ee9fc65084949a449a7f510bce5a91d9cd44d7cb8454e9a2090dd636da2506c10312e5b5be693682a1024afc4" + }, + { + "alg": "SHA3-256", + "content": "26c9e9d164a3471c386bf44e1c3d3150e03d54be8d947d65306bf74e26954edc" + }, + { + "alg": "SHA3-512", + "content": "90a662aad53125f7f1eebd642a62316606a249dfe04ec3ab6673deea2fbc8d51fdc83f02e403c0f1085aa7d5600b1e11b9b171fefb0903dd5aa8c6bff905c072" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-openjdk8-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "50a898e1-523d-4041-9250-b25394071a77", + "group": "org.eclipse.jetty", + "name": "jetty-alpn-server", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "1ca2253ddcbcbcc691c51938f2e341b4" + }, + { + "alg": "SHA-1", + "content": "288afd48f2eb1816889c4848a0bb8e7783ad7124" + }, + { + "alg": "SHA-256", + "content": "2d78640dc6b6035e41d763ddb9c97f07f441665be36d0a7d1e592d683df12acb" + }, + { + "alg": "SHA-512", + "content": "7ee426bb8079daf27fd03694563e534cda147d2cb38e4b50e08c3644f1a3dd88e172ad36b322bb113c67cabbbed4b11740f72ef82cc899341aae9d6427dace43" + }, + { + "alg": "SHA3-256", + "content": "1ea3606b67b91542a4d71d7b145792dcb25dce3c52037e3a32d551678ce5fda1" + }, + { + "alg": "SHA3-512", + "content": "943a863bd2beae196d07aa13b72b5d27bd5ee56a8e578b549a5c272034a232dc4f8a3f015af81837524cd37e467871bfb66c6768a279502ab4cd05e97421347f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-alpn-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "group": "org.eclipse.jetty", + "name": "jetty-continuation", + "version": "9.4.18.v20190429", + "description": "Asynchronous API", + "hashes": [ + { + "alg": "MD5", + "content": "bf4683a840d240010acacc4cc9739525" + }, + { + "alg": "SHA-1", + "content": "3c421a3be5be5805e32b1a7f9c6046526524181d" + }, + { + "alg": "SHA-256", + "content": "ad2e8fa193f06989ef6f0ca09719e1e30572e6099e7c889777836076068cbfbb" + }, + { + "alg": "SHA-512", + "content": "1ca79b0b2011ae4f5dd2f64447ec39d5140ddae6fdcdc9e1104ece137113951efeeccd7fbaa2cb174c11a944d7a6d79d94a6cf2f5a645b21016a3ba1b1421152" + }, + { + "alg": "SHA3-256", + "content": "e54fd5d441a318d250a84414eb391c6af739a5a167c7cbc70963a0cd12a60371" + }, + { + "alg": "SHA3-512", + "content": "d4fd7624498cd4113fd86ef1e71fe4f0c4d0684d34e2700b0d472decf55ae5b3d9aa59447a7ec2856ba5a2348da09057f5f3730f3e91715d2746d16d20bd5fa9" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-continuation@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "group": "org.eclipse.jetty", + "name": "jetty-http", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "0f5299204d64fb561a8062f594185dc6" + }, + { + "alg": "SHA-1", + "content": "c2e73db2db5c369326b717da71b6587b3da11e0e" + }, + { + "alg": "SHA-256", + "content": "a2626684486590535bc928a6a40c6915f99ffda96b7a14d4310bdda566b5aa73" + }, + { + "alg": "SHA-512", + "content": "93f9852cd4689993c06629ffba24b1dc9715bcf3dfb560088669459f9484373cd5541e81c18cfb3502c9ab62fab3a7061ee5d9afd0c17fc61fe23e25fa04a1c9" + }, + { + "alg": "SHA3-256", + "content": "84caddcb2c12e244dc03f0f3f8ab41fdcb96ec95c5776c00664e8916f6bfea86" + }, + { + "alg": "SHA3-512", + "content": "08d0dba27f81c3b596d46728e01b3b1f0027d9271befab6ada56e6757ef7f64e700c242cc8f9000a2792bf5053c5c16126718d6f8fd1923331a7e3d00b3c2efb" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-http@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "c19b779d-2699-44de-a189-a0d18d8dc953", + "a2897b13-bdeb-4a6c-802e-abf09fef10a9" + ] + }, + { + "type": "library", + "bom-ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "group": "org.eclipse.jetty", + "name": "jetty-io", + "version": "9.4.18.v20190429", + "description": "The Eclipse Jetty Project", + "hashes": [ + { + "alg": "MD5", + "content": "d430c2038527a0788675049f9d48760e" + }, + { + "alg": "SHA-1", + "content": "844af5efe58ab23fd0166a796efef123f4cb06b0" + }, + { + "alg": "SHA-256", + "content": "f953810e6d5349a8c1101710bf99310e0bcd3bc43d819c06858c75f419b4cbd0" + }, + { + "alg": "SHA-512", + "content": "2f7f9f8ecff8fceaa422923ed698f5945e2e4583898115ea97e2a69f2f4c7093f07c1f9e189af0ffd6b08b669074c9e3cdd5492e42aa2ba4f0bba3ad6db85c50" + }, + { + "alg": "SHA3-256", + "content": "a6a1c14235256382171a33faf4e2869e65756b87e686e70e41aa34380fdeeac9" + }, + { + "alg": "SHA3-512", + "content": "aff9eb92b24300c2395b5ee808c54abf4c8c97224bc819b0b5bbaa6977f5806037eeb34691f6b9d9534a454ae28f3e8e9b13bd0649369af5b331e80e4c703405" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-io@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "group": "org.eclipse.jetty", + "name": "jetty-security", + "version": "9.4.18.v20190429", + "description": "Jetty security infrastructure", + "hashes": [ + { + "alg": "MD5", + "content": "ea1d2d43fdc539ddf8192e2782f45e79" + }, + { + "alg": "SHA-1", + "content": "01aceff3608ca1b223bfd275a497797cfe675ef4" + }, + { + "alg": "SHA-256", + "content": "c307c68eb402979b2b6ae75a587476c9fecafbf5f4a53db22125f9af2324926f" + }, + { + "alg": "SHA-512", + "content": "140364d32cab3e7f1acd1222c14228038db35c96e22fe55d90c810308c6ed06f72972d4a40514e664e1bcdd542c25014719082b8828b8afd29a9a760b440dfe9" + }, + { + "alg": "SHA3-256", + "content": "fb9e4fd12fc7912c3ad20ec205efa02532b05af85d22b4d4e93e2e19906dadb7" + }, + { + "alg": "SHA3-512", + "content": "df87f8e4a2ac262620c8e805695d52427421e9c25225747fedba6503916bc867c4868d04b1d786d52f64917fef4bd27013ff640297da21a49e97cd2db80007d2" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-security@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "group": "org.eclipse.jetty", + "name": "jetty-server", + "version": "9.4.18.v20190429", + "description": "The core jetty server artifact.", + "hashes": [ + { + "alg": "MD5", + "content": "b0bc6045c38e309d41f84d3c60fb31cd" + }, + { + "alg": "SHA-1", + "content": "b76ef50e04635f11d4d43bc6ccb7c4482a8384f0" + }, + { + "alg": "SHA-256", + "content": "2737c60b231e804082cdb68f1118a1aa179c8f92d50345c7444d96391ac005ce" + }, + { + "alg": "SHA-512", + "content": "b16d05236e809d1494f67aeab195190faf5a301cb131ae7033c1d62bd0f4db41e025b18cb75e0c9f7cc8146debb2d34d006318c0bd0e65dcccce9cb176acbc4e" + }, + { + "alg": "SHA3-256", + "content": "755dfbda1a8bd62b465a55c8bfd761412b81fa79fb0326c6835f0b009ea76c7c" + }, + { + "alg": "SHA3-512", + "content": "bdfd84f7b1bfadce0fd4c918b00410ad596e66bd69433260439cebb516f4d44b55e1adbf96cc866ae3e9a8f96823772e2e6633c21bba41c1588067842b7540ee" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-server@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "17d2faa1-cd26-4ac7-8c68-c4a44ec398a8", + "f32ca540-f068-4392-bea0-c0d7b050b7d1", + "6d35c4e5-f5ee-4572-af28-1ca71cf48158", + "d5c5815d-1742-46b6-953a-a4ed90fdd920", + "f6ff72c7-6603-4627-899d-658f8f7c5f23", + "ebc03317-a0b4-4b53-9cd0-7ae4281c02e6" + ] + }, + { + "type": "library", + "bom-ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "group": "org.eclipse.jetty", + "name": "jetty-servlet", + "version": "9.4.18.v20190429", + "description": "Jetty Servlet Container", + "hashes": [ + { + "alg": "MD5", + "content": "63d8201a1db1aa10454015245472fdd4" + }, + { + "alg": "SHA-1", + "content": "290f7a88f351950d51ebc9fb4a794752c62d7de5" + }, + { + "alg": "SHA-256", + "content": "58b778613867b59bdd6587c57010249e62d10104e01113459453343e9c4ecaa4" + }, + { + "alg": "SHA-512", + "content": "ed6d46eac69dcb275c684e516e1bd627aa2e8b35aa022d68e256b1ec7d145525cc03ad9f55e0794026590f1df17536465c11d25c961df3ee530586a01dcd7f55" + }, + { + "alg": "SHA3-256", + "content": "bd41d1a2332a05b8826eebefc9e1e43b2924c9a810e5c14d97cc8437a4817f6d" + }, + { + "alg": "SHA3-512", + "content": "d4e1c6d118f9ad0890f69efef3141d5d6583703fc6eba5a6c069636d6cde8d48f97d9e5ed5d58e070dd6539c4a744035840e5c8a145f6223f5d9b0dd2ba9ab27" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlet@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "group": "org.eclipse.jetty", + "name": "jetty-servlets", + "version": "9.4.18.v20190429", + "description": "Utility Servlets from Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "ed9e6c52ea1c28d92b81bf5c4cff5e22" + }, + { + "alg": "SHA-1", + "content": "e5d174950a44c8f93e27cc2528eff5a6b55da2f3" + }, + { + "alg": "SHA-256", + "content": "134e7f3fd037865cc95c3a69381088ff1c86f110fb0ea62e9a6824cb7ef48abc" + }, + { + "alg": "SHA-512", + "content": "ebd6e426972fb2833bb2173017edd8937ccc64135b6a2dbab0444b25f1528e3d50bdafe39e4749300a8ae46a5eb853a130e918339f29eea308fa9212b615c76a" + }, + { + "alg": "SHA3-256", + "content": "843c3095b2f0e5f71352baf20dfb1cba119ca110fc6e3e01751551154986aac3" + }, + { + "alg": "SHA3-512", + "content": "7eb486c3cac4a8950de6aca0006a07b1b4e9be737fa0902c229e15b27c3c61ddb353ea34f7d4d397dc5cba7da91e2cbee7d086a67506d2b303717f2743b46b0f" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-servlets@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "d8add710-4eed-448d-b198-ecff8ffe86ea", + "123b8eaf-5572-4945-975d-21ed3c2f101d" + ] + }, + { + "type": "library", + "bom-ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "group": "org.eclipse.jetty.toolchain.setuid", + "name": "jetty-setuid-java", + "version": "1.0.3", + "description": "Administrative parent pom for Jetty modules", + "hashes": [ + { + "alg": "MD5", + "content": "24990c296784e354afb446ccb739e826" + }, + { + "alg": "SHA-1", + "content": "73ae4ab171d396103f32e392970641e985d1a845" + }, + { + "alg": "SHA-256", + "content": "192cb1941aa1afefd9851d984fa39a2076f9200c434abba43dab1d410bfaddbd" + }, + { + "alg": "SHA-512", + "content": "11afcd8eb8968878ce4efb2b54956b04f1a28900b8be6edc1a3482388a3dddd2880b61d1a5c083de41d0cecaa3c8a32d4077f3f15b3f38dcbc71aa64bf40c524" + }, + { + "alg": "SHA3-256", + "content": "b6e2a6fdb8cc4021d17fdc85fb8bea172d25b206eca5c5f49ac5d4e6d1a6f704" + }, + { + "alg": "SHA3-512", + "content": "224c5ce3bbddf418eb2f1f43f9c3fd3f332ac6b557839942e54fc229e6a8e009ed11aab9e86a78e2642262d0ba43d5c2ff29aa9e96b89c68726d46365d46a000" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty.toolchain.setuid/jetty-setuid-java@1.0.3?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.toolchain.git/tree/jetty-setuid" + }, + { + "type": "website", + "url": "http://www.mortbay.com" + }, + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" + }, + { + "type": "mailing-list", + "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + } + ] + }, + { + "type": "library", + "bom-ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "group": "org.eclipse.jetty", + "name": "jetty-util", + "version": "9.4.18.v20190429", + "description": "Utility classes for Jetty", + "hashes": [ + { + "alg": "MD5", + "content": "0e98accd79ef0f0709e67b32d1882712" + }, + { + "alg": "SHA-1", + "content": "13e6148bfda7ae511f69ae7e5e3ea898bc9b0e33" + }, + { + "alg": "SHA-256", + "content": "db2ae97679e4d9dd0b96e0e2e04423d41407977a87edfa0ed1714c44eb5c7aa1" + }, + { + "alg": "SHA-512", + "content": "e1994547ad741cfcc0776e856178c530687bd3f20354ebbaf4d10ed6c6773cf0b9d2201359ffaa9328606aaa7170c125433dfd83c40db8e03ad6f17d43753392" + }, + { + "alg": "SHA3-256", + "content": "af0fd5e8b166a754626964f211eebf7e5bcff175dc852e5dd28b48d32437921b" + }, + { + "alg": "SHA3-512", + "content": "da788326e973cb92399d84ea58fd884a11a82666741514f2aefe150ed47809189ebd98553bbe7b56bde0d892b51294ddbf24af341f68a2854737622a6439356e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-util@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ] + }, + { + "type": "library", + "bom-ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "group": "org.eclipse.jetty", + "name": "jetty-webapp", + "version": "9.4.18.v20190429", + "description": "Jetty web application support", + "hashes": [ + { + "alg": "MD5", + "content": "044d3037d9a5b94c8ed938d89045e06b" + }, + { + "alg": "SHA-1", + "content": "9c2f1a2b61bdc2d24f8a980c6c614aa0b588216d" + }, + { + "alg": "SHA-256", + "content": "3e7a715fb8f5ebe79d54b940f630d562629ecf91d1b3fd1403ff9700d0a3e125" + }, + { + "alg": "SHA-512", + "content": "09861241011a4f5dee0ffb7087f033f7882decda7e8bd9641fe1c759f558af28c01f050f0d904fe3f06fba3769efc887d50156cdb7567322ad5fbcee1fc7c2ea" + }, + { + "alg": "SHA3-256", + "content": "a958bee3bbb5d03e76f34e8e70552614aeaaa1fd63a56d5d56d12f552b9e4df4" + }, + { + "alg": "SHA3-512", + "content": "c2b790b16923ca0e1171b76cbb8c852b1e338cab09cc2f46f17b4479370e3d0a0308ca15bfc2d0421655c7db200bb5813a771e80cb6ed566dea9656f232ef403" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "4bb1fb03-b1bb-4ddf-bcf2-d5314c0c6442" + ] + }, + { + "type": "library", + "bom-ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "group": "org.eclipse.jetty", + "name": "jetty-xml", + "version": "9.4.18.v20190429", + "description": "The jetty xml utilities.", + "hashes": [ + { + "alg": "MD5", + "content": "637f8a266afa4cb043e1d142c7cacb33" + }, + { + "alg": "SHA-1", + "content": "dcd2806ee48e646fd4dcff81c7c6867fea2b52e8" + }, + { + "alg": "SHA-256", + "content": "2189c5316c4ef2721166353a3f6800803b2ffd06cfc4c7b16ebdef9b00108ca6" + }, + { + "alg": "SHA-512", + "content": "f60127983e3115b9df5ececcfe5a75bf4b1de0597e050d52b65d8e60875305741a3d3256d12d198e25be58b8b236a34ecc6747c05faf30465be27095b02e3206" + }, + { + "alg": "SHA3-256", + "content": "acb83341c830c2e5944c91021cac1d486e73fd5d570abfd4572346242b847940" + }, + { + "alg": "SHA3-512", + "content": "53c27e9e1c64a2046793b9f02880813669b71d534737ec84f16eadb8bdb63a717b664e602a17f1e071f411e318d6c233812910db8ae3bff933047eed08110290" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0" + } + } + ], + "purl": "pkg:maven/org.eclipse.jetty/jetty-xml@9.4.18.v20190429?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://webtide.com" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/eclipse/jetty.project/issues" + }, + { + "type": "mailing-list", + "url": "https://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" + }, + { + "type": "vcs", + "url": "https://github.com/eclipse/jetty.project" + } + ], + "affectingVulnerabilities": [ + "76910119-ee18-4144-855b-b2fdab20e33c" + ] + }, + { + "type": "library", + "bom-ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "group": "org.openjdk.jmh", + "name": "jmh-core", + "version": "1.19", + "description": "The jmh is a Java harness for building, running, and analysing nano/micro/macro benchmarks written in Java and other languages targeting the JVM.", + "hashes": [ + { + "alg": "MD5", + "content": "be8d2b77f24b93d14b3590a2c2cc9eba" + }, + { + "alg": "SHA-1", + "content": "1ea93b88f8154f0a35c16b46d76cfb2febcf4916" + }, + { + "alg": "SHA-256", + "content": "5b920f4033b55f78af121c6594e2afcc84c16f2030beef6d035463b126fc9f46" + }, + { + "alg": "SHA-512", + "content": "9bc30e04a4ee999cc1dc45be32bd60ad4248070073424efacdce85b02777dc1ef9f8aa9f57693cc4cc6964c6c934ce3c251f8db26f70bad54353c2d0849aee83" + }, + { + "alg": "SHA3-256", + "content": "b21c8a03f99e3ccadc461f35e5ed3aa3904ae25cbb44ca2dd02eb0d2f8a6582c" + }, + { + "alg": "SHA3-512", + "content": "96f2d4874d54c13b4c9392628415ce62bdff000c142901f08d3eef24c707b5cd656c328a3ef846303a85dc3dfbff69062e0167b2065b5200e52c764afe0ba418" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-core@1.19?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://openjdk.java.net/" + }, + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "group": "org.openjdk.jmh", + "name": "jmh-generator-annprocess", + "version": "1.19", + "description": "JMH benchmark generator, based on annotation processors.", + "hashes": [ + { + "alg": "MD5", + "content": "0edd4d9828437ef68acbe301910de6eb" + }, + { + "alg": "SHA-1", + "content": "e5bb13308963df412877e88fede84c1bd869ca03" + }, + { + "alg": "SHA-256", + "content": "b104c8c3c971d6aa4ff4c7a73e70cfb3e6201084332e4007ba9516a43f27003e" + }, + { + "alg": "SHA-512", + "content": "f4bdd594e25586047d93375f76fc2c85ad302b222ace4dae8e7418a24e1d75ab1ecd3f4d75d362baf3af6388bb6b3f3db7a932e8a003a8ff0c1412059e0c0c5b" + }, + { + "alg": "SHA3-256", + "content": "ea48f22ddf27853d67194836e0a13bb9a6c20a480e03252ce75403bc303a2a8d" + }, + { + "alg": "SHA3-512", + "content": "37ae2a6c8b2f38fcfcfea1343debb71cbb63af15c402fa32dc38e1913c75af7d2f4951a21edbc7cacfeeb789dbbc6fa9be9f24ccd426e1f9344de0f344a9e773" + } + ], + "licenses": [ + { + "license": { + "name": "GNU General Public License (GPL), version 2, with the Classpath exception", + "url": "http://openjdk.java.net/legal/gplv2+ce.html" + } + } + ], + "purl": "pkg:maven/org.openjdk.jmh/jmh-generator-annprocess@1.19?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://hg.openjdk.java.net/code-tools/jmh/" + } + ] + }, + { + "type": "library", + "bom-ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "group": "joda-time", + "name": "joda-time", + "version": "2.10.1", + "description": "Date and time library to replace JDK date handling", + "hashes": [ + { + "alg": "MD5", + "content": "488e6b287cde4fe6142c0da65495ab63" + }, + { + "alg": "SHA-1", + "content": "9ac3dbf89dbf2ee385185dd0cd3064fe789efee0" + }, + { + "alg": "SHA-256", + "content": "d269671656767e05a58dd634cbafc36ed70d417220b058d11c0d88dfd281616d" + }, + { + "alg": "SHA-512", + "content": "b92f67c1a8b293e3771bc2c56e5280f6a9cb523b38db7b1c8f56c427ec7147d9fec1fa425d25582060195a433005797294680e5e071fc49272575cc67f8fe58c" + }, + { + "alg": "SHA3-256", + "content": "ace6d9b18b8de8281dde7a10070f08a11a2b1aca804e2031983d8cffc61a11a2" + }, + { + "alg": "SHA3-512", + "content": "1ae2b49ee5c492a7b83f2c72e5405db0e784b0a34dee7a8d634f6a1e11023bd87653903d4c8a31a964624eb6137db0f612a0d54d509e7a4c39b09c09d30309af" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/joda-time/joda-time@2.10.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://www.joda.org" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type": "issue-tracker", + "url": "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type": "vcs", + "url": "https://github.com/JodaOrg/joda-time" + } + ] + }, + { + "type": "library", + "bom-ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "group": "net.sf.jopt-simple", + "name": "jopt-simple", + "version": "4.6", + "description": "A Java library for parsing command line options", + "hashes": [ + { + "alg": "MD5", + "content": "13560a58a79b46b82057686543e8d727" + }, + { + "alg": "SHA-1", + "content": "306816fb57cf94f108a43c95731b08934dcae15c" + }, + { + "alg": "SHA-256", + "content": "3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda" + }, + { + "alg": "SHA-512", + "content": "18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af" + }, + { + "alg": "SHA3-256", + "content": "e5c7a060e6bd75fb9ef2b7eeac082550bd4f01049c0da929c57ae71fef59b32a" + }, + { + "alg": "SHA3-512", + "content": "6b35fe9fcb3497a9e3a4b0c55dab300b63155c76bbce88fae9b3dcc1012f2c55d7c70216173299817830328071f5c3af079a67ce9af96c25b6befbcef915b049" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/net.sf.jopt-simple/jopt-simple@4.6?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "http://github.com/pholser/jopt-simple/issues" + }, + { + "type": "vcs", + "url": "http://github.com/pholser/jopt-simple" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "group": "com.google.code.findbugs", + "name": "jsr305", + "version": "3.0.2", + "description": "JSR305 Annotations for Findbugs", + "hashes": [ + { + "alg": "MD5", + "content": "dd83accb899363c32b07d7a1b2e4ce40" + }, + { + "alg": "SHA-1", + "content": "25ea2e8b0c338a877313bd4672d3fe056ea78f0d" + }, + { + "alg": "SHA-256", + "content": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7" + }, + { + "alg": "SHA-512", + "content": "bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804" + }, + { + "alg": "SHA3-256", + "content": "223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff" + }, + { + "alg": "SHA3-512", + "content": "3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://code.google.com/p/jsr-305/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "group": "org.slf4j", + "name": "jul-to-slf4j", + "version": "1.7.26", + "description": "JUL to SLF4J bridge", + "hashes": [ + { + "alg": "MD5", + "content": "2bb060120bc3feda3d964bf5be845fbf" + }, + { + "alg": "SHA-1", + "content": "8031352b2bb0a49e67818bf04c027aa92e645d5c" + }, + { + "alg": "SHA-256", + "content": "0f3b6dfbfb261e3e2b71ea88574452f36c46fec016063439eb8f60083291918e" + }, + { + "alg": "SHA-512", + "content": "201d8fc50e94469cfddc79faa6d7492602243a13454dc58e42d6422f1e7f1d1b352474930bf13c1784c252721bee92a636723a1f75d3cb578fec200b42275e2a" + }, + { + "alg": "SHA3-256", + "content": "dd6032a174bd7527a7195462617a613dbbb0dbbcebac49aca1c3fb2b4db79e3b" + }, + { + "alg": "SHA3-512", + "content": "2bf9adba76cbd0541b1462e952cce50baedb6feac8d963f59db8374a895469d340f5787defeffefb48162a0171f54dbfe1d173de7ec08b080c01260611dd7e25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/jul-to-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "group": "junit", + "name": "junit", + "version": "4.12", + "description": "JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.", + "hashes": [ + { + "alg": "MD5", + "content": "5b38c40c97fbd0adee29f91e60405584" + }, + { + "alg": "SHA-1", + "content": "2973d150c0dc1fefe998f834810d68f278ea58ec" + }, + { + "alg": "SHA-256", + "content": "59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a" + }, + { + "alg": "SHA-512", + "content": "5974670c3d178a12da5929ba5dd9b4f5ff461bdc1b92618c2c36d53e88650df7adbf3c1684017bb082b477cb8f40f15dcf7526f06f06183f93118ba9ebeaccce" + }, + { + "alg": "SHA3-256", + "content": "02b1f076652120813646a0cb34350f0c73a3299b221567e089f6aaadf8ab444a" + }, + { + "alg": "SHA3-512", + "content": "9e8f7057647c11564178e4569cf4f5682d3688b49d81acc60fd301f61053932ee9ac109c19cb639f7710d23afc76cb106ebde0f8143e2fe5fa08605201720a8b" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.eclipse.org/legal/epl-v10.html" + } + } + ], + "purl": "pkg:maven/junit/junit@4.12?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.junit.org" + }, + { + "type": "build-system", + "url": "https://junit.ci.cloudbees.com/" + }, + { + "type": "distribution", + "url": "https://github.com/junit-team/junit/wiki/Download-and-Install" + }, + { + "type": "issue-tracker", + "url": "https://github.com/junit-team/junit/issues" + }, + { + "type": "mailing-list", + "url": "https://groups.yahoo.com/neo/groups/junit/info" + }, + { + "type": "vcs", + "url": "http://github.com/junit-team/junit/tree/master" + } + ], + "affectingVulnerabilities": [ + "499117ae-d134-4505-8674-ed498531e7a9" + ] + }, + { + "type": "library", + "bom-ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "group": "org.junit.jupiter", + "name": "junit-jupiter-api", + "version": "5.2.0", + "description": "Module \"junit-jupiter-api\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "d85d733ecb4120eb7ad5be3134d09053" + }, + { + "alg": "SHA-1", + "content": "9cd901df48d88d8e605a6ccb2c3f140c92db6bf2" + }, + { + "alg": "SHA-256", + "content": "47f7d71b35dc331210b9ab219bbb00d54332981aa12eb5effe817de17e1ae7b3" + }, + { + "alg": "SHA-512", + "content": "8b54b50e8e10b9aed8a1d65338b86d3cd28fabba15f536df457689b99145a451f0144c703eaa848e0bf5c7dc7719ec442b479bac1b7d88cb9ba2cddffd0f1f13" + }, + { + "alg": "SHA3-256", + "content": "2a215014d5df1141f50d9c800b004d9bcb391163b05365ba3f9d145a71e69171" + }, + { + "alg": "SHA3-512", + "content": "1cb1e7a4279d2949081aad395cd158bf28a8ad12682a3f8962da50f1b3c2b4f64a206089145bdc8e4730b689f791e1f306361c4f8e0044dd88fa9f38f1916cd1" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-api@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "group": "org.junit.jupiter", + "name": "junit-jupiter-engine", + "version": "5.2.0", + "description": "Module \"junit-jupiter-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "23b9c1eb5cbc9ff595fbedb9d6ff2068" + }, + { + "alg": "SHA-1", + "content": "de87318ccd3dfa1a98ebfef792d362776f1914de" + }, + { + "alg": "SHA-256", + "content": "8f994f4094790e246dc84de86a1ff4194ca85e8b13bedaca0207f727ebfbc813" + }, + { + "alg": "SHA-512", + "content": "f2bf6ab75a111cd2cda9f8d50f62b3986fc7b675b9f14abfa73d44ccbce010b559bb2a7dcee670e8134f1e8859c2c804b87b50b141c6d48a55699cf07f1d75d7" + }, + { + "alg": "SHA3-256", + "content": "1c2e7d5d721f35eb5f4c206f920d5f34a480b5e93d991ff602acbb3002ae6cb3" + }, + { + "alg": "SHA3-512", + "content": "de4c58a5d5acfc20a8008f07c94258a6023664c6879518fec9e37eff79f106bb3645979615d792f7de404bf52b8c0e6425902c177458a483a6087bf9a4cdd822" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "group": "org.junit.platform", + "name": "junit-platform-commons", + "version": "1.2.0", + "description": "Module \"junit-platform-commons\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "b3199ff22308f68d7dc3e400fe53f51f" + }, + { + "alg": "SHA-1", + "content": "dbce1d822d3dc6c61703b340cd79018518685451" + }, + { + "alg": "SHA-256", + "content": "7771af2f797d1d0ccce9920eb3cd826fb8fd7659ccb4d8877e76d9412be72cc2" + }, + { + "alg": "SHA-512", + "content": "b08bcfa884c67ae155ea5eb0ae33f0d58e88096015b82ebf3e5a301292b4622aea1514285aeef7361f8b9e4c83e48e5d8842433afe6e3b0b06c7a1c8729b104e" + }, + { + "alg": "SHA3-256", + "content": "87b03d3ecafccbaa1dc2bd068117cf95ac520546131006bd744464ef757ec44a" + }, + { + "alg": "SHA3-512", + "content": "9501a107af25b97f4e7a102b9262f8438915cc2e93599a2343255fd1935e3c86853a50934376f509fe45f0f601f4ba8023b02ef091e51c51675469170ed88a70" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-commons@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "group": "org.junit.platform", + "name": "junit-platform-engine", + "version": "1.2.0", + "description": "Module \"junit-platform-engine\" of JUnit 5.", + "hashes": [ + { + "alg": "MD5", + "content": "14405ffac9858d89cc0609b16b8c763c" + }, + { + "alg": "SHA-1", + "content": "35fa3529ce843ada1a10b0909ccb4a8148ee638d" + }, + { + "alg": "SHA-256", + "content": "60b102e94ea01556fdc8c041950a05450edc188e3708f032a6bfb1a50ba0bc22" + }, + { + "alg": "SHA-512", + "content": "d367cad97695832f088e299d873570ea9e4bffd30222a5b3157fd506d9405776cfba78b8dc0b6e2697e96d0008ad65b7a35324fab7386c99257d2a723641b679" + }, + { + "alg": "SHA3-256", + "content": "25189ca0767cdad052cca52e00fb63557e8581d3733cf1272dfa780d668ff140" + }, + { + "alg": "SHA3-512", + "content": "d8b6d4a3f9bb96a1b6f610038b50f9a647526e5d0a805bcdd4c13603cdb3508a39a4403c9674b9bca67e673a6493f51a7d363e88fe28efd50382f7832bc20f2a" + } + ], + "licenses": [ + { + "license": { + "name": "Eclipse Public License v2.0", + "url": "http://www.eclipse.org/legal/epl-v20.html" + } + } + ], + "purl": "pkg:maven/org.junit.platform/junit-platform-engine@1.2.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/junit-team/junit5" + } + ] + }, + { + "type": "library", + "bom-ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "group": "org.liquibase", + "name": "liquibase-core", + "version": "3.6.3", + "description": "Liquibase is a tool for managing and executing database changes.", + "hashes": [ + { + "alg": "MD5", + "content": "455a827f017027c276fdfc1ec0bba595" + }, + { + "alg": "SHA-1", + "content": "737c5a4fac26ee760d016923c83481ff933e4875" + }, + { + "alg": "SHA-256", + "content": "e3d877af44ebe7f253525319e3a95bd14e249bfb3d55e9c458e78458bce8426d" + }, + { + "alg": "SHA-512", + "content": "a2c453c71c654ecdf98b86293981fd53ef270b8834b1903b88566dd515da22df17a47a7a31f6c8c65f496ec64613c101ab5501ea9e8293001703f9d2a65c878b" + }, + { + "alg": "SHA3-256", + "content": "6cc2d3b40b26f5b20f62647f3dfc3238741eebd176e51ed76bafe534781554d8" + }, + { + "alg": "SHA3-512", + "content": "1efc7bca74a8e561b48786cff789dba1b87cf4e6d7dc65da70bc71590c653ffd2111d8fb703cea6a429481c68c385299cf59f5b15072ccbe2365d53fc548292b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.liquibase/liquibase-core@3.6.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.liquibase.org" + }, + { + "type": "build-system", + "url": "https://circleci.com/gh/liquibase/liquibase/tree/master" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2" + }, + { + "type": "issue-tracker", + "url": "http://liquibase.jira.com/browse/CORE" + } + ], + "affectingVulnerabilities": [ + "7b0674fc-e326-47d0-b34b-b5bfb523784b" + ] + }, + { + "type": "library", + "bom-ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "group": "com.mattbertolini", + "name": "liquibase-slf4j", + "version": "2.0.0", + "description": "Liquibase SLF4J Logger", + "hashes": [ + { + "alg": "MD5", + "content": "c0de626cfee6e91f2fe3f28aca48a6f9" + }, + { + "alg": "SHA-1", + "content": "15d0d15b546ef66caf3385a3c13aeb75663b3ba4" + }, + { + "alg": "SHA-256", + "content": "1378fcb84657a57fd133328b13ea0578d18011fb4578dd915b292f9b8afbfd6e" + }, + { + "alg": "SHA-512", + "content": "193195e7aba3a04c4bc27a8cb424d8ede7e9a00f0682801906b59cfafe717c19ed47bf299e033da9b91400f936a90a14137b0b48ed55a46a2527db644cfe7947" + }, + { + "alg": "SHA3-256", + "content": "143f1704ce5f758ce1c3dc2bfce78abac50638cfe54537042ada01ce8c765f89" + }, + { + "alg": "SHA3-512", + "content": "0d7e066b3760514259844a5b137706b47ce61fabf24ac34e59445609e0a41e5497d90bb8786c06e1fa767375c4ee039d1c44c4b136fdb63d08ada9967286502a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/com.mattbertolini/liquibase-slf4j@2.0.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/mattbertolini/liquibase-slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "group": "org.slf4j", + "name": "log4j-over-slf4j", + "version": "1.7.26", + "description": "Log4j implemented over SLF4J", + "hashes": [ + { + "alg": "MD5", + "content": "0ca7c8107e86b7e251cf15d475db5183" + }, + { + "alg": "SHA-1", + "content": "daeb21c5e35d77d550e721c4cf5aaa716496d31a" + }, + { + "alg": "SHA-256", + "content": "81a1c31befb21e3975064f43e0b1692b7fc2dc5f6d8dc3b6baaa7b8c3e5ddd5b" + }, + { + "alg": "SHA-512", + "content": "6ae099e1ad5526212f2758a9e16ce7027833e47dff9370c7dbc5317c43f0d3450f20a437ae1a97594382cd27b74c276cb0f3c32de0668b61daf874fb4d30bc90" + }, + { + "alg": "SHA3-256", + "content": "7fe9883b0d6edce803b4942d53771c9e87735076e5ee162037bce3180e067c04" + }, + { + "alg": "SHA3-512", + "content": "349b75322aaf3d4fa035ed2c98c3f289ea6c2bef2bc6756b018df99536d99ceaa17b9192ce5bdde1a213ec75ecc60d11629189a5774b166e671a709e7f2df708" + } + ], + "licenses": [ + { + "license": { + "name": "Apache Software Licenses", + "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" + } + } + ], + "purl": "pkg:maven/org.slf4j/log4j-over-slf4j@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "group": "ch.qos.logback", + "name": "logback-access", + "version": "1.2.3", + "description": "logback-access module", + "hashes": [ + { + "alg": "MD5", + "content": "9468ae35cd2e92164659543a55280aac" + }, + { + "alg": "SHA-1", + "content": "e8a841cb796f6423c7afd8738df6e0e4052bf24a" + }, + { + "alg": "SHA-256", + "content": "0a4fc8753abe266ea7245e6d9653d6275dc1137cad6ecd1b2612204033d89687" + }, + { + "alg": "SHA-512", + "content": "b72a31503d09eb0f40abad77a44617b7edc2904e2e619f7cdcbab2536965be34e91ebbaffd0444027d15bad2562515762ee13a7163d9e12f82017334dc84a6a2" + }, + { + "alg": "SHA3-256", + "content": "db933b4474fd6b77e89b1f68f4117d7b299788b0706e926ea88506f086b54f63" + }, + { + "alg": "SHA3-512", + "content": "64acf87611208b7ccda4408ebd924dad609f3bb3e217fcaa80f13cfd098225183a559e5023b7ceabb07ff3ab705f13aad732b04f781f2b618e2f3de31376c089" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-access@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ] + }, + { + "type": "library", + "bom-ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "group": "ch.qos.logback", + "name": "logback-classic", + "version": "1.2.3", + "description": "logback-classic module", + "hashes": [ + { + "alg": "MD5", + "content": "64f7a68f931aed8e5ad8243470440f0b" + }, + { + "alg": "SHA-1", + "content": "7c4f3c474fb2c041d8028740440937705ebb473a" + }, + { + "alg": "SHA-256", + "content": "fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0" + }, + { + "alg": "SHA-512", + "content": "9ad5df9055e74c1db67e10422774e740903477c821591702d2709a4c1f73e3fc3fa6b1a871b6985901817bc2bdeba916849035dc2bbf518f308637b0586e36f1" + }, + { + "alg": "SHA3-256", + "content": "7d38586cfd6e1363970ac1811eb49dd9e535e2d2bf967118ce8f28592655ac24" + }, + { + "alg": "SHA3-512", + "content": "0a47917a6adfaef45e1170ff419800a7c88771510c6d5744b081e0572f70d2e339a5bbdd9b0637c2ecfcdd49a095c856ec293e8a41bbd03ef9b5a67d42731e67" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ], + "affectingVulnerabilities": [ + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" + ] + }, + { + "type": "library", + "bom-ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "group": "ch.qos.logback", + "name": "logback-core", + "version": "1.2.3", + "description": "logback-core module", + "hashes": [ + { + "alg": "MD5", + "content": "841fc80c6edff60d947a3872a2db4d45" + }, + { + "alg": "SHA-1", + "content": "864344400c3d4d92dfeb0a305dc87d953677c03c" + }, + { + "alg": "SHA-256", + "content": "5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22" + }, + { + "alg": "SHA-512", + "content": "bd1a7512647fe61b90cfd18bedf2a33f3f16f334f8f8ce947cdd353c0b0b7a7cce203070f0d2183f6583e0f2b2fe6e0b12eb93bd5b2dc29076e7b466447f6dc5" + }, + { + "alg": "SHA3-256", + "content": "7e43423025fc6ebe94b4cc641dc60a4507f93dd1445214847a069595f7cb728e" + }, + { + "alg": "SHA3-512", + "content": "76a7f8df50903e80c5455da2307705f1ce08e098b75d02c1e36cb8b06eb3dc18c4e93fbf4ed1dea143d73645a652b52bb26e789d1fa111866c54a57c2025049e" + } + ], + "licenses": [ + { + "license": { + "id": "EPL-1.0", + "url": "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html" + } + } + ], + "purl": "pkg:maven/ch.qos.logback/logback-core@1.2.3?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/ceki/logback" + } + ], + "affectingVulnerabilities": [ + "bdd3f85b-5284-4163-be5b-0dd84b9300ac", + "0d58391c-d0fe-4b46-8f8d-6a49db7fb354" + ] + }, + { + "type": "library", + "bom-ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "group": "io.dropwizard.metrics", + "name": "metrics-annotation", + "version": "4.0.5", + "description": "A dependency-less package of just the annotations used by other Metrics modules.", + "hashes": [ + { + "alg": "MD5", + "content": "18a5f9cee781de1bee53b78df6e37c4e" + }, + { + "alg": "SHA-1", + "content": "b30a0e181a5b5170c3b9bf513a9f2cc756dd4319" + }, + { + "alg": "SHA-256", + "content": "ef1ac18eeb33545913992f1b3d4779c9438435cea26a3a4366f05457a1006159" + }, + { + "alg": "SHA-512", + "content": "574a8d69f2610641d087d2ccf5509787c0993ce3f6fab1877580243cb8d57eb646e3cca9e9336d3e61776fdcb875770017d3182b7238ddfe0c31b08bad4edc30" + }, + { + "alg": "SHA3-256", + "content": "841decb2aae5beba8df9d315b687fe9c5c9c0addf481e75c5de17e408b7d6d07" + }, + { + "alg": "SHA3-512", + "content": "61e765ec087be04c969bbf542c2c743b3de4a613dd77d8820e73976b51cb31f291a575623c64e2c0d865408965904611be2a91213fa387d01e7552de48770056" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-annotation@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "group": "io.dropwizard.metrics", + "name": "metrics-core", + "version": "4.0.5", + "description": "Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "f5fb039e8ed41743d3b6590547d85894" + }, + { + "alg": "SHA-1", + "content": "b81ef162970cdb9f4512ee2da09715a856ff4c4c" + }, + { + "alg": "SHA-256", + "content": "e31f5bc2fc58dcacd0cf31f7eafa43d3b981873dac0d3f0ffebb145675f1c8a8" + }, + { + "alg": "SHA-512", + "content": "5d553993bf5bbd985453bb69f0704997f624a6ef81aa126c7228fe3d2dd7ebe57e7eeb161067e19914a9f36c762ce2fa7be5e47d0fb4deb623a3fb82ed6a70f2" + }, + { + "alg": "SHA3-256", + "content": "5ba7bcb9d456edb43cf67736e066d9558da57205f916c5ada7f5058b2f8cbc90" + }, + { + "alg": "SHA3-512", + "content": "fcb8a3e52da3f8e9f86c692d8d68661acfe2b6aeb29866325178f3732176e099d0c6c9933d187b0840cf632de154087ad0ae6e8daf2712bedaaaa5e9a4c97214" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-core@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "group": "io.dropwizard.metrics", + "name": "metrics-graphite", + "version": "4.0.5", + "description": "A reporter for Metrics which announces measurements to a Graphite server.", + "hashes": [ + { + "alg": "MD5", + "content": "22f848bd3427fa8d5caa8717468097f5" + }, + { + "alg": "SHA-1", + "content": "76e8758356373d5aed5abacbda429b38f6e8fa98" + }, + { + "alg": "SHA-256", + "content": "e7ece2bb30cf016a012286d7077fd1d9741c3e205ac7095fdc081e4c552436db" + }, + { + "alg": "SHA-512", + "content": "e1c984ee8daa837add7b4ca0d07162faebf4b7d2bb88b7bd355eccd570e3935fb1c49acdf8b1dcc5c88bbf04c67cda2a7efdcf375d0247d35b7744f9ab810a4f" + }, + { + "alg": "SHA3-256", + "content": "d3ac2a04fe0a5225e4c8ce2a2c46d196ef466eccfa00254cab8df1a08f5dc4fc" + }, + { + "alg": "SHA3-512", + "content": "d2ee456e6964ec862f1a770c386084cf016983c03083a5516405ce4372204a0e0d5feb27e78d7f5d7345719b9af256f8d000cde922547c159de14cb860cc2403" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-graphite@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "group": "io.dropwizard.metrics", + "name": "metrics-healthchecks", + "version": "4.0.5", + "description": "An addition to Metrics which provides the ability to run application-specific health checks, allowing you to check your application's heath in production.", + "hashes": [ + { + "alg": "MD5", + "content": "e64c9571317f403046ad8a04814cecab" + }, + { + "alg": "SHA-1", + "content": "73177b73f9d7ac80b0d0125db9dd41faab816c52" + }, + { + "alg": "SHA-256", + "content": "bd3be08664f03a27bc625b88d91e852cd105b6f53725cfa54a7167a268f2fe0e" + }, + { + "alg": "SHA-512", + "content": "e2c16ef7751558c07e8268d3448477c2296d2f83e1f915fe09b2e0f54c62cf774c9a8b8b3dfedccd882d95cf78bc0f0af3d997af0de8c0c5d489de36883f0b09" + }, + { + "alg": "SHA3-256", + "content": "8dd767ac7aca8dfaef37a32010f341ea4ee20e8190251b367f47cdbc3cba857e" + }, + { + "alg": "SHA3-512", + "content": "34929a8391da886a045a6947b17c875fd3d7c37f85e03d47572d2de359885c101c61a735f9c09cdb8ee4100221acb650389b74071b8c1184e032f2ce2947f67a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-healthchecks@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "group": "io.dropwizard.metrics", + "name": "metrics-httpclient", + "version": "4.0.5", + "description": "An Apache HttpClient wrapper providing Metrics instrumentation of connection pools, request durations and rates, and other useful information.", + "hashes": [ + { + "alg": "MD5", + "content": "023faaf10f012b67e15faa137d106f21" + }, + { + "alg": "SHA-1", + "content": "d02819ff820207d03d0082ef24cd36157d7c5188" + }, + { + "alg": "SHA-256", + "content": "12112aebd3bb53cc5451846202f4333588dc5455e4739c0c2360103700c24e42" + }, + { + "alg": "SHA-512", + "content": "9c991dae8890b35046c258536884d68f821d1e4aabb65c8e1c845309fadf0e9e2849e0653bc6aa5a008336569d8eb71a660a06f402a7a933a3da85604c45e67b" + }, + { + "alg": "SHA3-256", + "content": "f2bd98bc7e39c259544dc04853e5404d6cdf9c7095fcc718ba65b597a377ef33" + }, + { + "alg": "SHA3-512", + "content": "7fa6cba3b553b5c3ffc943ca2ff387d2b542d7170bcea5b43fffe150cd0a3849244ec3a2bbcfce28e8f9d762a925e4cbc7101785f2c3c4d00af61e2f97d00dcb" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-httpclient@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi", + "version": "4.0.5", + "description": "A JDBI wrapper providing Metrics instrumentation of query durations and rates.", + "hashes": [ + { + "alg": "MD5", + "content": "7700c4ec787e2355d290e0f40820de15" + }, + { + "alg": "SHA-1", + "content": "005441385ea7bf674fc480dc6bc6dcff6a7278ec" + }, + { + "alg": "SHA-256", + "content": "6858a83724e2df638c475425ea48811ca84c28fc778f92251209e17317e225c4" + }, + { + "alg": "SHA-512", + "content": "671beb600961db9ca14f043225670c18035f3db932ad67bb6f04bae4a57e67e7265b317d851009bd764344dcfdffe8073156b4f517e8c71954af2575bb7c9f32" + }, + { + "alg": "SHA3-256", + "content": "95a48e7ac5a1e6dfd2590e1a79b046017a90b7dce17322d35f10d18408d42526" + }, + { + "alg": "SHA3-512", + "content": "f68985671638695e6ddbf6260010a5a23e2f841c781ea6b4fbe91a0c6c9bcbcc1fd8d9d4501a02e4f86922d8f7071154d54c3c281d662e9c4262014599c37393" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "group": "io.dropwizard.metrics", + "name": "metrics-jdbi3", + "version": "4.0.5", + "description": "Provides instrumentation of Jdbi3 data access objects", + "hashes": [ + { + "alg": "MD5", + "content": "594d03f7743b46ef08ed0d1dcc1bb31a" + }, + { + "alg": "SHA-1", + "content": "2d39572d9612ce28bea84d46808d25d3b8af3133" + }, + { + "alg": "SHA-256", + "content": "e08dfdaa141b4f6d3338b09f3f1f7f463596adb0d335b600e1bd636cc02b7b22" + }, + { + "alg": "SHA-512", + "content": "4f2119fa34092ac2649b27d93e54af0de724719f994803407b5c307a8443ff70dee7d411b1360caf92595a87e570b44e60fe2745d8d283e857eb2ce6f0f656f5" + }, + { + "alg": "SHA3-256", + "content": "c4cd10df90cf8b3b9a06f634c9d31e5bee07e98cdb5640220434a43d66231cdb" + }, + { + "alg": "SHA3-512", + "content": "3d60e9e5707c3e34eed30746c85bfbfcae3dded9509dd7047092ad42d184f36395a3d06865ce7ffa1f12b433ecf99b090e713751be03203af168aa4d99dd6a6f" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jdbi3@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "group": "io.dropwizard.metrics", + "name": "metrics-jersey2", + "version": "4.0.5", + "description": "A set of class providing Metrics integration for Jersey, the reference JAX-RS implementation.", + "hashes": [ + { + "alg": "MD5", + "content": "e56b570fcb934ef302433d338823511d" + }, + { + "alg": "SHA-1", + "content": "cea8d4217ccd087f302611a54e4dd6071ba5844c" + }, + { + "alg": "SHA-256", + "content": "91cb412f7aca24de727b3724885fd2e6ff0e8bdb422a73ad66d25375594bf63d" + }, + { + "alg": "SHA-512", + "content": "3bc8572f0d183c30b0f83f5b4acd3a05c8d3c3b728298d6b8899da0d299df8d9acdc5435f82c23eb6ba5a3d2bb5c8f66637d6315caf95bf3b807c53e5bc6c217" + }, + { + "alg": "SHA3-256", + "content": "b2dda5477d6dcbd6fdcdd1f3acae482b0f83f24018706a03713c04dcd6c1f744" + }, + { + "alg": "SHA3-512", + "content": "af35ae7568a5df2be2e8cb9ef99256b0956b97b44ec0447863127e9f2e84f7baec0c5c0ed89a8146685e30af98e05a34618a58f2a76fe57272fb8ee98b5e9d62" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jersey2@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "group": "io.dropwizard.metrics", + "name": "metrics-jetty9", + "version": "4.0.5", + "description": "A set of extensions for Jetty 9.3 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization.", + "hashes": [ + { + "alg": "MD5", + "content": "99b6f3ed9f4663ed9db4700e4bf388fa" + }, + { + "alg": "SHA-1", + "content": "87f3b49a7377e56f62046875d394ed0028b37690" + }, + { + "alg": "SHA-256", + "content": "e2c769fc1c269e2200950b8d33800be4b0043302eaa189ba5cb7ce518c48b46a" + }, + { + "alg": "SHA-512", + "content": "e3b7ee7c506e8bef74e87adb6e589f3dfac2a0905f66a0eed1af9d2cffa6a3e6f74573e6ca3d3469d8afba0307fb18f74b21397146e0b82ede387a41554f44a0" + }, + { + "alg": "SHA3-256", + "content": "09bb7c73faefc5549d032d9bdc471f500b9370caef0dc9896ca44cdd6fc2ff48" + }, + { + "alg": "SHA3-512", + "content": "ac44f708dff820a3f19b3cc01d4f936b7ca46cd9fedd76e9c57ecc7c0b7d76a9f5db641742453c8893b5b0eb2255ce8c7697fc11569e57afa456d08f00141fc9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jetty9@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "group": "io.dropwizard.metrics", + "name": "metrics-jmx", + "version": "4.0.5", + "description": "A set of classes which allow you to report metrics via JMX.", + "hashes": [ + { + "alg": "MD5", + "content": "863de91e135c8455d70fa3acf01cdf72" + }, + { + "alg": "SHA-1", + "content": "d7be4ddd7ba674ee8be1d23d883fb3ca68ee1d54" + }, + { + "alg": "SHA-256", + "content": "079133de87f7d3512200a8071bacfdbed46d6a73995578fc24bbf4c03df6d188" + }, + { + "alg": "SHA-512", + "content": "211ebec4191c7482bf0fc02785fd924fdc980c4bbbf440be8f5d4f87f1971bca646f7174c45c0566b41af08fc603225d38691b32482986887775c9e51185615c" + }, + { + "alg": "SHA3-256", + "content": "d02352d947a4475cf67e9f24d33b3bd16cc908acb78cb294d2763fee7d1e4fee" + }, + { + "alg": "SHA3-512", + "content": "7ca4565c9a0c3d1a96d021b7cc4b896b885352ac8cae96e4700f7c2fa40a6c367e05c48df0a81ef112a6769bd8f2f01ceb86e2a984d67286a3627b565bbd8f00" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jmx@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "group": "io.dropwizard.metrics", + "name": "metrics-json", + "version": "4.0.5", + "description": "A set of Jackson modules which provide serializers for most Metrics classes.", + "hashes": [ + { + "alg": "MD5", + "content": "9784b95742e0e8fe76e8d5376e7abf5f" + }, + { + "alg": "SHA-1", + "content": "8c66fea9f767588ae0995be27558b1f3ae8d75ef" + }, + { + "alg": "SHA-256", + "content": "008ce354b30ef48060786b6a31144e04b6bafdfca69e6307cbf66602ae331023" + }, + { + "alg": "SHA-512", + "content": "515734a08814f3df1f6ae853a2cac0fdab5637e129ca9bc3f62feba9190a2e43013362009f73f4fe3e06f3d08fdf0ec7ec8481dab3a6435de743322d4620dc55" + }, + { + "alg": "SHA3-256", + "content": "70620d2f107ff8fdf5bc16a91df9a49daf3fe84fb268edafbafabd43ec61ef0f" + }, + { + "alg": "SHA3-512", + "content": "f33d7c456efabd1eda7f0cc99df57e870b747d3f2c49571373c4564eb50388350260d08f4d53be2c5fe8a7ae766d9181d0f394e996156d839c5bfda9858c119d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-json@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "80b88754-8b78-4597-bc4f-47788add0031", + "group": "io.dropwizard.metrics", + "name": "metrics-jvm", + "version": "4.0.5", + "description": "A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics.", + "hashes": [ + { + "alg": "MD5", + "content": "a19a85dc56ac7179bd974e4eb0c8b6e0" + }, + { + "alg": "SHA-1", + "content": "09f6f1e6c1db440d9ad4c3114f17be40f66bb399" + }, + { + "alg": "SHA-256", + "content": "ba97466221c391bd7b7eb6d407f7fac83e5e6725d3a8691aa512e53ae075dfc3" + }, + { + "alg": "SHA-512", + "content": "d53b524543ac922352d3a628831fc7a02ceeb757fd760b94477f02b256a47caac9837259c82ddf5b3cb0e874542176f1383c080a7c3d23b8a5790ac250f70a48" + }, + { + "alg": "SHA3-256", + "content": "61e9ee4a183b317e6fadeb632804a04e233af77dedcd5613f19490233f71b8cb" + }, + { + "alg": "SHA3-512", + "content": "333f15cf54e7e9a304e8cdaa9e251ac0859bfb848ddfc2606d86738a89e944adb8879d14f60df632c064f4ab0edb6ff950a7a231121ce8a6b1ff3bca4809750a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-jvm@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "group": "io.dropwizard.metrics", + "name": "metrics-logback", + "version": "4.0.5", + "description": "An instrumented appender for Logback.", + "hashes": [ + { + "alg": "MD5", + "content": "45f97ce9788dad9744ae2e198e5a501b" + }, + { + "alg": "SHA-1", + "content": "306d0d06b0940c6df49031e8dd750e635e4b170f" + }, + { + "alg": "SHA-256", + "content": "89842f9df70d001835bd652c103b1d04d64e1c48bccf396defbdd791299c1903" + }, + { + "alg": "SHA-512", + "content": "bde3d0313531986623fd422fee1506eaf17bd3c53318973c340e4d44ce0104943c5dfcddee6cc8d33cfcf0a0b2fb2aff2b3e653819b39c2c5b76676399683401" + }, + { + "alg": "SHA3-256", + "content": "8233adad697b14559e578618be1ea2c99c907be87da1eab10a5ca9f397dbf46c" + }, + { + "alg": "SHA3-512", + "content": "d4664cd4105ad99b2326da4b727dcf350dba261aa7b26aacb9a064efc1a3da7337988344e8c9d64e08ec34d1586410e465c58e0ec37b389b93c54c7c6ccfde35" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-logback@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "group": "io.dropwizard.metrics", + "name": "metrics-servlets", + "version": "4.0.5", + "description": "A set of utility servlets for Metrics, allowing you to expose valuable information about your production environment.", + "hashes": [ + { + "alg": "MD5", + "content": "e9142eb2da39a0651be8f9190d47ce0e" + }, + { + "alg": "SHA-1", + "content": "983dacbfd04ec22b49f9e2256a5d41694ce7d4cc" + }, + { + "alg": "SHA-256", + "content": "607381f05808cd31dfc09354db4b015e483be053276a85930050024515fae4da" + }, + { + "alg": "SHA-512", + "content": "797fc4d430b4797b4bcc6d854ac39fd7e0c4da73bda04152473c3f5ab06a36bfeaf326c8edb657de75a613efcce658364fb0aaf15ff6a13c6e62b5795c6a464b" + }, + { + "alg": "SHA3-256", + "content": "d840fcd8a9f0721e4cd392c6e30f1f52f4d411f1138b9e11336a5393f31b80f9" + }, + { + "alg": "SHA3-512", + "content": "a7553a6da55221ee3125757888978188695dfb14511432331f512f29e5c20e5c764e0c801e87818de719df2854d15915516a86d31f99147b9e5ec9b2fd43b701" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "http://www.apache.org/licenses/LICENSE-2.0" + } + } + ], + "purl": "pkg:maven/io.dropwizard.metrics/metrics-servlets@4.0.5?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/dropwizard/metrics/issues/" + }, + { + "type": "vcs", + "url": "http://github.com/dropwizard/metrics/" + } + ] + }, + { + "type": "library", + "bom-ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "group": "org.jvnet.mimepull", + "name": "mimepull", + "version": "1.9.6", + "description": "Provides a streaming API to access attachments parts in a MIME message.", + "hashes": [ + { + "alg": "MD5", + "content": "43a2478389a84b985dbe7b6ae0b3c011" + }, + { + "alg": "SHA-1", + "content": "41c913d791e16f93bc712a8c8a30bb64daa2e9bd" + }, + { + "alg": "SHA-256", + "content": "2d1ee56aa89837ba9ea55431542e7939fa9d425552c2e6c8ddfb3b77877721b7" + }, + { + "alg": "SHA-512", + "content": "38198fef6a8ca9d1af37c269582e87ae6cc7324a1686c8807be90a1edd4b33bb829d03030df1a4f5865bf6f0e6d0fb2a4f3dde265af696ab556f0bf7216ab9b0" + }, + { + "alg": "SHA3-256", + "content": "3d4fac8717b03d2c33c9c8b5145cfec04a312e9021c92c8029d2a2ca60615e0e" + }, + { + "alg": "SHA3-512", + "content": "a7bff1d8fa3287436726ab53ddff800d9a262fbf7801b85f50b7f29dbd017ff430f2effa9e6e95b44772ec0c349632374b9291292d2eb24f0fed1313dba15ee9" + } + ], + "licenses": [ + { + "license": { + "id": "GPL-2.0-with-classpath-exception" + } + } + ], + "purl": "pkg:maven/org.jvnet.mimepull/mimepull@1.9.6?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.oracle.com/" + }, + { + "type": "issue-tracker", + "url": "http://java.net/jira/browse/mimepull" + }, + { + "type": "mailing-list", + "url": "http://java.net/projects/mimepull/lists/users/archive" + }, + { + "type": "vcs", + "url": "http://java.net/projects/mimepull/sources/svn/show/tags/mimepull-1.9.6" + }, + { + "type": "distribution", + "url": "https://maven.java.net/service/local/staging/deploy/maven2/" + } + ] + }, + { + "type": "library", + "bom-ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "group": "org.mockito", + "name": "mockito-core", + "version": "2.24.0", + "description": "Mockito mock objects library core API and implementation", + "hashes": [ + { + "alg": "MD5", + "content": "73056e7138623c31ab0ad3c421c695b8" + }, + { + "alg": "SHA-1", + "content": "969a7bcb6f16e076904336ebc7ca171d412cc1f9" + }, + { + "alg": "SHA-256", + "content": "ae8fd3becb2a8e262507a9df85e54a6e41c5ae3a34cda5495abef6299a587ff6" + }, + { + "alg": "SHA-512", + "content": "2bde38797a3902909027ec12a58a7adbc5ce86f5f095ee5787b4c12fe873c6ae96bf7e9024c1347eaa189af66b988668d1886dc110118b22eb6c4436e3cceb66" + }, + { + "alg": "SHA3-256", + "content": "30f96a62ee0c4795e9039288888791e0192f1e7a522ecad28200f01135c132bb" + }, + { + "alg": "SHA3-512", + "content": "1afd1e02b726b5b0fc8ee4ff3e2e678c780bf642041e54a7f7c3b136adf7c6d9ae23df2454572ae619279d9e712d5444c55c3c3fee7883b621312331aa7b626a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:maven/org.mockito/mockito-core@2.24.0?type=jar", + "externalReferences": [ + { + "type": "build-system", + "url": "https://travis-ci.org/mockito/mockito" + }, + { + "type": "issue-tracker", + "url": "https://github.com/mockito/mockito/issues" + }, + { + "type": "vcs", + "url": "https://github.com/mockito/mockito.git" + } + ] + }, + { + "type": "library", + "bom-ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "group": "org.objenesis", + "name": "objenesis", + "version": "2.6", + "description": "A library for instantiating Java objects", + "hashes": [ + { + "alg": "MD5", + "content": "5ffac3f51405ca9b2915970a224b3e8f" + }, + { + "alg": "SHA-1", + "content": "639033469776fd37c08358c6b92a4761feb2af4b" + }, + { + "alg": "SHA-256", + "content": "5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d" + }, + { + "alg": "SHA-512", + "content": "23a593bded8cb43236faad2018b008da47bf4e29cc60c2e98fd4f2ed578fe2baddd3a98547dc14273017c82cb19ce8eaaab71d49273411856a2ba1a5d51015fc" + }, + { + "alg": "SHA3-256", + "content": "1fce020475bd27d7eac3a3693e9c6992032739ef6db205c7751c92f8aba4d67a" + }, + { + "alg": "SHA3-512", + "content": "ec2154e3bb9fa0b74079d4f21af3aa0ae17444da63aa1061d87aac646c070b3733673a4d0880ca58f974dc3358d7b1c6161bf030260474b36b4bae677b777b08" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.objenesis/objenesis@2.6?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://api.bintray.com/maven/easymock/maven/objenesis/;publish=1" + }, + { + "type": "vcs", + "url": "https://github.com/easymock/objenesis" + } + ] + }, + { + "type": "library", + "bom-ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "group": "org.opentest4j", + "name": "opentest4j", + "version": "1.1.0", + "description": "Open Test Alliance for the JVM", + "hashes": [ + { + "alg": "MD5", + "content": "2edf96ac5b535198bd3a2e31309f779c" + }, + { + "alg": "SHA-1", + "content": "c8e2a3e3bc7f3e4bb5075306452db5290f9b117a" + }, + { + "alg": "SHA-256", + "content": "65a5fd7380f53aac708bcee3091dbe2dba73a9a2e7645b66e70e0804fc36ee3b" + }, + { + "alg": "SHA-512", + "content": "bb72a65673bec0af3d420e96edcc1e3152bdbd0f670e2e09172f00f05549fa3b0a07c40ed2dbeec75da6e548623afa4e343343cca15a7a016aaa6c3e48ab0765" + }, + { + "alg": "SHA3-256", + "content": "f12567dc83accfc6c4022f0941f37a3169cc0697ebbf67a4261136180c2d8a2c" + }, + { + "alg": "SHA3-512", + "content": "401aa77733f4ceab47f51b797844f597947cf31a5b76f5c46c6a28980bff30942b783e79e8ab5b5f8ce63d64e8152b6f71b96cc1d500234a8a8e2dd24f734441" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.opentest4j/opentest4j@1.1.0?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "https://github.com/ota4j-team/opentest4j" + } + ] + }, + { + "type": "library", + "bom-ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "group": "org.glassfish.hk2", + "name": "osgi-resource-locator", + "version": "1.0.1", + "description": "See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information", + "hashes": [ + { + "alg": "MD5", + "content": "51e70ad8fc9d1e9fb19debeb55555b75" + }, + { + "alg": "SHA-1", + "content": "4ed2b2d4738aed5786cfa64cba5a332779c4c708" + }, + { + "alg": "SHA-256", + "content": "775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843" + }, + { + "alg": "SHA-512", + "content": "e064a477d5b1f8c56b4741ba606eed764b779a5d9870b8c193771bf0d904350aed839ab21602dbf5f376f7208b8ca24f64504d73ec6a0c5c08c5f0abc7c466d4" + }, + { + "alg": "SHA3-256", + "content": "c7cb2d64874992826818c594f02bf40f46d9ad4787d6575bfb656b35b7b6af0d" + }, + { + "alg": "SHA3-512", + "content": "5c57aa6eb98272226cbdebd803a5b11a27422340f47e5541a5bf6bb776f64bfcda548ffd345e900a7c7624b9a016aecacd8e009a13fe2c2cae86e8ff8e7289f2" + } + ], + "licenses": [ + { + "expression": "(CDDL-1.0 OR GPL-2.0-with-classpath-exception)" + } + ], + "purl": "pkg:maven/org.glassfish.hk2/osgi-resource-locator@1.0.1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "https://glassfish.dev.java.net" + } + ] + }, + { + "type": "library", + "bom-ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "group": "com.papertrail", + "name": "profiler", + "version": "1.0.2", + "description": "A pure-java implementation of the twitter/util project's `CpuProfile` and related classes.", + "hashes": [ + { + "alg": "MD5", + "content": "b6cb78e7d8a5c4ed1ad259afc4f7c793" + }, + { + "alg": "SHA-1", + "content": "138093a4ed2da6f0b07a2a2335584bd5a7d53bff" + }, + { + "alg": "SHA-256", + "content": "188ec41349472a0c50fbe7e4cdcc6d6c8968ad6cd9047effeaa6a5c111f9074d" + }, + { + "alg": "SHA-512", + "content": "447a1e7d47cb7c3974e09c8e5ea1fdf6c9c4dfe377cffbba501edab474e136ec252406c5dde8fc7387b9fab983a7970764c23c93b8fb842f676da8c3bd01e013" + }, + { + "alg": "SHA3-256", + "content": "b68b7d44bde32b5a2995629eb2742bde9e3f373cb08230f67624160b91432160" + }, + { + "alg": "SHA3-512", + "content": "2fdb36567b1dcfb26e9e02abb70277e2e9040983c5755372716aa71a22cf46807501effa5931e0e65152f1efbe9e7449ff5b00cdaaddc15f1cfeeb3600904b7b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/com.papertrail/profiler@1.0.2?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "http://svn.sonatype.org/spice/tags/oss-parent-7" + } + ] + }, + { + "type": "library", + "bom-ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "group": "org.slf4j", + "name": "slf4j-api", + "version": "1.7.26", + "description": "The slf4j API", + "hashes": [ + { + "alg": "MD5", + "content": "60ec8751be37d54a2aa1b6178f87b968" + }, + { + "alg": "SHA-1", + "content": "77100a62c2e6f04b53977b9f541044d7d722693d" + }, + { + "alg": "SHA-256", + "content": "6d9e5b86cfd1dd44c676899285b5bb4fa0d371cf583e8164f9c8a0366553242b" + }, + { + "alg": "SHA-512", + "content": "a944468440a883bb3bde1f78d39abe43a90b6091fd9f1a70430ac10ea91b308b2ef035e4836d68ba97afdba2b04f62edece204278aaa416276a5f8596f8688af" + }, + { + "alg": "SHA3-256", + "content": "195320dbd33e0ecc96b7c23818454658870c7f4c7bb746dae4516bc4983ab158" + }, + { + "alg": "SHA3-512", + "content": "830b0c50cdd9f45cfe4be31f0c775f632399060db58050ce702e476321ef29dcc17f49f872e7023e995c6ee1c2e06f2f1ea115aa45807569ecef83af3385f5cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:maven/org.slf4j/slf4j-api@1.7.26?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://www.qos.ch" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "vcs", + "url": "https://github.com/qos-ch/slf4j" + } + ] + }, + { + "type": "library", + "bom-ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "group": "org.yaml", + "name": "snakeyaml", + "version": "1.23", + "description": "YAML 1.1 parser and emitter for Java", + "hashes": [ + { + "alg": "MD5", + "content": "64ec8bd26b6d5034a87ecb1c8ce0efdc" + }, + { + "alg": "SHA-1", + "content": "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68" + }, + { + "alg": "SHA-256", + "content": "13009fb5ede3cf2be5a8d0f1602155aeaa0ce5ef5f9366892bd258d8d3d4d2b1" + }, + { + "alg": "SHA-512", + "content": "8091467927dc88fe2741f85c6e429914f4306e7a1183e52090ccc7d617ca5279ba42b03ffc8cd1a914b6c3dc4151bd731757e72592e9c1b23346781936ac9fc7" + }, + { + "alg": "SHA3-256", + "content": "18f63155a18c783a0d47afa987a0dcc39f688da527047ccd48c694810ac5adf2" + }, + { + "alg": "SHA3-512", + "content": "59d1edd895705b667a65c3bada2c1b6c4109f82a03a2a18878d3310ac6e41bb3e47f821e87ffdcd2d2320b2f63c13a8748214fa9ea851c7b0b4d8fca07250c8a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.yaml/snakeyaml@1.23?type=jar", + "externalReferences": [ + { + "type": "issue-tracker", + "url": "https://bitbucket.org/asomov/snakeyaml/issues" + }, + { + "type": "vcs", + "url": "https://bitbucket.org/asomov/snakeyaml/src" + } + ], + "affectingVulnerabilities": [ + "210a5c45-88ac-4c1f-a5f4-f93c7af6f59e", + "63a53dc7-5769-43dc-a053-50ccd5295d8b", + "5ab41975-23cc-45e0-9a13-be603ea00595", + "dff65990-715e-4f71-aace-60d4436af108", + "d55a9a55-cf82-483f-9a7c-8bf5395ce510", + "6c215a04-8ea0-421f-961b-d5cceb64fd13", + "38c08d91-3487-44c4-b258-d5a274a4ad05", + "da9ea5d3-a3c2-4d1b-8425-a799e47a804f" + ] + }, + { + "type": "library", + "bom-ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "group": "org.antlr", + "name": "stringtemplate", + "version": "4.0.2", + "description": "StringTemplate is a java template engine for generating source code, web pages, emails, or any other formatted text output. StringTemplate is particularly good at multi-targeted code generators, multiple site skins, and internationalization/localization. It evolved over years of effort developing jGuru.com. StringTemplate also generates the stringtemplate website: http://www.stringtemplate.org and powers the ANTLR v3 code generator. Its distinguishing characteristic is that unlike other engines, it strictly enforces model-view separation. Strict separation makes websites and code generators more flexible and maintainable; it also provides an excellent defense against malicious template authors. There are currently about 600 StringTemplate source downloads a month.", + "hashes": [ + { + "alg": "MD5", + "content": "b270a7b34c953cbae921a4080d5cdc0f" + }, + { + "alg": "SHA-1", + "content": "e28e09e2d44d60506a7bcb004d6c23ff35c6ac08" + }, + { + "alg": "SHA-256", + "content": "8056d5586e1b18d3def6347b5d020a85722d850bb9f4d7a9aafe4f842c651ef9" + }, + { + "alg": "SHA-512", + "content": "cd396cbc93d096812700c3a05e4b548c31d73c5f1f66f12bdd3364218de591cefb76e1f0557e83204285f1e868f0f327cf556bb32c4552e0a3537cf6ac1efa43" + }, + { + "alg": "SHA3-256", + "content": "d79aa95dd924c18de8f5ef5fc510f92cecb781d5724ba9b948e8658191e920b6" + }, + { + "alg": "SHA3-512", + "content": "da67f10539c0f73ddb56e945f5c7b42aea76411b4067362685f92c916da055f2747176a1524f97f52d7ae0d70898256c9549290448194d6fd99b3bfbff3332a9" + } + ], + "licenses": [ + { + "license": { + "name": "BSD licence", + "url": "http://antlr.org/license.html" + } + } + ], + "purl": "pkg:maven/org.antlr/stringtemplate@4.0.2?type=jar", + "externalReferences": [ + { + "type": "vcs", + "url": "http://fisheye2.cenqua.com/browse/stringtemplate" + } + ] + }, + { + "type": "library", + "bom-ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "group": "org.apache.tomcat", + "name": "tomcat-jdbc", + "version": "9.0.16", + "description": "Tomcat JDBC Pool Package", + "hashes": [ + { + "alg": "MD5", + "content": "b673d21c2c73b44c6fdee89f6c9995fc" + }, + { + "alg": "SHA-1", + "content": "5304a28c25bb88c57da9561e4ed0bbfcc72dcb4a" + }, + { + "alg": "SHA-256", + "content": "0fe8cdd9c6a349fbf1d7246b5503f113a4fb11f1e71c2e529308f1dd22ed5019" + }, + { + "alg": "SHA-512", + "content": "698da1e4dda1d18463f885e6b9dfed61c12920af35ccdfc9015ecfbd8f353d0aefde38f1f71f68ea5b2d9f6610df9cde38e8fa6ec0b405a925a861e8ca0de5b1" + }, + { + "alg": "SHA3-256", + "content": "013e3a72e6a19fea3c245ca9989853b836ed598c9b5551c399222a511be6b569" + }, + { + "alg": "SHA3-512", + "content": "bec64a6591071bb6d5e18412eac3eaaa9814c33448bb2f43d6e039e0538ad85f387fd3817915b5928c41aeabb84d3cd90c0c51f783accb38e3344a32fef206ed" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-jdbc@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "group": "org.apache.tomcat", + "name": "tomcat-juli", + "version": "9.0.16", + "description": "Tomcat Core Logging Package", + "hashes": [ + { + "alg": "MD5", + "content": "5dbec493081a051b6868b84881fa6ab9" + }, + { + "alg": "SHA-1", + "content": "b6ef3c1ac1104b6e3fbdc106e194bf2fb5e2e2a8" + }, + { + "alg": "SHA-256", + "content": "cc155efa8104af3d35daf3226284b638b10d9def4074ebf6176cb47b3a264f53" + }, + { + "alg": "SHA-512", + "content": "fd19c0dd3bc60b050065b7c1992c4662f5e02ecc74176528b24a42f03fa42b805ce3529f813e2d0b85f6d21fa46f43a0146069372fbb96dd821bf9778ecb38b0" + }, + { + "alg": "SHA3-256", + "content": "c4782f32dcf2d8516d4b4ae299af008385dc44a92380edab0ced40738ba56b67" + }, + { + "alg": "SHA3-512", + "content": "d37ef89204a97677283c417ceae3031fd89648079e42924bf9c38456b1055442dad8f8f6366da1600feee8e448b59bdff8261e101913b99f24b9dde278469cd7" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.apache.tomcat/tomcat-juli@9.0.16?type=jar" + }, + { + "type": "library", + "bom-ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "group": "org.jadira.usertype", + "name": "usertype.core", + "version": "7.0.0.CR1", + "description": "Classes utilising Joda Time, Joda Money, Libphonenum and JDK Types that add Hibernate support", + "hashes": [ + { + "alg": "MD5", + "content": "808b0b11f96e769c0f7a32d29f1ce7a1" + }, + { + "alg": "SHA-1", + "content": "818991d0b4d8fce6da9f27ea61187111efcae1a1" + }, + { + "alg": "SHA-256", + "content": "a129bfc60f7aceab77cd1363684d267f56629b441bf06f6123f9c0c2972e41fc" + }, + { + "alg": "SHA-512", + "content": "3d7dca13d1586365a94f05ea4a1672ce166773f2a01a584fc149d71b8aaeaa9c109e7e3a7658d8d4da3e91b8f42085ed55acc2a97e1c39a4faea5f6834a741a5" + }, + { + "alg": "SHA3-256", + "content": "f032df418c58acf1ba8307589d176b6e3d5402f1a0830d903b954984ab03bc38" + }, + { + "alg": "SHA3-512", + "content": "1113d2d63ceacdc4df8628448aa15d5de2e155b1a00037dc1570bb6f1553b38f397930036ef637b50519b6d395e3a219cf330ae29cedebeafa786eefd08420c0" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.core@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "group": "org.jadira.usertype", + "name": "usertype.spi", + "version": "7.0.0.CR1", + "description": "Shared dependencies for Usertype jars", + "hashes": [ + { + "alg": "MD5", + "content": "2b16a4d99cf3e6f0695186301dc63e4c" + }, + { + "alg": "SHA-1", + "content": "895f79b8a1c33f2e17ebc839f80ecaf62924e784" + }, + { + "alg": "SHA-256", + "content": "035f9a3cbec935b6da4d0318fd4d5b797db12a6ba0f77293b8603ff8578904f6" + }, + { + "alg": "SHA-512", + "content": "df65994da27e03bf29918e87451738de9017a41d0deb4fa1d7b00353d889fabc30cbfdc8aa8d97fc475cc31b2426b7a859cc0cfc6489b3667e43108539cb6c0f" + }, + { + "alg": "SHA3-256", + "content": "455f3a4522df5251d036af8f916a7ba5a385a1d303a0aa8f56f7563c2ee00042" + }, + { + "alg": "SHA3-512", + "content": "88d0d9476653078ff1c538c0b8c8b3d2714fd13fbe5ef12550d73053edeb1eb967a17e96d4670ffe95ca0eda858afa6a6b27033028036b646180c00a7ec46aa4" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/org.jadira.usertype/usertype.spi@7.0.0.CR1?type=jar", + "externalReferences": [ + { + "type": "website", + "url": "http://blog.jadira.co.uk/" + }, + { + "type": "build-system", + "url": "http://jenkins.jadira.co.uk/" + }, + { + "type": "distribution", + "url": "https://oss.sonatype.org/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "https://jadira.atlassian.net/browse/JDF/" + }, + { + "type": "mailing-list", + "url": "https://sourceforge.net/mailarchive/forum.php?forum_name=jadira-discuss" + } + ] + }, + { + "type": "library", + "bom-ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "group": "javax.validation", + "name": "validation-api", + "version": "1.1.0.Final", + "description": "Bean Validation API", + "hashes": [ + { + "alg": "MD5", + "content": "4c257f52462860b62ab3cdab45f53082" + }, + { + "alg": "SHA-1", + "content": "8613ae82954779d518631e05daa73a6a954817d5" + }, + { + "alg": "SHA-256", + "content": "f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed" + }, + { + "alg": "SHA-512", + "content": "bc137c5f7fa6b7092f9fc233d8be7d21d6767f8aa51c2e934b73692c82d28dbb410f55674d7b5a0e1523b514654339277b535b7f5bb01d457a11aba2eca3bbed" + }, + { + "alg": "SHA3-256", + "content": "469fa33a7d6854ac73627c8b4d281165c26dbcb21e645df792c3144453ab3129" + }, + { + "alg": "SHA3-512", + "content": "a042781692aaaa9458be722d0437484c5f1fd8f3f4955c00008224caebeb671ab93740052599ce2f5feab8d7ec712c72786492f7c7ca1c27c25425545b05a91e" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:maven/javax.validation/validation-api@1.1.0.Final?type=jar", + "externalReferences": [ + { + "type": "distribution", + "url": "https://repository.jboss.org/nexus/service/local/staging/deploy/maven2/" + }, + { + "type": "issue-tracker", + "url": "http://opensource.atlassian.com/projects/hibernate/browse/BVAL" + }, + { + "type": "vcs", + "url": "https://github.com/beanvalidation/beanvalidation-api" + } + ] + } + ], + "dependencies": [ + { + "ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "dependsOn": [] + }, + { + "ref": "852a6a22-c817-4aa5-b076-7eec1af8e9ef", + "dependsOn": [] + }, + { + "ref": "2687d928-5b18-4ce5-ab4c-8ef513f0b48c", + "dependsOn": [] + }, + { + "ref": "da25e363-473d-4f84-9f46-8e09c7ec7c28", + "dependsOn": [] + }, + { + "ref": "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "dependsOn": [] + }, + { + "ref": "7176887b-3e41-4f10-9d29-26ec573e2c49", + "dependsOn": [ + "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "f09e69a1-54de-4e7b-802a-adda10a1c7be" + ] + }, + { + "ref": "517c6455-0a2e-4e78-8d4b-88837bb5244c", + "dependsOn": [] + }, + { + "ref": "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "dependsOn": [] + }, + { + "ref": "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "dependsOn": [] + }, + { + "ref": "a68365f2-a8c0-4b43-8724-025a9add90cc", + "dependsOn": [] + }, + { + "ref": "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "dependsOn": [] + }, + { + "ref": "91658b5a-2478-4653-a3e4-f62c4f58f87b", + "dependsOn": [] + }, + { + "ref": "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "dependsOn": [] + }, + { + "ref": "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "dependsOn": [] + }, + { + "ref": "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e", + "dependsOn": [] + }, + { + "ref": "757cef7a-83f2-4973-832d-67849ca42b69", + "dependsOn": [] + }, + { + "ref": "7b1c11dd-7462-451d-a5b1-0fbd56708727", + "dependsOn": [] + }, + { + "ref": "93a8597b-e82a-4726-8e16-849d026f7b98", + "dependsOn": [] + }, + { + "ref": "ebf5150b-055e-45d4-82e5-eebc38ffea70", + "dependsOn": [] + }, + { + "ref": "627bb70b-4b85-4801-8239-f03de04ca5db", + "dependsOn": [] + }, + { + "ref": "fb69639e-65c6-4e4f-9b19-8db65e9569da", + "dependsOn": [] + }, + { + "ref": "a4c812d7-526d-4a8d-a4cd-8de155e4fc6e", + "dependsOn": [] + }, + { + "ref": "8f623f35-20a5-476b-b1df-1487028bc6db", + "dependsOn": [ + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "893beba4-580b-4ada-a4cf-067fbe145507", + "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b" + ] + }, + { + "ref": "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "dependsOn": [ + "55086fc5-4c36-45b5-9569-fdafa26e075d", + "757cef7a-83f2-4973-832d-67849ca42b69", + "93a8597b-e82a-4726-8e16-849d026f7b98" + ] + }, + { + "ref": "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "dependsOn": [ + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "370d779c-d1ea-4d92-8e70-1ad325e94298", + "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "65c8e5ac-baa7-4b18-8320-b3742c7401ae", + "b692a425-dca6-4bed-af67-5855cb40dbcf", + "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "881df936-411d-4bb3-b464-6edcf14c671c", + "ac21cab7-b535-4294-8a61-b10b62918666", + "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "80b88754-8b78-4597-bc4f-47788add0031", + "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "5978be79-e890-48b1-8f11-40416ee5bb61", + "5aed0617-3613-43e7-94d2-105b2af0b00d", + "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "a3e61462-d2a5-47c4-8b59-7e9a9cb7e6c3", + "96cf7115-b31d-4c98-bae2-952c601d3878" + ] + }, + { + "ref": "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631", + "daabc9e2-1ec3-4d10-9251-69ab9834b02a" + ] + }, + { + "ref": "75ac9a04-e251-4a82-8e39-c1aa49b0ed81", + "dependsOn": [ + "ea1f023d-0390-4558-8696-dc8d566dd95e" + ] + }, + { + "ref": "09c6fbbd-8cf9-4b5b-9ed5-bdc8d066887f", + "dependsOn": [ + "58e68d03-5ae3-424e-a51b-822ceb9e8643", + "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "8c0378f7-4c0e-4ee3-849d-740b0035c371" + ] + }, + { + "ref": "1df1add2-a44b-4b75-9ac4-372dc99b7888", + "dependsOn": [ + "55521fe9-aed2-403e-9df2-75fc5af90f54", + "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "79b01257-3e61-49f7-8600-2042bde4702b", + "b4ca2dc7-9d68-4737-9afc-dea82759cd45" + ] + }, + { + "ref": "370d779c-d1ea-4d92-8e70-1ad325e94298", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "c2dbe746-304a-4e35-88f0-69943d701fe5", + "5694b066-2847-4855-8230-77e902b37502", + "4634319e-cca2-4c02-8372-222f43bd35ba", + "648c2811-d754-45aa-9160-8f018ab4aab9", + "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "85776385-c1af-42fa-a0ac-21ecf796742f" + ] + }, + { + "ref": "881df936-411d-4bb3-b464-6edcf14c671c", + "dependsOn": [ + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "1b61648b-2106-4c86-ad10-79411c0ce338", + "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "71f396a0-0285-465e-8ce3-6eacb47be941", + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "19cdb89b-f552-4df4-9b10-7dc0ac4234b3", + "dependsOn": [ + "bd750137-b073-47d5-891a-e48c192cfcba", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "423d6189-7ce4-4931-9c74-3b58517df601", + "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "c1abfd09-121f-418c-befa-4d6b9e164769" + ] + }, + { + "ref": "1d12f487-9f6e-4658-98ad-395ce4475ad9", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967", + "4e012695-d45a-4296-b37b-54a8b6893a50", + "07bcc4f4-aea2-4d70-a1d8-eac57f88758c" + ] + }, + { + "ref": "b692a425-dca6-4bed-af67-5855cb40dbcf", + "dependsOn": [ + "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "2f225da8-8da3-429b-a014-effeea8c71eb", + "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "e36cfe6c-5955-40dd-8f4f-09c43087ac53" + ] + }, + { + "ref": "2a741bac-adc5-492c-a149-20cc8eee8cc8", + "dependsOn": [] + }, + { + "ref": "e7abb629-e6fe-4cc5-9cb6-7fad9efd0f40", + "dependsOn": [ + "0476a31c-6a89-45b2-8e9b-8d4a725d06eb" + ] + }, + { + "ref": "912e97a4-04ac-4602-8b40-8020a0ca5d25", + "dependsOn": [ + "ab3bfc00-8d35-4a4d-b314-86573681d910", + "36fc309f-d086-43d6-b660-5de275ee630f" + ] + }, + { + "ref": "f3f5aa50-4cdd-4db5-b0ad-df2373c6fb49", + "dependsOn": [ + "df3cc349-8f4d-4d7e-82ab-1309f17741d3" + ] + }, + { + "ref": "ac21cab7-b535-4294-8a61-b10b62918666", + "dependsOn": [ + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "fef6bc42-e89b-4bd7-8aaa-c630e85591a2", + "dependsOn": [ + "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "94379ad3-19a6-4b21-a049-ca0b762d8c13" + ] + }, + { + "ref": "07bcc4f4-aea2-4d70-a1d8-eac57f88758c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "9623a310-0e79-4f71-b9a7-b7046f1fbf30", + "dependsOn": [ + "0d0caea7-65ca-4504-b50a-80e480879f5f", + "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d" + ] + }, + { + "ref": "d6394138-9591-4141-9a76-4c3082ff2ed4", + "dependsOn": [ + "cfbf2e22-cc3f-4993-a6c0-bcb367a74631" + ] + }, + { + "ref": "8b18e6e1-3249-42f7-8521-89c9b99b0c8e", + "dependsOn": [ + "d6394138-9591-4141-9a76-4c3082ff2ed4", + "5b865504-bea5-4b92-ae5e-46553e01093c" + ] + }, + { + "ref": "a0804121-410f-4e8f-a374-4fca7dd185b0", + "dependsOn": [ + "ebf5150b-055e-45d4-82e5-eebc38ffea70" + ] + }, + { + "ref": "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "dependsOn": [] + }, + { + "ref": "c9381862-0cc8-48d6-9b97-82f00d12cdb7", + "dependsOn": [] + }, + { + "ref": "5b865504-bea5-4b92-ae5e-46553e01093c", + "dependsOn": [] + }, + { + "ref": "1a021b8e-d143-4072-84f0-0e18292f1967", + "dependsOn": [ + "fba3b85d-fb95-43d0-b534-0fc515cc831c", + "aa9df662-3606-433f-abf6-8d2ba8dbed4a", + "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "da25e363-473d-4f84-9f46-8e09c7ec7c28" + ] + }, + { + "ref": "c19e7b95-5753-489e-b720-c9dd79f15cc8", + "dependsOn": [] + }, + { + "ref": "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7", + "dependsOn": [] + }, + { + "ref": "21c7c10d-e7a9-4e82-893a-aa82f11f6dca", + "dependsOn": [] + }, + { + "ref": "8c0378f7-4c0e-4ee3-849d-740b0035c371", + "dependsOn": [ + "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "f09e69a1-54de-4e7b-802a-adda10a1c7be", + "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd", + "627bb70b-4b85-4801-8239-f03de04ca5db", + "21c7c10d-e7a9-4e82-893a-aa82f11f6dca" + ] + }, + { + "ref": "bc3daea8-1de6-4319-b0fa-c36672bfae58", + "dependsOn": [] + }, + { + "ref": "0d0caea7-65ca-4504-b50a-80e480879f5f", + "dependsOn": [ + "c454f700-0d16-4956-a210-03d9073b6d12", + "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "ac5b39ec-8be2-4131-a679-d4c4bfc5d5dd" + ] + }, + { + "ref": "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "dependsOn": [ + "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "517c6455-0a2e-4e78-8d4b-88837bb5244c" + ] + }, + { + "ref": "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "dependsOn": [] + }, + { + "ref": "c8a6d735-c53d-4d8e-a1aa-ea869a30f869", + "dependsOn": [] + }, + { + "ref": "f4a06b14-3945-4381-b3dd-b46407b02b6b", + "dependsOn": [ + "d2a5e2bf-ead6-4768-866a-385166eb6709" + ] + }, + { + "ref": "d2a5e2bf-ead6-4768-866a-385166eb6709", + "dependsOn": [] + }, + { + "ref": "55521fe9-aed2-403e-9df2-75fc5af90f54", + "dependsOn": [ + "f4a06b14-3945-4381-b3dd-b46407b02b6b" + ] + }, + { + "ref": "893beba4-580b-4ada-a4cf-067fbe145507", + "dependsOn": [ + "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "f2e4e883-e3c0-4e0b-9853-3739f3aeda3e" + ] + }, + { + "ref": "1a5b616d-beeb-422e-aa26-63a8a4181c4e", + "dependsOn": [] + }, + { + "ref": "026156fa-3bff-4bbd-894a-36d1b3be8f3d", + "dependsOn": [] + }, + { + "ref": "cdd49ec5-1b07-46eb-be80-02048d7796ae", + "dependsOn": [] + }, + { + "ref": "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "dependsOn": [] + }, + { + "ref": "1e0c53af-376a-4ca0-9d2e-38811dd17cba", + "dependsOn": [] + }, + { + "ref": "55086fc5-4c36-45b5-9569-fdafa26e075d", + "dependsOn": [ + "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd" + ] + }, + { + "ref": "c2dbe746-304a-4e35-88f0-69943d701fe5", + "dependsOn": [] + }, + { + "ref": "5cd25b5b-2542-435f-b97d-6e4561bc5b6d", + "dependsOn": [ + "6b5fc35d-b114-4455-aa14-0a67248ee6bd", + "1e0c53af-376a-4ca0-9d2e-38811dd17cba" + ] + }, + { + "ref": "4634319e-cca2-4c02-8372-222f43bd35ba", + "dependsOn": [] + }, + { + "ref": "c77ae27c-57dd-4e9b-b6b1-e6ce98a41888", + "dependsOn": [] + }, + { + "ref": "5694b066-2847-4855-8230-77e902b37502", + "dependsOn": [] + }, + { + "ref": "014723b6-3b73-414b-a760-da7bb1ab988d", + "dependsOn": [] + }, + { + "ref": "38ce4a49-93cb-4508-a1ab-d4cfbf364e48", + "dependsOn": [ + "014723b6-3b73-414b-a760-da7bb1ab988d", + "7a6724fd-3628-46d2-8de5-9059e6ec494c" + ] + }, + { + "ref": "8fb33937-22be-4bae-b750-c8e4dd1e28e4", + "dependsOn": [] + }, + { + "ref": "7a6724fd-3628-46d2-8de5-9059e6ec494c", + "dependsOn": [] + }, + { + "ref": "648c2811-d754-45aa-9160-8f018ab4aab9", + "dependsOn": [] + }, + { + "ref": "f0a1c5d8-06ba-4dc6-9051-1bc3529609c3", + "dependsOn": [] + }, + { + "ref": "1aa6eac8-8847-4b9e-88e5-6bfe517a450d", + "dependsOn": [] + }, + { + "ref": "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "dependsOn": [] + }, + { + "ref": "89a8e601-3e7c-4f9f-b4fc-d6ddb15909f3", + "dependsOn": [] + }, + { + "ref": "8dc0d897-c489-493c-a4b6-c5384d663c85", + "dependsOn": [] + }, + { + "ref": "25416803-852c-4475-bf84-2bf849ea6a56", + "dependsOn": [] + }, + { + "ref": "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "dependsOn": [] + }, + { + "ref": "a34a6a71-d883-47b3-b6eb-e87238cffb51", + "dependsOn": [] + }, + { + "ref": "b8d1f31a-736f-4134-9f3b-b5b85376c82e", + "dependsOn": [] + }, + { + "ref": "a309ae04-449e-4c6d-92cb-072fb307f9ad", + "dependsOn": [] + }, + { + "ref": "abf48398-6ee7-4f0e-b31b-610aa1d2ee41", + "dependsOn": [] + }, + { + "ref": "fdc0c715-ab35-4720-b389-9d7a5cb687d1", + "dependsOn": [ + "7176887b-3e41-4f10-9d29-26ec573e2c49", + "85776385-c1af-42fa-a0ac-21ecf796742f", + "c9381862-0cc8-48d6-9b97-82f00d12cdb7" + ] + }, + { + "ref": "494fa830-ab7c-4795-90fb-25dbeae940a0", + "dependsOn": [ + "1a021b8e-d143-4072-84f0-0e18292f1967" + ] + }, + { + "ref": "4d09195e-f65d-4f29-b0dc-a19cb888c23c", + "dependsOn": [ + "7e266974-a702-488c-99f6-258ccf14f0f3" + ] + }, + { + "ref": "ebd37e00-5623-49a2-af33-aeda69d2127a", + "dependsOn": [] + }, + { + "ref": "5f5eb96a-2c89-4cfd-adce-d0cf49c85d9b", + "dependsOn": [] + }, + { + "ref": "1b61648b-2106-4c86-ad10-79411c0ce338", + "dependsOn": [] + }, + { + "ref": "dd4f3e68-5483-4177-9ee9-987774aea94f", + "dependsOn": [] + }, + { + "ref": "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dependsOn": [ + "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "3d67ecbd-3ee2-437b-800b-d137ccd17d46" + ] + }, + { + "ref": "82cd08db-9df5-488f-be94-6f3b554dfa9b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "ad836327-5c0c-495e-bb92-9e17bda31d81", + "dependsOn": [] + }, + { + "ref": "f72b7435-4703-4eea-8a0e-b7991aaa5565", + "dependsOn": [] + }, + { + "ref": "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "dependsOn": [] + }, + { + "ref": "ea1f023d-0390-4558-8696-dc8d566dd95e", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "75ac24b0-9039-45fe-842d-ccecdd3c62e1" + ] + }, + { + "ref": "ea5b13fb-dba0-4d9a-b5ec-ac31e806905d", + "dependsOn": [] + }, + { + "ref": "4607f688-0845-494b-b2d4-9ee41c19d4f4", + "dependsOn": [] + }, + { + "ref": "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dependsOn": [ + "d3585f46-bcb2-47e2-86d3-b48954cf7bb7", + "dd4f3e68-5483-4177-9ee9-987774aea94f", + "837f075b-d753-4d9e-a827-1d9f9f5e08b3", + "65cd86ab-8ef7-4e97-b8b2-ea7f9f2d3b02", + "856bdbf0-98a8-4f05-950b-f6603c23a8c6", + "6aede12b-b7ba-4bf9-b3fb-63a853074ccd", + "8dc0d897-c489-493c-a4b6-c5384d663c85", + "cce11866-0e96-4a46-9b49-dbee3ab30c8b", + "c454f700-0d16-4956-a210-03d9073b6d12" + ] + }, + { + "ref": "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "dependsOn": [ + "ad836327-5c0c-495e-bb92-9e17bda31d81" + ] + }, + { + "ref": "94379ad3-19a6-4b21-a049-ca0b762d8c13", + "dependsOn": [ + "60844efd-9e68-4684-adf6-b7cc9e09a53b", + "aab91e2b-b26c-4248-9535-f3e8db0b0883", + "dd4f3e68-5483-4177-9ee9-987774aea94f" + ] + }, + { + "ref": "d1ee3fc3-d1b2-4aa2-a396-7df4e36d7432", + "dependsOn": [] + }, + { + "ref": "b4ca2dc7-9d68-4737-9afc-dea82759cd45", + "dependsOn": [] + }, + { + "ref": "79b01257-3e61-49f7-8600-2042bde4702b", + "dependsOn": [] + }, + { + "ref": "f0e1d440-763b-4714-9bec-6bf081f12b9e", + "dependsOn": [] + }, + { + "ref": "50a898e1-523d-4041-9250-b25394071a77", + "dependsOn": [] + }, + { + "ref": "efb2d239-5a37-49aa-9995-47e7be07304a", + "dependsOn": [] + }, + { + "ref": "c1abfd09-121f-418c-befa-4d6b9e164769", + "dependsOn": [] + }, + { + "ref": "be69e2b9-e673-42a8-98f1-e6d3be74c272", + "dependsOn": [] + }, + { + "ref": "4473173b-92a4-4b6f-aa40-3b0479fe60ee", + "dependsOn": [] + }, + { + "ref": "4e012695-d45a-4296-b37b-54a8b6893a50", + "dependsOn": [ + "25416803-852c-4475-bf84-2bf849ea6a56", + "c1abfd09-121f-418c-befa-4d6b9e164769", + "be69e2b9-e673-42a8-98f1-e6d3be74c272" + ] + }, + { + "ref": "423d6189-7ce4-4931-9c74-3b58517df601", + "dependsOn": [ + "4473173b-92a4-4b6f-aa40-3b0479fe60ee" + ] + }, + { + "ref": "7f8bcab9-2ea2-4fde-bdc4-fc0840ce0bfc", + "dependsOn": [ + "efb2d239-5a37-49aa-9995-47e7be07304a" + ] + }, + { + "ref": "96cf7115-b31d-4c98-bae2-952c601d3878", + "dependsOn": [] + }, + { + "ref": "e36cfe6c-5955-40dd-8f4f-09c43087ac53", + "dependsOn": [] + }, + { + "ref": "71f396a0-0285-465e-8ce3-6eacb47be941", + "dependsOn": [ + "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "423d6189-7ce4-4931-9c74-3b58517df601" + ] + }, + { + "ref": "39e5b7f2-b34e-4d46-8f70-841e0ef6a3b9", + "dependsOn": [] + }, + { + "ref": "54231d23-1a18-4b9c-a4cf-1e55aefcbf30", + "dependsOn": [ + "186eb402-6ab8-417c-8bbb-4032f9722383", + "7b1c11dd-7462-451d-a5b1-0fbd56708727" + ] + }, + { + "ref": "5472a740-e14c-4068-a5dc-d106c1398a9f", + "dependsOn": [] + }, + { + "ref": "7e266974-a702-488c-99f6-258ccf14f0f3", + "dependsOn": [] + }, + { + "ref": "186eb402-6ab8-417c-8bbb-4032f9722383", + "dependsOn": [] + }, + { + "ref": "3a173ea8-528f-40e0-8659-f26c89ca71dd", + "dependsOn": [] + }, + { + "ref": "c5699c79-88a7-4667-b44f-5c3ec4f53fdd", + "dependsOn": [] + }, + { + "ref": "8005328c-f1b3-4ac3-8aa6-1e5013d8cef2", + "dependsOn": [ + "85fcaba4-d7bb-415a-9d6e-8e1432e6a1b7" + ] + }, + { + "ref": "7a60c1f8-0819-4133-aa05-ece823ae5494", + "dependsOn": [] + }, + { + "ref": "a34dd467-b5d1-4014-bc2e-e7f9e5017bae", + "dependsOn": [ + "fb231fd7-da5f-4a2e-9b22-ea26359edd4e", + "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "7a60c1f8-0819-4133-aa05-ece823ae5494" + ] + }, + { + "ref": "33155de6-f8f2-48a7-ab80-19d8641794bf", + "dependsOn": [] + }, + { + "ref": "a0e7d3ee-2d51-4a08-a013-5b75b697edec", + "dependsOn": [ + "33155de6-f8f2-48a7-ab80-19d8641794bf", + "71a8cbce-c3a6-4797-b3f1-60415f5e1131" + ] + }, + { + "ref": "ab3bfc00-8d35-4a4d-b314-86573681d910", + "dependsOn": [ + "85776385-c1af-42fa-a0ac-21ecf796742f", + "6d8385bd-f9a9-4a97-9031-3a1c717209b7" + ] + }, + { + "ref": "36fc309f-d086-43d6-b660-5de275ee630f", + "dependsOn": [] + }, + { + "ref": "2f225da8-8da3-429b-a014-effeea8c71eb", + "dependsOn": [] + }, + { + "ref": "df3cc349-8f4d-4d7e-82ab-1309f17741d3", + "dependsOn": [] + }, + { + "ref": "6d8385bd-f9a9-4a97-9031-3a1c717209b7", + "dependsOn": [] + }, + { + "ref": "5e7cd916-704f-4746-83a0-ec3850bb3f49", + "dependsOn": [] + }, + { + "ref": "cc245b84-5644-43ff-82a8-82d6ff6ce58a", + "dependsOn": [] + }, + { + "ref": "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "dependsOn": [] + }, + { + "ref": "0476a31c-6a89-45b2-8e9b-8d4a725d06eb", + "dependsOn": [ + "2687d928-5b18-4ce5-ab4c-8ef513f0b48c" + ] + }, + { + "ref": "5aed0617-3613-43e7-94d2-105b2af0b00d", + "dependsOn": [] + }, + { + "ref": "88a1ebea-4757-41a9-91cc-047c07fe0f94", + "dependsOn": [] + }, + { + "ref": "09d37ee7-6931-4191-ba1e-d8f5c8c1f66f", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "d47e0fb9-cbb0-4e5b-90f0-264ef63dca8b", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "ea950eb0-f271-4abc-a5dc-7c60fed3b586", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e", + "cc245b84-5644-43ff-82a8-82d6ff6ce58a" + ] + }, + { + "ref": "bd750137-b073-47d5-891a-e48c192cfcba", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "1f037d99-8070-4b50-8260-1e8ef8765f8d", + "dependsOn": [] + }, + { + "ref": "9c03efc2-c106-4191-980f-b91376b5ab06", + "dependsOn": [] + }, + { + "ref": "80b88754-8b78-4597-bc4f-47788add0031", + "dependsOn": [] + }, + { + "ref": "54f1226e-fb42-44e1-afb3-f5963e327f7c", + "dependsOn": [ + "384a59b8-b897-4318-8a7f-2e02568a9e5e" + ] + }, + { + "ref": "5978be79-e890-48b1-8f11-40416ee5bb61", + "dependsOn": [ + "9c03efc2-c106-4191-980f-b91376b5ab06", + "80a1384b-dee2-4dff-9d74-79d854cdeb2f" + ] + }, + { + "ref": "75ac24b0-9039-45fe-842d-ccecdd3c62e1", + "dependsOn": [] + }, + { + "ref": "0dcaa1ac-b6f5-466b-9bd2-6d8aa5ddbf8c", + "dependsOn": [ + "0052b14c-fb6a-404e-89fb-48cad6d2535d", + "91658b5a-2478-4653-a3e4-f62c4f58f87b" + ] + }, + { + "ref": "b5aed9a4-3863-44c0-b9f2-dff8328ac7cf", + "dependsOn": [] + }, + { + "ref": "71a8cbce-c3a6-4797-b3f1-60415f5e1131", + "dependsOn": [] + }, + { + "ref": "3d67ecbd-3ee2-437b-800b-d137ccd17d46", + "dependsOn": [] + }, + { + "ref": "80a1384b-dee2-4dff-9d74-79d854cdeb2f", + "dependsOn": [] + }, + { + "ref": "85776385-c1af-42fa-a0ac-21ecf796742f", + "dependsOn": [] + }, + { + "ref": "0f2c6b93-4dda-43b7-b7aa-f03f357c5dcd", + "dependsOn": [] + }, + { + "ref": "fffd9ae3-d1b8-4bfc-a83c-063e38e56ce4", + "dependsOn": [] + }, + { + "ref": "daabc9e2-1ec3-4d10-9251-69ab9834b02a", + "dependsOn": [ + "13aba3db-12c7-44d2-895d-130d2897e460" + ] + }, + { + "ref": "13aba3db-12c7-44d2-895d-130d2897e460", + "dependsOn": [] + }, + { + "ref": "3e7afa7e-c1fd-4d82-a68e-075f486c0ba1", + "dependsOn": [ + "3affcf84-19c7-4ac3-91f9-b08980969391" + ] + }, + { + "ref": "3affcf84-19c7-4ac3-91f9-b08980969391", + "dependsOn": [] + }, + { + "ref": "c454f700-0d16-4956-a210-03d9073b6d12", + "dependsOn": [] + } + ], + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "serialNumber": "urn:uuid:dbaf64af-0eec-4ff1-bffe-8b642d1d16c9", + "version": 1, + "metadata": { + "timestamp": "2024-07-08T17:30:28Z", + "tools": [ + { + "vendor": "OWASP", + "name": "Dependency-Track", + "version": "4.11.4" + } + ], + "component": { + "type": "application", + "bom-ref": "602de70a-7107-4ac8-9ad2-3c1c816892a7", + "name": "test 9", + "version": "SNAPSHOT", + "description": "This is the project I want to use to generate data to understand the schema a bit better" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json new file mode 100644 index 0000000000..4df777e680 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json @@ -0,0 +1,178179 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/@mitre/saf@1.4.7", + "title": "@mitre/saf CycloneDX BOM Report", + "version": "1.4.7", + "maintainer": "The MITRE Security Automation Framework", + "summary": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "license": "Apache-2.0", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "bb7e08a6555c552f8096497e3ea8043e91f3425eebe8ddc4e0966c262f7e7635" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + } + } + } + ], + "raw": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ], + "components": [ + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ], + "components": [ + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ], + "components": [ + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ], + "components": [ + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ], + "components": [ + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ], + "components": [ + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ], + "components": [ + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ], + "components": [ + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ], + "components": [ + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ], + "components": [ + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ], + "components": [ + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ], + "components": [ + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ], + "components": [ + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ], + "components": [ + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ], + "components": [ + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ], + "components": [ + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ], + "components": [ + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ], + "components": [ + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ], + "components": [ + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + } + ] + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ], + "components": [ + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ], + "components": [ + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ], + "components": [ + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ], + "components": [ + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ], + "components": [ + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ], + "components": [ + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ], + "components": [ + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ], + "components": [ + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ], + "components": [ + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ], + "components": [ + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ], + "components": [ + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ], + "components": [ + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ], + "components": [ + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ], + "components": [ + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ], + "components": [ + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ], + "components": [ + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ], + "components": [ + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ], + "components": [ + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ], + "components": [ + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json new file mode 100644 index 0000000000..5f559069d2 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json @@ -0,0 +1,88967 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: application/@mitre/saf@1.4.7", + "title": "@mitre/saf CycloneDX BOM Report", + "version": "1.4.7", + "maintainer": "The MITRE Security Automation Framework", + "summary": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "license": "Apache-2.0", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "bb7e08a6555c552f8096497e3ea8043e91f3425eebe8ddc4e0966c262f7e7635" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "type": "library", + "name": "client-config-service", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Config Service Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-config-service@3.590.0#clients/client-config-service", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-config-service", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-config-service", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-config-service/-/client-config-service-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ad29ae81b639104043527461f1bd58d83f0294a7d812a161b7210ff7855d54705dae36775d2b2269d856e08b21e4ed081c2c93ba6c189b90327e25fcb03aa3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service" + } + ] + }, + { + "type": "library", + "name": "sha256-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f152e65b607e82315b539b8c7aab5033a363d3f1756eba3cd31417096e824015a0a2c1565d3c7beda78e17908020099b38aeb849d30125d36be89e35c8fe66bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser" + } + ] + }, + { + "type": "library", + "name": "ie11-detection", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions and types for detecting if the host environment is IE11", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/ie11-detection@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/ie11-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df8d650419226350df0cd29a8bfc173376ae8cd0645d1eedab55113d00cbf708b70146c8f34351ef8b85d535c7326ee9a3501c9c593c8aed92d88794ffefc0f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection" + } + ] + }, + { + "type": "library", + "name": "sha256-js", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha256-js@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha256-js@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha256-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e734dee8b34fb27755ef5c0cb6dc214e9936cc683c60c57b53287c9bac9dfd63c906cc10138011626d624a1fa061cad2c8fd9caccecf3bc4238137206283abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js" + } + ] + }, + { + "type": "library", + "name": "supports-web-crypto", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0", + "author": "AWS Crypto Tools Team", + "description": "Provides functions for detecting if the host environment supports the WebCrypto API", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/supports-web-crypto@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/supports-web-crypto", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d3a84174cc1401bd96153b861bbdcb482d307cfbbddf15b0a39bcbd9eb7d7b29a09aedc8779bc500705b6a355688684f3b7eea72c7426a9fc5a97bc918958f22" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto" + } + ] + }, + { + "type": "library", + "name": "util", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/util@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/util@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/util", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/util/-/util-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8e265a5e269091e3c082f2bfae2950a1cecf48ba7823f70919ae5f19d38d435845afc881c82d82823cdcc98212ac8af8fe4b798ba3a05573b981373771038eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/types@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.577.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "153d896444b7c0128dfda95f9a1968fb764eabf5c9d02ed039970336ba4a8c1d24a98a0a8e154a67f1f1e80ad1d1cce429f1f304112ceb2e3479b207c769d298" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/types" + } + ] + }, + { + "type": "library", + "name": "util-utf8-browser", + "group": "@aws-sdk", + "version": "3.259.0", + "bom-ref": "@aws-sdk/util-utf8-browser@3.259.0", + "author": "AWS SDK for JavaScript Team", + "description": "A browser UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-utf8-browser@3.259.0#packages/util-utf8-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-utf8-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-utf8-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52f15afef47e7b5f57a2891917c47315906bc361149105b18815b4c9840086f9370be4151a5d07de8b9c6bc2c306505f40a5f0996de1ba8ff9f47f2bc1bd7027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-utf8-browser" + } + ] + }, + { + "type": "library", + "name": "util-locate-window", + "group": "@aws-sdk", + "version": "3.535.0", + "bom-ref": "@aws-sdk/util-locate-window@3.535.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-locate-window@3.535.0#packages/util-locate-window", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-locate-window", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-locate-window", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.535.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c727748be9dda3a5c81ba9d8223f1917a6eec3adcd8f6158b0c5222abef30a843c33481d56de632fb69cf028ce0813bccb168759a3418a8c9f40b285e775784" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-locate-window" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "2.6.3", + "bom-ref": "tslib@2.6.3", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@2.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4dbf12443948963c6854b9475080024f28e3897c69c8c8ac9239cd3d5e42ac81d515ff7136cefc1961d7a38e64603c281cca6d63b8b1f7db6eb203bb0414929" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-host-header@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.577.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c6b9309cf8e7908e0c8557b34fec5a6266eeddd03b81146b5cdff2913c82b2e9cdfd09f786f3fec9035a6dfb3e58b5dd3dd66804011c24e21f681455f0ac5a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-host-header" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-logger@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.577.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68f146a468d365c25893edb86e0ee34f85dd229e369855d2b8fb78f65c392b281e7cbc8933fb01d1b28aa8f6188af5b4adcb99f5bad0e7c79950db61af3600be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-logger" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.577.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a67dd95447768a86ca2654771fe6c38a51e38119cdad0e873262bd673670f3d0a49f70dc6efe3cc4ebf8449beed1a53c4832e5fd2342c69a4a8de2c34cf18134" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-recursion-detection" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.577.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc40331e047a1d6a59387ef11607892dcebf0b331cc789f1790a25671559a01e693da25ddc28f246164dd315de641d1721109699be322418328ae8172cd3242c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-browser" + } + ] + }, + { + "type": "library", + "name": "config-resolver", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/config-resolver@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/config-resolver@3.0.1#packages/config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85b91825cdb44810f3daaa8bcedb6323f12a5de9ad996934a284739cbb225e9df4eba290453bee2876bb5388c264226ae83a33aafcb4475fef344482f629cf26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/config-resolver" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@smithy", + "version": "2.1.1", + "bom-ref": "@smithy/core@2.1.1", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/core@2.1.1#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/core/-/core-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2f6c8c3051c83414c85354980c85bb1148014bd2bc1dbb2fce433ed7ab5a495c93b2686bfe3c68e3d6219ac119730543c0e41909bfb4baabe614d94f2093f58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/core" + } + ] + }, + { + "type": "library", + "name": "fetch-http-handler", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/fetch-http-handler@3.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/fetch-http-handler@3.0.1#packages/fetch-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/fetch-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/fetch-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9a1fbe22e410e3fab070a106978a82a923448704916d395c33ac2a71671a61396d248b98e18fb757bc33183362097a6f13a5d16f4b6882d3cb2339b95f14616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/fetch-http-handler" + } + ] + }, + { + "type": "library", + "name": "hash-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-node@3.0.0#packages/hash-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f38a97b2d35e98fdd74b98dca1fd1e97af9b0df8f3baf8493d04c47eba37960b5b0ad2a0ccf9b7320892e9e85754f8de439f894b41ea993cfc7ff4587f31d5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-node" + } + ] + }, + { + "type": "library", + "name": "invalid-dependency", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/invalid-dependency@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/invalid-dependency@3.0.0#packages/invalid-dependency", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/invalid-dependency", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/invalid-dependency", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17ac0105a105809ce3d2ce0a5259622063e6a977a6c0fe846af82f0ea630087e343b95ebda2307bd2f2da1d986559b6e242a2b0645ec60bc93bb83ee8b356ae6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/invalid-dependency" + } + ] + }, + { + "type": "library", + "name": "middleware-content-length", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-content-length@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-content-length@3.0.0#packages/middleware-content-length", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-content-length", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-content-length", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc2e2ce1dfe21a86e00ad936b67596ebecd24ce060d4f4409b6bed5992ddae2c13ae815b6d6352af795ccb31ddad01e71176020b92b9d846e97e875a21463cb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-content-length" + } + ] + }, + { + "type": "library", + "name": "middleware-endpoint", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/middleware-endpoint@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-endpoint@3.0.1#packages/middleware-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "950fd439d183e0a33990b662025d2af10cb774f6f29ef0172807579d896b0353a9694c2bfa7792b15a240d9a58e9955be58c7c8e7bacdbdbafe975a933d3f849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-endpoint" + } + ] + }, + { + "type": "library", + "name": "middleware-retry", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/middleware-retry@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-retry@3.0.3#packages/middleware-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5af7b5ab325bf3754453feaafbf2347107409039eecc42c2e88bc80700f3504886a4aa97817d6fd74154b9919b452e8ebff3fe1c7b61700a07389650bd934090" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-retry" + } + ] + }, + { + "type": "library", + "name": "middleware-serde", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-serde@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-serde@3.0.0#packages/middleware-serde", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-serde", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-serde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "235bca1b57e823ea0f806f6bec8318d52fb10679809f5212aa9968cafaa4c07a126fc54fb278070d33a0606601a27b8e2a775a591506259aca6182c1f809deeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-serde" + } + ] + }, + { + "type": "library", + "name": "middleware-stack", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/middleware-stack@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a means for composing multiple middleware functions into a single handler", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/middleware-stack@3.0.0#packages/middleware-stack", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/middleware-stack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/middleware-stack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87d239b27c0c874455e6eb0ba7b24b8d02ab63ef27e6c0507a169dfb7a7cada76ab4e3bfce77dc5eb446946e5bb22263a51a71a969519a55f8f06b04abfa2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/middleware-stack" + } + ] + }, + { + "type": "library", + "name": "node-config-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/node-config-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "Load config default values from ini config files and environmental variable", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-config-provider@3.1.0#packages/node-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e07c1f1022d51f4c54df1ccbcab9cda0d56eb4575bab220647a83d49345642dad4d65da86a7f65ef297a9c052ef266a47b1aa910419cb5d72fe534e516ceaed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-config-provider" + } + ] + }, + { + "type": "library", + "name": "node-http-handler", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/node-http-handler@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a way to make requests", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/node-http-handler@3.0.0#packages/node-http-handler", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/node-http-handler", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/node-http-handler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dedac3e2becd38cca0c0b6d4268e1ea1dc90bb2a405abeeebcf9de6cd27d6bbd1d421567f944bc8ff9429efa094ba0577d9785ecf924908d037a6549c3e9fe79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/node-http-handler" + } + ] + }, + { + "type": "library", + "name": "protocol-http", + "group": "@smithy", + "version": "4.0.0", + "bom-ref": "@smithy/protocol-http@4.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/protocol-http@4.0.0#packages/protocol-http", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/protocol-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/protocol-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e4193842365cb5915813bd020218b87baa8d9d9cb32afcfc89601431c336e2202c0311c76065f1c9395390fa561f433dda1a569bb3c1631ad3171d2f83bf01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/protocol-http" + } + ] + }, + { + "type": "library", + "name": "smithy-client", + "group": "@smithy", + "version": "3.1.1", + "bom-ref": "@smithy/smithy-client@3.1.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/smithy-client@3.1.1#packages/smithy-client", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/smithy-client", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/smithy-client", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63e0abbb329cd947c72656e3dc49bacb155c66a6d5a4b6624cc124ffb8812ae2c6ab69b11d17c09b99075807bb89fd7e7542ad846309d1b284bb85d47807bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/smithy-client" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/types@3.0.0", + "author": "AWS Smithy Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/types@3.0.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/types/-/types-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "56f5ae424d91285b8eafdf201618dc6bb7e4052fb12cb5114fc6d48e4e5742857464b9bb58fc163cf637fc0c334cbb940437a82830ad85f7b502c4d459a48487" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/types" + } + ] + }, + { + "type": "library", + "name": "url-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/url-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/url-parser@3.0.0#packages/url-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/url-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/url-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d972dacc5814bbe60e187b568a10771522c07c251a8d57cd05718662339a54a8cb02e031c77a52058de10602f3220075ee169fe7d80e1b78a62aa4f2f2672b8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/url-parser" + } + ] + }, + { + "type": "library", + "name": "util-base64", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-base64@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A Base64 <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-base64@3.0.0#packages/util-base64", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-base64", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-base64", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b1be887942db74083b1f6a3899382a49c60b4f1d738ac2633e672e30683e3752810c03ea8fc716bdf1a13fed985d9c115915730e881479c5b71a3212edce741" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-base64" + } + ] + }, + { + "type": "library", + "name": "util-body-length-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in browsers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-browser@3.0.0#packages/util-body-length-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71b8c9b3603598b626aa6c9597cd2ea0b4c984071fccc3b23e08f0018bac58a31d2de36dce6333f58c4d977fe344ba31492df092a91fd23c0d76d5d6b7210169" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-browser" + } + ] + }, + { + "type": "library", + "name": "util-body-length-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-body-length-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Determines the length of a request body in node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-body-length-node@3.0.0#packages/util-body-length-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-body-length-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-body-length-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3ee96786d49683543fa3f3c2137b2b7f3ab664a61044fd42d420d1381d34e9f1859bc2b2c1e38bea194d422ecf110245f1bcadd9b63ccc3658216ce9e21890" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-body-length-node" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-browser", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-browser@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-browser@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc314e3766ef5c902e9097bea8580f57fae8ac6ed90f79b88230971c3d55e73fed80a429e4c09308b9edaddebcead5fab63f14962de579f59726e74d8395a608" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-browser" + } + ] + }, + { + "type": "library", + "name": "util-defaults-mode-node", + "group": "@smithy", + "version": "3.0.3", + "bom-ref": "@smithy/util-defaults-mode-node@3.0.3", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-defaults-mode-node@3.0.3#packages/util-defaults-mode-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-defaults-mode-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-defaults-mode-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f46fc1895de713d346daa124372227aede4de667b198f30d739a0f29768818ac6bd625e2dc21c96a93681b906e0ad03681196aceeafeabdb48b02057c362b98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-defaults-mode-node" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@smithy", + "version": "2.0.1", + "bom-ref": "@smithy/util-endpoints@2.0.1", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-endpoints@2.0.1#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6514f45423a72a556885fa0004c73c956790a3f24416e3d672d7cd4578131dbc8e56cb0c38b60550d5ae931c621d119502157e9f773490f5becd4a9c92354f10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-middleware", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-middleware@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-middleware@3.0.0#packages/util-middleware", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-middleware", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-middleware", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab921374e9d5da95c74950e7296af08123530c100c1cba6d144d3bb9aff94f2e56275d5bbebd2f9366bb6a0bbba9186b085450967a39bb70a7794e4410b2be0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-middleware" + } + ] + }, + { + "type": "library", + "name": "util-retry", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-retry@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared retry utilities to be used in middleware packages.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-retry@3.0.0#packages/util-retry", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-retry", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/master/packages/util-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9caf7d6ef262ce21affd438a2650ef145e39174d1680f2ca5481947c02be98387354dda16ff4b7dee5b64e5860e4f541a2a63bb4356a2f4ce6bb83b1007828f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-retry" + } + ] + }, + { + "type": "library", + "name": "util-utf8", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-utf8@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A UTF-8 string <-> UInt8Array converter", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-utf8@3.0.0#packages/util-utf8", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-utf8", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-utf8", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad4793d766f1167a656037bcd791976eafe88b11061df44516d71317761d0e2fc968434833a6926182c9c9d1bcdd43732d77912392bc69b61dffc4a9fd033490" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-utf8" + } + ] + }, + { + "type": "library", + "name": "signature-v4", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/signature-v4@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A standalone implementation of the AWS Signature V4 request signing algorithm", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/signature-v4@3.0.0#packages/signature-v4", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/signature-v4", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/signature-v4", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91714e90d5fe0501dedaa9cbc693046824466a9f49ead5062f373703d8dd9fe9c3e0974cc0229327ecc5c10db41a463e9805c66adc93c371dca14951dfd1f098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/signature-v4" + } + ] + }, + { + "type": "library", + "name": "is-array-buffer", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/is-array-buffer@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Provides a function for detecting if an argument is an ArrayBuffer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/is-array-buffer@3.0.0#packages/is-array-buffer", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/is-array-buffer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/is-array-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f85b2ee90e82e114898b2f3563c780a63101e6056d33ea052937df83e8d2bb0b6fa26249ae150906edb34bcc235d2807fe0d4c2845abcf20a14c17ba7256f915" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/is-array-buffer" + } + ] + }, + { + "type": "library", + "name": "util-hex-encoding", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-hex-encoding@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Converts binary buffers to and from lowercase hexadecimal encoding", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-hex-encoding@3.0.0#packages/util-hex-encoding", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-hex-encoding", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-hex-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7859dd8755842b960c518bf2de53e5566618fdf65c404d43f2849fe3521ddaf09e2242895cf7180c2643fb8fb156223a6f55d277bb44face40997cf3e6295a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-hex-encoding" + } + ] + }, + { + "type": "library", + "name": "util-uri-escape", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-uri-escape@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-uri-escape@3.0.0#packages/util-uri-escape", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-uri-escape", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-uri-escape", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2ea47ba982e06530fb9d62c179c522e1aaa8970f0c8736bd02ba4d110f3cd4c249214dac13988708ae93772aaacdc0cbcb438f7b5d086384fc72d55db729ee6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-uri-escape" + } + ] + }, + { + "type": "library", + "name": "strnum", + "version": "1.0.5", + "bom-ref": "strnum@1.0.5", + "author": "Amit Gupta", + "description": "Parse String to Number based on configuration", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strnum@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/strnum.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/strnum/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27c6db37228a5e5e6a61c477e9320ef16de6546547ae69b1b1de4f008b46926cb3c09bf26e2c36215ab99ea7748b82d2352901fecc7d5479656df15dafd93524" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strnum" + } + ] + }, + { + "type": "library", + "name": "property-provider", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/property-provider@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/property-provider@3.1.0#packages/property-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/property-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/property-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e3dfea1586a75981e9a30a25a31650037e1bcb1780bfb8a0ee2a8effb6512c450f7edde982ade476c67763f7bd104914ac882114f21656dfff0942efa7e70e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/property-provider" + } + ] + }, + { + "type": "library", + "name": "util-stream", + "group": "@smithy", + "version": "3.0.1", + "bom-ref": "@smithy/util-stream@3.0.1", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-stream@3.0.1#packages/util-stream", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5ed534d840b1f31103c23df3a61d398e5f134fd3d7f663145e8e2ecaa4bd054d3f7bd9feccd80df182ca985bee2a00d3daf7d8aff4a9b4857cd154ebc692cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-stream" + } + ] + }, + { + "type": "library", + "name": "credential-provider-imds", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/credential-provider-imds@3.1.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/credential-provider-imds@3.1.0#packages/credential-provider-imds", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/credential-provider-imds", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/credential-provider-imds", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab8038777f2ff296189ac7aefe34d2dd9e48df35e510e7b939b8be109ade54a8125725941ce77bff26950a29c2eb4406e0c4720acf7cb5cc411f520c0b46eeed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/credential-provider-imds" + } + ] + }, + { + "type": "library", + "name": "shared-ini-file-loader", + "group": "@smithy", + "version": "3.1.0", + "bom-ref": "@smithy/shared-ini-file-loader@3.1.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/shared-ini-file-loader@3.1.0#packages/shared-ini-file-loader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/shared-ini-file-loader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/shared-ini-file-loader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74033bc125f4351dea4cdc8654dfe7c30a440f37d5f53ff700dd9e0011315a675ae55a99292b2394836aa263b98634161aff88224a177ecdeedaf192373f3e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/shared-ini-file-loader" + } + ] + }, + { + "type": "library", + "name": "util-config-provider", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-config-provider@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities package for configuration providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-config-provider@3.0.0#packages/util-config-provider", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-config-provider", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-config-provider", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5b8e4e2cd1fc2adc38bf00d2feac2bc930a3396f3010744e52ffa44be4d5e0304c45022e9481030f3a6e723da2163e9afe10e5ca5d1a27277168c4a7f898225" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-config-provider" + } + ] + }, + { + "type": "library", + "name": "bowser", + "version": "2.11.0", + "bom-ref": "bowser@2.11.0", + "author": "Dustin Diaz", + "description": "Lightweight browser detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/lancedikson/bowser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lancedikson/bowser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02571a2418bfa6aa8904843c53d31ca5cf62f00ab19fcf1292fe5dfb1057d34e81639bbc3779862c76b92e0a696bb2ff1dfc20c0b819e8d62cf8083ab9498944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bowser" + } + ] + }, + { + "type": "library", + "name": "querystring-builder", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-builder@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-builder@3.0.0#packages/querystring-builder", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d6f058b4373c9f904d13990a610d7af50260436cad35700e02d59ee0830300539443cf9000bff2a6a11c334004b49315cd7ff0f600b4c48302b45367382ed46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-builder" + } + ] + }, + { + "type": "library", + "name": "util-buffer-from", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-buffer-from@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-buffer-from@3.0.0#packages/util-buffer-from", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-buffer-from", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-buffer-from", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6843870a0ab945615b3fe5033ef3e8b76e842478ce0be6d182c7b903c5771524a1a9de44e54378a9cef3930b2f24f3c056c7fbdd0c18707375fe0b7faed2f040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-buffer-from" + } + ] + }, + { + "type": "library", + "name": "service-error-classification", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/service-error-classification@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/service-error-classification@3.0.0#packages/service-error-classification", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/service-error-classification", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/service-error-classification", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc1b01b4e52dd86b277375f6ddec3eaf633bd56c2da477c40c684760748383aab5b7c16b5a1d798d3db90cb6a3155d47f8fa71009ea0a9ef7261e454b2649d14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/service-error-classification" + } + ] + }, + { + "type": "library", + "name": "uuid", + "version": "9.0.1", + "bom-ref": "uuid@9.0.1", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/uuidjs/uuid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fed5e24e96c47d2bc1c9a68c3d3a4ddf896396488708cd7a1dbefd2b42356839536958ca717f5c19369b78cbd875d2874236baa7629d4e073464b5c9017b7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uuid" + } + ] + }, + { + "type": "library", + "name": "querystring-parser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/querystring-parser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/querystring-parser@3.0.0#packages/querystring-parser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/querystring-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/querystring-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5331f0b6193450471c578747ccfc929c1cb7e005b0dd5f6522a513c66a3343ec0f0c03bd72c09631f38b7bb57d0366a0358cbbc44f8f6f44ba2bf276dc94b37d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/querystring-parser" + } + ] + }, + { + "type": "library", + "name": "client-securityhub", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Securityhub Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-securityhub@3.590.0#clients/client-securityhub", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-securityhub", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-securityhub", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-securityhub/-/client-securityhub-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cc0da783606c03b91489ecb6ea697c41b66088bb51a013b0e30dcec6364162dfcd31500d89bb9108bf63959a057c2f7b3f54f245c9baebdde57ee35adba1f92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub" + } + ] + }, + { + "type": "library", + "name": "xlsx", + "group": "@e965", + "version": "0.20.1", + "bom-ref": "@e965/xlsx@0.20.1", + "author": "sheetjs", + "description": "SheetJS Spreadsheet data parser and writer", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40e965/xlsx@0.20.1", + "externalReferences": [ + { + "url": "git+https://github.com/e965/sheetjs-npm-publisher.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://git.sheetjs.com/SheetJS/sheetjs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd1bfc34b0751fa6aa43266ddff80b8ddd31919b07fbf588462e181c0c359281123533cf9b35c96cfa8ed8730dec3641d6f9c5d5448ac50f59bd2d12f4baa66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@e965/xlsx" + } + ] + }, + { + "type": "library", + "name": "emass_client", + "group": "@mitre", + "version": "3.10.0", + "bom-ref": "@mitre/emass_client@3.10.0", + "author": "OpenAPI-Generator Contributors", + "description": "OpenAPI client for @mitre/emass_client", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/emass_client@3.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/emass_client.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/emass_client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/emass_client/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/emass_client/-/emass_client-3.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e10952e45a11106c15df5d35d150ad7a8e7d7a76cf08d11405e99a1331c422a5284f08bf4b64a4f7c4d429d31838c0a53f826d363e984cfaad76ae2fe821e705" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client" + } + ] + }, + { + "type": "library", + "name": "follow-redirects", + "version": "1.15.6", + "bom-ref": "follow-redirects@1.15.6", + "author": "Ruben Verborgh", + "description": "HTTP and HTTPS modules that follow redirects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/follow-redirects@1.15.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/follow-redirects/follow-redirects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/follow-redirects/follow-redirects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1637ad9821311a3a948ae7ce0465725a7c7d401a93bc45580495f92e5db4ceacf5f87c87cec84a56fc2b2235df09758ac0a0ebda7d14ce127bec3befaa0aa14" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/follow-redirects" + } + ] + }, + { + "type": "library", + "name": "hdf-converters", + "group": "@mitre", + "version": "2.10.8", + "bom-ref": "@mitre/hdf-converters@2.10.8", + "description": "Converter util library used to transform various scan results into HDF format", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/hdf-converters@2.10.8", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/hdf-converters" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@mdi", + "version": "7.4.47", + "bom-ref": "@mdi/js@7.4.47", + "author": "Austin Andrews", + "description": "Dist for Material Design Icons for JS/TypeScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mdi/js@7.4.47", + "externalReferences": [ + { + "url": "git+https://github.com/Templarian/MaterialDesign-JS.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Templarian/MaterialDesign-JS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28f9cd3ad9b98b6a4c69ba99c69533ee241ffa67eb619c8a099f10373f39733804b7b72e1dc1a8ad67ddcd4316600d120fe6ba1e7e05989f98873cf38e44d9ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mdi/js" + } + ] + }, + { + "type": "library", + "name": "jsonix", + "group": "@mitre", + "version": "3.0.7", + "bom-ref": "@mitre/jsonix@3.0.7", + "author": "Alexey Valikov", + "description": "Jsonix (JSON interfaces for XML) is a JavaScript library which allows converting between XML and JSON structures.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "http://github.com/highsource/jsonix/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/%40mitre/jsonix@3.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mitre/jsonix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/mitre/jsonix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/mitre/jsonix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f1a0cd2f6bf46f606a68e8bedc77fdfc4b8d914315cc53d83aeb0bc7d318fcacbd2cbcf60f90718062fcfa1e669d8a53887c859271a6e16aff3059b3ee81cb63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/jsonix" + } + ] + }, + { + "type": "library", + "name": "xmldom", + "group": "@xmldom", + "version": "0.8.10", + "bom-ref": "@xmldom/xmldom@0.8.10", + "description": "A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40xmldom/xmldom@0.8.10", + "externalReferences": [ + { + "url": "git://github.com/xmldom/xmldom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xmldom/xmldom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xmldom/xmldom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.8.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9600b7d3978c68d9290609846deab0d315f93d475733981bd4432d7680ad8ab91288a5612171b6f3cbc1195edcff8e446a1d7f1b14473a142d478d7e1351663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@xmldom/xmldom" + } + ] + }, + { + "type": "library", + "name": "amdefine", + "version": "0.0.4", + "bom-ref": "amdefine@0.0.4", + "author": "James Burke", + "description": "Provide AMD's define() API for declaring modules in the AMD format", + "licenses": [ + { + "license": { + "name": "BSD", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/jrburke/amdefine/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/amdefine@0.0.4", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://registry.npmjs.org/amdefine/-/amdefine-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbdb8d95aaa6f246746d80ee845b759aa3682ccd88e00b12781fba75d74d8927e6465251ab7f0852e36d503e3ec4eccea0f96d387cd2be795282c70c7e99c30e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/amdefine" + } + ] + }, + { + "type": "library", + "name": "xmlhttprequest", + "version": "1.8.0", + "bom-ref": "xmlhttprequest@1.8.0", + "author": "Dan DeFelippi", + "description": "XMLHttpRequest for Node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlhttprequest@1.8.0", + "externalReferences": [ + { + "url": "git://github.com/driverdan/node-XMLHttpRequest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/driverdan/node-XMLHttpRequest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/driverdan/node-XMLHttpRequest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlhttprequest/-/xmlhttprequest-1.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c226fd4d2695504b337f0d7598c7ca1b8cb42a9aeb5e3af64d983ff01a3dbbc2a15f5a4065296c9063d50466db2b518954010ff7ecc3b2f66c9183550b3004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlhttprequest" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "group": "@types", + "version": "1.4.5", + "bom-ref": "@types/csv2json@1.4.5", + "description": "TypeScript definitions for csv2json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/csv2json@1.4.5#types/csv2json", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/csv2json", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/csv2json/-/csv2json-1.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d79d88c649cffcca76149023a6968d23036bdae7d65ed55c6cd814fb651371ac12af61569ea85a4e4dac2153a6967b4503226b19d3400acdc0ccacf9808a4d38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/csv2json" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "group": "@types", + "version": "1.4.4", + "bom-ref": "@types/pumpify@1.4.4", + "description": "TypeScript definitions for pumpify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pumpify@1.4.4#types/pumpify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pumpify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pumpify/-/pumpify-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9c59b41479c0f4e0c41892334184f99c5083f7ebc6a5a189aa9be22674c280f2b329c51340859003ea0223fac0154c5d43962aab4ffa94a7a686362ffd537b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "group": "@types", + "version": "3.6.4", + "bom-ref": "@types/duplexify@3.6.4", + "description": "TypeScript definitions for duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/duplexify@3.6.4#types/duplexify", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/duplexify", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/duplexify/-/duplexify-3.6.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e6a154fb1df9dcb708be85ba003325cc68ada5a15208591844099ecd644ca7c25d6289e621bf564681d39c1156b0ca1df3852aa6f45f491787dd5e13df5166" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/duplexify" + } + ] + }, + { + "type": "library", + "name": "node", + "group": "@types", + "version": "20.14.1", + "bom-ref": "@types/node@20.14.1", + "description": "TypeScript definitions for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@20.14.1#types/node", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/node/-/node-20.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f633348612efb2b01fc59167ea9a15773cbc90968c1da6d9a6803db40ba431b12f059afe528e96756b25da102d12db5fe1e5427d880e96ff9bd2354e65d3438" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/node" + } + ] + }, + { + "type": "library", + "name": "ms", + "group": "@types", + "version": "0.7.34", + "bom-ref": "@types/ms@0.7.34", + "description": "TypeScript definitions for ms", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/ms@0.7.34#types/ms", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/ms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/ms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c6f7a1b75a9e9a73202026a19ab233836fe69cac8eca96d3e2471cc73d79cfdcd808dbc6e940346fe77a256ea1976df7201796a288798edf1a701294b92ddf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "group": "@types", + "version": "4.2.5", + "bom-ref": "@types/mustache@4.2.5", + "description": "TypeScript definitions for mustache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mustache@4.2.5#types/mustache", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mustache", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mustache", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mustache/-/mustache-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3cbc2256f4c1839f6d1852fff15a5c1afa8ebb72f83aebde36f3e2d0461b59c85174454ffbec9151724f165f82029284ab5df4d7bff835feda439953b4750db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "group": "@types", + "version": "5.3.14", + "bom-ref": "@types/papaparse@5.3.14", + "description": "TypeScript definitions for papaparse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/papaparse@5.3.14#types/papaparse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/papaparse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/papaparse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/papaparse/-/papaparse-5.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f127888415ca6a73a3044f0a7d7fa055e9555ce379ba31f1f456a168b07beb5207d78857bac30ed1de2b64390f9308ae98f88bfff919e7bed4599e473929cf6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "group": "@types", + "version": "0.3.12", + "bom-ref": "@types/revalidator@0.3.12", + "description": "TypeScript definitions for revalidator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/revalidator@0.3.12#types/revalidator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/revalidator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/revalidator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/revalidator/-/revalidator-0.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ec0368c77f3ef725a211395a0c0ddff1ee75565c19847434a85c1e324250f3bff342064158d9f30793213a0c6aefa282c30057b9408ea5f56ab44e0768a4cb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/revalidator" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/triple-beam@1.3.5", + "description": "TypeScript definitions for triple-beam", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/triple-beam@1.3.5#types/triple-beam", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/triple-beam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/triple-beam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e966987ac4e144c0a5d7d8abc8c60feffc76395802b5b2157e50c61695a76fd8ab5c8dd48d8138033998ba250a635009b2d1a28e863e32052cccc811c4861363" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/triple-beam" + } + ] + }, + { + "type": "library", + "name": "validator", + "group": "@types", + "version": "13.12.0", + "bom-ref": "@types/validator@13.12.0", + "description": "TypeScript definitions for validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/validator@13.12.0#types/validator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/validator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/validator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c7e392e4ee83c8275455385e8980523a0f2d10a47133ab841e71986f82ec583c3c13f1cf77a6b08ca80b6222db66dfdbe867e0c347eaa436732926630146a6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/validator" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "group": "@types", + "version": "0.4.14", + "bom-ref": "@types/xml2js@0.4.14", + "description": "TypeScript definitions for xml2js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/xml2js@0.4.14#types/xml2js", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/xml2js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/xml2js/-/xml2js-0.4.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e189eb45e9814a15913b6423bd48a7f04480e35ac7fbd9d018b506655ff5203862dd22fd3a1769342fccaee9535aea6d5cac21c7f683c44eeda15d1fff2a485d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/xml2js" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "1.7.2", + "bom-ref": "axios@1.7.2", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@1.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80f1084e32b6e89a50ee88b78af5789b201cee1de45caaa34e1e9d02ca9e44a09d4814387e5d91f703a0645edbf42b880518223463804cec1d703848b446683" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "compare-versions", + "version": "6.1.0", + "bom-ref": "compare-versions@6.1.0", + "author": "Ole Michelsen", + "description": "Compare semver version strings to find greater, equal or lesser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compare-versions@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/omichelsen/compare-versions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/omichelsen/compare-versions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd6505e1a94bea513a2da59d34a8b49a89fcb76f85450f9f3c691afc30a170e02314afdf32b73096e700c7e6ac7f0c46399020d771b711b82a8bd2ccc47f6b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/compare-versions" + } + ] + }, + { + "type": "library", + "name": "csv2json", + "version": "2.0.2", + "bom-ref": "csv2json@2.0.2", + "author": "Julien Fontanet", + "description": "Stream and CLI to convert CSV to JSON", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/csv2json@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/julien-f/csv2json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/julien-f/csv2json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/julien-f/csv2json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv2json/-/csv2json-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61567bd8e7a14acf7e8f694c135d28b2624d1de23475c1e55fea8dabcc5c4744fe46df1668e09c84a884545dc6b0ae0e7f7cff2c4eb8c746dad5ca542e601c97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv2json" + } + ] + }, + { + "type": "library", + "name": "csv-parser", + "version": "2.3.5", + "bom-ref": "csv-parser@2.3.5", + "author": "mafintosh", + "description": "Streaming CSV parser that aims for maximum speed as well as compatibility with the csv-spectrum test suite", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parser@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/csv-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/csv-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parser/-/csv-parser-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c21e8942e0094dc0bfb912e0f92c7d9554d2a90fc422c595b6cf32b55e6ad56146ac945638739068a0444738222e6c6f62bff0c0c858ece31d07bd6359bb25a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parser" + } + ] + }, + { + "type": "library", + "name": "minimist", + "version": "1.2.8", + "bom-ref": "minimist@1.2.8", + "author": "James Halliday", + "description": "parse argument options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "externalReferences": [ + { + "url": "git://github.com/minimistjs/minimist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/minimistjs/minimist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/minimistjs/minimist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db2c8047ca8190ddd8ba17896a7529582e54ddb6f9a2c0f2c0d07c4730d5943c031dba1c009bdeaaa8f5bbcf92543ee39164f8cafb070a95aaa96a80c5bd3308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimist" + } + ] + }, + { + "type": "library", + "name": "through2", + "version": "3.0.2", + "bom-ref": "through2@3.0.2", + "author": "Rod Vagg", + "description": "A tiny wrapper around Node.js streams.Transform (Streams2/3) to avoid explicit subclassing noise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/rvagg/through2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through2/-/through2-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a7683438314c8fd96e99c93e84b0ccea04f65a33f6af83c8aea3e976777402b3427ee916aa90757fdbf94ec034ee7811de27fd8b1bd96b2d6ddde6b58fb9cb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through2" + } + ] + }, + { + "type": "library", + "name": "exec-promise", + "version": "0.7.0", + "bom-ref": "exec-promise@0.7.0", + "author": "Julien Fontanet", + "description": "Testable CLIs with promises", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/exec-promise@0.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/exec-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/exec-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exec-promise/-/exec-promise-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6b817e065a23cdb0f42b28227c5f754e6ec89d6afe89ad61853209a95362bd4d202ee90f3d27ec98ea4a7fa2d85845727852199e3bc8c18f8e99411af9e1780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exec-promise" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "1.0.2", + "bom-ref": "log-symbols@1.0.2", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: ✔︎ success", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a63eb5b4161d9fc4ecdd05b16fe20d66ea947bda16852cf2761b94891042dfd72fa2690ac31ba71608f8f2e7844761b640b7b5fe96cebdd0ac3ad807565c1cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols" + } + ] + }, + { + "type": "library", + "name": "has-ansi", + "version": "2.0.0", + "bom-ref": "has-ansi@2.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string has ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0bcbc127c0f0502c75f6f866eeeae14ee52caf8fc8c8fea5e15ccd403bfeaf21d039b5b74d34e9f7207af16a588117b66db686b99fec7bbe08a857959cc9cb66" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi" + } + ] + }, + { + "type": "library", + "name": "promise-toolbox", + "version": "0.14.0", + "bom-ref": "promise-toolbox@0.14.0", + "author": "Julien Fontanet", + "description": "Essential utils for promises", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-toolbox@0.14.0", + "externalReferences": [ + { + "url": "git+https://github.com/JsCommunity/promise-toolbox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/promise-toolbox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/promise-toolbox/-/promise-toolbox-0.14.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "555e655cae255da3c1f6804ee74a297b5a9dd0028df0dde72b5e2362f57dfea1667d95b63f1fdb2633d90678868d770825fe89e58fdca0d809b4f1c3ca2515fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/promise-toolbox" + } + ] + }, + { + "type": "library", + "name": "make-error", + "version": "1.3.6", + "bom-ref": "make-error@1.3.6", + "author": "Julien Fontanet", + "description": "Make your own error types!", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-error@1.3.6", + "externalReferences": [ + { + "url": "git://github.com/JsCommunity/make-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JsCommunity/make-error", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JsCommunity/make-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b3c52194d7bbbcf2a8990842d6a15e94ca24aff49cdc080d6eca379fbe2654f0392d3670901f4d9577f85cf6a62f1244f21d2087bdeb33de31bf0453d825489f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-error" + } + ] + }, + { + "type": "library", + "name": "pump", + "version": "3.0.0", + "bom-ref": "pump@3.0.0", + "author": "Mathias Buus Madsen", + "description": "pipe streams together and close all of them if one of them closes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pump" + } + ] + }, + { + "type": "library", + "name": "end-of-stream", + "version": "1.4.4", + "bom-ref": "end-of-stream@1.4.4", + "author": "Mathias Buus", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/end-of-stream" + } + ] + }, + { + "type": "library", + "name": "once", + "version": "1.4.0", + "bom-ref": "once@1.4.0", + "author": "Isaac Z. Schlueter", + "description": "Run a function exactly one time", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/once#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94d689808fb643951140191c7042874d038f697754c67659125413658d0c15402e684a9ed44f8dcaf81dcff688c8d8ba67d3333b976fd47f27e7cfc610ba77fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/once" + } + ] + }, + { + "type": "library", + "name": "pumpify", + "version": "2.0.1", + "bom-ref": "pumpify@2.0.1", + "author": "Mathias Buus", + "description": "Combine an array of streams into a single duplex stream using pump and duplexify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pumpify@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/pumpify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/pumpify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/pumpify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pumpify/-/pumpify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9bb28e8deee3671ae6bad6a79644b575a8f5752eb3e8182c97339799c484a48942c4cdd5247ee51b940b79c93fea1805e85e1cac57f4d54b5098db097f079303" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pumpify" + } + ] + }, + { + "type": "library", + "name": "duplexify", + "version": "4.1.3", + "bom-ref": "duplexify@4.1.3", + "author": "Mathias Buus", + "description": "Turn a writable and readable stream into a streams2 duplex stream with support for async initialization and streams1/streams2 input", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "externalReferences": [ + { + "url": "git://github.com/mafintosh/duplexify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/duplexify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/duplexify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "337066061c09459b12c77f25672844e770ac75d83397947bc4624d93b09575d643e82726c0c087f09fbb029ac8ad0287ed3a272b16828dcbf6ed099ffac43ea0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/duplexify" + } + ] + }, + { + "type": "library", + "name": "inherits", + "version": "2.0.4", + "bom-ref": "inherits@2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inherits" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "3.6.2", + "bom-ref": "readable-stream@3.6.2", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f6efec9e20ab6370f959db04447cc71381b66025eaa06e454c7522082e1221bafa5dc2d9058d39c9af442a361e93d3b9c4e0308c6abed497460404bb43d49ca0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "stream-shift", + "version": "1.0.3", + "bom-ref": "stream-shift@1.0.3", + "author": "Mathias Buus", + "description": "Returns the next buffer/object in a stream's readable queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/mafintosh/stream-shift.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mafintosh/stream-shift/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efa3914740ced68d6194ac136e2fc33371175867f764960ef1c5d7e512709ee9760c4836a32a19ca32cda1033c5acbd988528245f0b53b427b882be27b745999" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-shift" + } + ] + }, + { + "type": "library", + "name": "strip-bom-stream", + "version": "4.0.0", + "bom-ref": "strip-bom-stream@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-stream@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d00a4ade20241efe966e02c80b0fc9e278701de0d9b01c4822c383fa01e064808be92789d12f5ffd666a7a691af5c8e44f230de6078877a7bc5395861409f771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-stream" + } + ] + }, + { + "type": "library", + "name": "first-chunk-stream", + "version": "3.0.0", + "bom-ref": "first-chunk-stream@3.0.0", + "author": "Sindre Sorhus", + "description": "Transform the first chunk in a stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/first-chunk-stream@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/first-chunk-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/first-chunk-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cd46f47886bfd2f1c5d7908639a538153fb2f7b6ae8b95859c83d9d606e5bba3534cc4a668ea83956bfe8621e90c188d08c3bb82f875a298c7bdbbf54078aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/first-chunk-stream" + } + ] + }, + { + "type": "library", + "name": "strip-bom-buf", + "version": "2.0.0", + "bom-ref": "strip-bom-buf@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom-buf@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom-buf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom-buf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom-buf/-/strip-bom-buf-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80b14d1ee71dea0cdbf2332c9794266774209d4266a7baa7e2e5121cdc045ee980a7b622ce8198c35f595157eeab868139052dca7da4f17fc2c33581ef75b695" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom-buf" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "acc60f62f0b3b17cb022c95d80b692a0f970e4f7e807fb2cafb858e292df72876b03933f780af36b56bd5664e234804d323386af53b0f664f2536a3af54e94f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.4.0", + "bom-ref": "fast-xml-parser@4.4.0", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90b6378c5970218c01343a237252ac3400b5dac7c3e8dc16ef8401d82a0d18fbed5718e58987a156e9c1dc7632362fa7e13b75740720c18be6285fd9d7c7e5aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "html-entities", + "version": "2.5.2", + "bom-ref": "html-entities@2.5.2", + "author": "Marat Dulin", + "description": "Fastest HTML entities encode/decode library.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mdevils/html-entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mdevils/html-entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdevils/html-entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bffcf491310938159efc2b26aefa666eac79f7147d15c2bf87dfa784d2b3db798911462f58c5c7983e1b8deb45305a8af1c8a1e1aa800997638529ae0156d68" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-entities" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "9.1.0", + "bom-ref": "htmlparser2@9.1.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@9.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e737e0ea61d4a1a7abffded3c671a9c666d1ef326d3f021814c67f1f9b9c4e53d984abedba6d39ca23cadcc81a8b76b40f2571bfba98aa8c1e6847769eb610cd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "inspecjs", + "version": "2.10.8", + "bom-ref": "inspecjs@2.10.8", + "description": "Schema definitions, classes on top, and utilities to deal with HDF files", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/inspecjs@2.10.8", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inspecjs/-/inspecjs-2.10.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7254873aba523f31f309f195a81cf5f5fa6162c37032af4b2383ed3d690a45521ee79e1bb2a255b7f49f665859d4be7919ac4ff7e3e49d8b026984338d276109" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inspecjs" + } + ] + }, + { + "type": "library", + "name": "lodash", + "version": "4.17.21", + "bom-ref": "lodash@4.17.21", + "author": "John-David Dalton", + "description": "Lodash modular utilities.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.21", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf690311ee7b95e713ba568322e3533f2dd1cb880b189e99d4edef13592b81764daec43e2c54c61d5c558dc5cfb35ecb85b65519e74026ff17675b6f8f916f4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash" + } + ] + }, + { + "type": "library", + "name": "moment", + "version": "2.30.1", + "bom-ref": "moment@2.30.1", + "author": "Iskren Ivov Chernev", + "description": "Parse, validate, manipulate, and display dates", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.30.1", + "externalReferences": [ + { + "url": "git+https://github.com/moment/moment.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://momentjs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b849ad3616c33ab58f152fa176314205fcbd7f6628cb3469c1c97e0eaa42ead697db5173b132d055b315fd6ecfccd497eb1fdb842d73037736510e4dcc7ea1a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/moment" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e85973b9b4cb646dc9d9afcd542025784863ceae68c601f268253dc985ef70bb2fa1568726afece715c8ebf5d73fab73ed1f7100eb479d23bfb57b45dd645394" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "mustache", + "version": "4.2.0", + "bom-ref": "mustache@4.2.0", + "author": "mustache.js Authors", + "description": "Logic-less {{mustache}} templates with JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/janl/mustache.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/janl/mustache.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef58a9a52cb0ab961beffb5563219b9018206d4f07deee51cf9e9f1fad2318582bf2e1f0c6cf9a48a7aa9a5b885733349b4901ef1423292eaa3df7746f6668a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mustache" + } + ] + }, + { + "type": "library", + "name": "papaparse", + "version": "5.4.1", + "bom-ref": "papaparse@5.4.1", + "author": "Matthew Holt", + "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/papaparse@5.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/mholt/PapaParse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://papaparse.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mholt/PapaParse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e2a4cb2026466ef1baf6de95b5e6ebe8eac89beb09deff8c282d93e515fdeba43c8c7bdcb011752cb83efee8af4f464265553e758ffb023980ca1864b7649af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/papaparse" + } + ] + }, + { + "type": "library", + "name": "revalidator", + "version": "0.3.1", + "bom-ref": "revalidator@0.3.1", + "author": "Charlie Robbins", + "description": "A cross-browser / node.js validator powered by JSON Schema", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/revalidator@0.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/flatiron/revalidator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flatiron/revalidator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flatiron/revalidator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/revalidator/-/revalidator-0.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2babe370f95e690e9430184b8dda7d40809fb403c5aa8451cab792a09317c0a3050a80ed42595df6211dd3341e20f7f157de026df6a0493bc0d8970a279c1d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/revalidator" + } + ] + }, + { + "type": "library", + "name": "run-script-os", + "version": "1.1.6", + "bom-ref": "run-script-os@1.1.6", + "author": "Charlie Guse", + "description": "run-script-os is a tool that will let you use generic npm script commands that will pass through to os specific commands.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-script-os@1.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/charlesguse/run-script-os.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/charlesguse/run-script-os/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-script-os/-/run-script-os-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa5e8fd8bce10534c37f32adb3e428e07f785542a9c4a0c5cfa431c7069464dd26c2f8bb2f7969388ec1a8f0aaee58038775cb974769797c1f715222b65ad8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-script-os" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d0080560b1f6a7118681dc81c27482f53b48dd65614d995ee49f974e1b482e4ea6f0c71722428dd347a263d7c6342508153aed85bae0fcd8eff548107ec5db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.4.3", + "bom-ref": "tailwindcss@3.4.3", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bb31424fe7dfdec19b1e091db271fe248e3afe46f882377f59292e963641e52fe4370f75c4ec60b96eb197ead4db611d2d5cd5c668c859a691ec75af391ed0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "group": "@alloc", + "version": "5.2.0", + "bom-ref": "@alloc/quick-lru@5.2.0", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52b700041fb86d4ac5001c1b96e4c8044ad7c2f6ec53f57b4d959f99b8097db930881bb3892f60c5d383532ba279c7dd190f398e094c5ba8ee4b7fb3e53b0a2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@alloc/quick-lru" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "5.0.2", + "bom-ref": "arg@5.0.2", + "author": "Josh Junon", + "description": "Unopinionated, no-frills CLI argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@5.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d88f214e2ca43dcb9ec9bd0e902e8f1d02036ab3087c33544c25875076e4fac5b59280adfa3ff67fbfea7cf3ca4cebd8cc31f4bc5ddf05e88d6443f23d1d41a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "chokidar", + "version": "3.5.3", + "bom-ref": "chokidar@3.5.3", + "author": "Paul Miller", + "description": "Minimal and efficient cross-platform file watching library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chokidar@3.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/paulmillr/chokidar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/chokidar", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/chokidar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ebdec7ca44fea84dc8dfd8999498525f79532f5c175e83107489543979bd95d74b852540804bc381c9975503255bf315cdcf71a38d3823f642d6b194ea13a93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar" + } + ] + }, + { + "type": "library", + "name": "didyoumean", + "version": "1.2.2", + "bom-ref": "didyoumean@1.2.2", + "author": "Dave Porter", + "description": "Match human-quality input to potential matches by edit distance.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/dcporter/didyoumean.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dcporter/didyoumean.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "831b727ea320ec62b285099bd39e8aeccdf1b33cbf9b21fcc3e078453f905c142cbc039d7375f29aa0c33c7c750603e0b1d000e522227e89daf3d62d4404c3cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/didyoumean" + } + ] + }, + { + "type": "library", + "name": "dlv", + "version": "1.1.3", + "bom-ref": "dlv@1.1.3", + "author": "Jason Miller", + "description": "Safely get a dot-notated property within an object.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/developit/dlv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/developit/dlv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/developit/dlv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f87972b728e53ca9c81bc5ee446f16be604ff31b3c3fbd72f9228a4ba6575a81202ee78fc6d0e8504887ed691d78f5ab439241a44e9aa15a9f65f2544248d7c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dlv" + } + ] + }, + { + "type": "library", + "name": "fast-glob", + "version": "3.3.2", + "bom-ref": "fast-glob@3.3.2", + "author": "Denis Malinochkin", + "description": "It's a very fast and efficient glob library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-glob@3.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/mrmlnc/fast-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrmlnc/fast-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a17dabb80150c1ffceae3f26ef7ed8e5a7710d03b42c007bfd2e4c9f109d4cd0dde29e81b32215b2ff4942c0136d34aaf0a1d1a4bc081db56550d6adc5dfb53b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob" + } + ] + }, + { + "type": "library", + "name": "fs.stat", + "group": "@nodelib", + "version": "2.0.5", + "bom-ref": "@nodelib/fs.stat@2.0.5", + "description": "Get the status of a file with some features", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "46484f3e9db3aea0c0400ff68cd867ced70f025bfae17761229edaef8e78039a2f23b06e93182decc5fbb9dc00bb7ce0d437293d4d2bcf7555d5279aaaf638f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.stat" + } + ] + }, + { + "type": "library", + "name": "fs.walk", + "group": "@nodelib", + "version": "1.2.8", + "bom-ref": "@nodelib/fs.walk@1.2.8", + "description": "A library for efficiently walking a directory recursively", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0607e53196059c810920c28f067041b07a6a1316ddc520ef5a6da6c199a1b05c8a01299f864f2d293f5f396de1a0ecb96287f3521d25765c0b35967ce7a1c4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.walk" + } + ] + }, + { + "type": "library", + "name": "is-glob", + "version": "4.0.3", + "bom-ref": "is-glob@4.0.3", + "author": "Jon Schlinkert", + "description": "Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/is-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/is-glob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/is-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e9526b21c7dfa66013b6568658bba56df884d6cd97c3a3bf92959a4243e2105d0f7b61f137e4f6f61ab0b33e99758e6611648197f184b4a7af046be1e9524a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-glob" + } + ] + }, + { + "type": "library", + "name": "merge2", + "version": "1.4.1", + "bom-ref": "merge2@1.4.1", + "description": "Merge multiple streams into one stream in sequence or parallel.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/teambition/merge2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/teambition/merge2", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/teambition/merge2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2aed51203095b827cb5c7d53f2f20d3d35c43065d6f0144aa17bf5999282338e7ff74c60f0b4e098b571b10373bcb4fce97330820e0bfe3f63f9cb4d1924e3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge2" + } + ] + }, + { + "type": "library", + "name": "micromatch", + "version": "4.0.5", + "bom-ref": "micromatch@4.0.5", + "author": "Jon Schlinkert", + "description": "Glob matching for javascript/node.js. A replacement and faster alternative to minimatch and multimatch.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@4.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/micromatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/micromatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0cccbe1117045b6abc6763e8f96357bb0ddce586944858c03b91ac26a7c497b523bed22e14a3ba66b2af708b5dcbdf1dc05236375b60df334874a6904fe68d74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/micromatch" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "6.0.2", + "bom-ref": "glob-parent@6.0.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f1c08f043a1550816a7a8832feddbd2bf3a7f877a017eb3494e791df078c9d084b972d773915c61e3aefa79c67ed4b84c48eeff5d6bb782893d33206df9afe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "jiti", + "version": "1.21.0", + "bom-ref": "jiti@1.21.0", + "description": "Runtime typescript and ESM support for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jiti@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/unjs/jiti.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/unjs/jiti#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/unjs/jiti/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "805a8021bb8acb2b28ff71b6aa188ed8e33ab2163a10f3ff474fa69036f2b29c4a6b387c0570c2e45885b148e573381d373fef7eb6b475adb2f9a1ebbac2c6fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jiti" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "2.1.0", + "bom-ref": "lilconfig@2.1.0", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad58eb7f187cee5319cb2b107a764f3546839ea0d78781bad78ae1a4e32c85e6a951cfe888556bb9e84d9fa861c5ad7cf440d5212c1ffc9caaaf447eba24a19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "braces", + "version": "3.0.2", + "bom-ref": "braces@3.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/braces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/braces", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fcba6f8bd51cccdd60d2cef866ea0233d727d36c1b7a61395c10a02fb26a82659170e3acfadba9558fd8f5c843d6df71f91fe94142964c3f593c97eefc1dad0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/braces" + } + ] + }, + { + "type": "library", + "name": "picomatch", + "version": "2.3.1", + "bom-ref": "picomatch@2.3.1", + "author": "Jon Schlinkert", + "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/picomatch@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/picomatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/picomatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/picomatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "254ded7874cd8e6136542185cee63c117cc20d5c04a81d9af1fb08bf0692b4784058911e55dd68d500fcd0253af997445d748b6d2b2e2f0263902056a9141454" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picomatch" + } + ] + }, + { + "type": "library", + "name": "normalize-path", + "version": "3.0.0", + "bom-ref": "normalize-path@3.0.0", + "author": "Jon Schlinkert", + "description": "Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/normalize-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9e66ce4bb375ad0a2b075a9f52d86532f1daa4a468b80554b3dc66aa884e9ecee6f4e75d844b3b57530501e82e8829b4246363e76ff983e166288c24707302c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-path" + } + ] + }, + { + "type": "library", + "name": "object-hash", + "version": "3.0.0", + "bom-ref": "object-hash@3.0.0", + "author": "Scott Puleo", + "description": "Generate hashes from javascript objects in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/puleos/object-hash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/puleos/object-hash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/puleos/object-hash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4529fd17af0f8c7f47aad96db129ea602d575e859ef418eee7edb5dd1f7c70d1adb5a83dabdc80393cdd6ecaaf21aeda366e567df059169598af6696ae495603" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-hash" + } + ] + }, + { + "type": "library", + "name": "picocolors", + "version": "1.0.0", + "bom-ref": "picocolors@1.0.0", + "author": "Alexey Raspopov", + "description": "The tiniest and the fastest library for terminal output formatting with ANSI colors", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/picocolors@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexeyraspopov/picocolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexeyraspopov/picocolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5fca0ae84cb947bbaeb38b6e95a130eff324609b415c71e72cb2da3e321b19d03fc3196dac9bc13c0235bb354e5555346de46c5b799e6a06e26bf87c8b6248d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/picocolors" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "15.1.0", + "bom-ref": "postcss-import@15.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "869afe274e41d855585005c778ad58c88dbaec9fdd0c384c53a07a722be6f21498d636099c15f1cca0ca0ecc33266b4b1ebcab8e19c38eaaa9ff8f6df0500b7b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-value-parser", + "version": "4.2.0", + "bom-ref": "postcss-value-parser@4.2.0", + "author": "Bogdan Chadkin", + "description": "Transforms css values and at-rule params into the tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/postcss-value-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/postcss-value-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4d342b3abaeadf9156de5c6e12f09153f6dd7d9b8e480a789ff3358b779a0f499e74427c0c7caf87de3bf8d3c7788f0ffb06db6fe5ac52e48887a0b69534779" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-value-parser" + } + ] + }, + { + "type": "library", + "name": "postcss", + "version": "8.4.38", + "bom-ref": "postcss@8.4.38", + "author": "Andrey Sitnik", + "description": "Tool for transforming styles with JS plugins", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss@8.4.38", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://postcss.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a0969764d370527d7907a106b76ffa2e96ba2d024c2b94b0d148e6fd0f46cdf3a15d47213d969a52a77dda1cd3e005ad09282a01f9dac52d9910a1145869ee4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss" + } + ] + }, + { + "type": "library", + "name": "read-cache", + "version": "1.0.0", + "bom-ref": "read-cache@1.0.0", + "author": "Bogdan Chadkin", + "description": "Reads and caches the entire contents of a file until it is modified", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/TrySound/read-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TrySound/read-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TrySound/read-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b076ffc5b7b2233a09bf8b4c6f3436752eb4403517dec386f6a6b1773963102f12dfbb76d2f055610acad208c2b8951e7a63dc9af804e1a13a43093c429a944" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-cache" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9d82c018f9f4e7befee423b69ac5bab058d6f4007881d2a04ef3d3d928f9284e618e81d6eb1c3283fb40765f8b937c9fc54f5474f6bf604ec8d48cd268b6ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "resolve", + "version": "1.22.8", + "bom-ref": "resolve@1.22.8", + "author": "James Halliday", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.22.8", + "externalReferences": [ + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a59e3c2c6aa5de8594bbc6575554d31edb90f9a608da25c738cc7f835cce80e741c216ac017e70fb599f98ba9fe45f0f677d8b4b73a4a9c6e98935ebcc88cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve" + } + ] + }, + { + "type": "library", + "name": "postcss-js", + "version": "4.0.1", + "bom-ref": "postcss-js@4.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS for CSS-in-JS and styles in JS objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-js@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7432c5f2910ed7dd6124cb651c53d16bcc6c8b31da33cd8c2df364507754b55115ded813a79a23fbca9b12a60ce7b48b7dcef82926f0fffe1278999ad8b45523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-js" + } + ] + }, + { + "type": "library", + "name": "camelcase-css", + "version": "2.0.1", + "bom-ref": "camelcase-css@2.0.1", + "author": "Steven Vachon", + "description": "Convert a kebab-cased CSS property into a camelCased DOM property.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/stevenvachon/camelcase-css.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stevenvachon/camelcase-css/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40e4af7af86c9628e0630471e91bfbcca74c17c95b466c7eb901b1dbebc373e288fde067b32f648ade5a8f6dc0806bb7a5ae2df408306e75d6a92fa2398fb668" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase-css" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "4.0.2", + "bom-ref": "postcss-load-config@4.0.2", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2561c8918bd34c0c5683d4cc05409db1285b2a91c648efeb8b54978dbb48a9cfac436daba849c14a23ae8333d9507e43579d9a2e087eb00fa5a9a2e5556031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "10.9.2", + "bom-ref": "ts-node@10.9.2", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@10.9.2", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://typestrong.org/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f4145a4875c1e09fccdc3d26dfd5d45ebf0b74e3b60c9da889337bb6c3645ec2b07e7e86ffcde3d972b3b24282cc30eeda04875d2dc40810ae5d62390b9c6ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "2.4.3", + "bom-ref": "yaml@2.4.3", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b27b609b18fca3b0c4ee0fd08bad1caa92c10371c6dd24dc0c0d243be59f074e6310a85931b63bba6366dab06942fb26675ebf94f5c22465b6ebbd9d80e524ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.1", + "bom-ref": "postcss-nested@6.0.1", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "984a78c4f322e5b49688c6ec8283df70fef896c58b1e441b65cdec63e8d661deb9094c17ad4693a747e63696b4d597044ca94881474537f3294b6c59b6a2fd75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03445526b5fe21491565b5b70a5ae8456bab7ab70586279ebc7077f2caf6fa5f5e50294caa899edcb9849a7865372fb932bd8460de81d8a6b0f7061d77e5478b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-selector-parser" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd36ff25c8cad75d67352706a1be4c36db27b4d3356823540e2a41fd39306458720ebac4e3b48ec7fd7cc05d9b6e381cdd9cc248a5b54f99ede446c5a00cff56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cssesc" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f0f9ab5b97c85c49a42acb9c27359c79eade039ae83641a1c008888d93692080ed5089d5424331a802cc891736c5187c3d5d68afff2d3110f318886eb1ed73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/util-deprecate" + } + ] + }, + { + "type": "library", + "name": "nanoid", + "version": "3.3.7", + "bom-ref": "nanoid@3.3.7", + "author": "Andrey Sitnik", + "description": "A tiny (116 bytes), secure URL-friendly unique string ID generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanoid@3.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/ai/nanoid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ai/nanoid#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ai/nanoid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "792469a6370f21ab5120c0b553a52780ff1715ccfc31058641db75313050ecd6809af5c37ef3716ef595df1db2e8274451c8824ac0c70d065b858681f10128da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nanoid" + } + ] + }, + { + "type": "library", + "name": "source-map-js", + "version": "1.2.0", + "bom-ref": "source-map-js@1.2.0", + "author": "Valentin 7rulnik Semirulnik", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map-js@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/7rulnik/source-map-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/7rulnik/source-map-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad256f25bd20344d71298624686b0b0292c9e57fc4b2be617322196da801e5b9777cf2990277e7172551d30f0742af4233c29b529b4df9207424b54bb541432" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-js" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "847ac88ef66c7ed3acbca4a7d9345897adf3bf1b201342bed2660ca07ea00f8a264792160762b29e2bc141cce8dfec05d5c0a48f3be9b6723d434b0f53aea297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-core-module" + } + ] + }, + { + "type": "library", + "name": "path-parse", + "version": "1.0.7", + "bom-ref": "path-parse@1.0.7", + "author": "Javier Blanco", + "description": "Node.js path.parse() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jbgutierrez/path-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c32733d510410f47ecb8f33f7703411dd325dbf29001c865a8fe4e5861d620a58dbfd84b0eb24b09aeaee5387c6bcab54e9f57a31baa00a7c6a1bce2100fcb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-parse" + } + ] + }, + { + "type": "library", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "bom-ref": "supports-preserve-symlinks-flag@1.0.0", + "author": "Jordan Harband", + "description": "Determine if the current node version supports the `--preserve-symlinks` flag.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/node-supports-preserve-symlinks-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/node-supports-preserve-symlinks-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2dd169d74bd7e076480871e3dee911cd935580f3e9ae3dae9c4a3791dd5f0adbbabd041d6b4c4dd1d69ec7bf4cf567201cf2ce95beff0323259febcd4c02dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-preserve-symlinks-flag" + } + ] + }, + { + "type": "library", + "name": "sucrase", + "version": "3.35.0", + "bom-ref": "sucrase@3.35.0", + "author": "Alan Pierce", + "description": "Super-fast alternative to Babel for when you can target modern JS runtimes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sucrase@3.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/alangpierce/sucrase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alangpierce/sucrase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alangpierce/sucrase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f046d50e2bbd88dfe7112c31792c4329ed1dba7b5ad463a51ee7e64925f1303db3dbfb4c6690cca6f5d01ac73e6a31a8f32dae6149a2c5a49151cfd03e843418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase" + } + ] + }, + { + "type": "library", + "name": "gen-mapping", + "group": "@jridgewell", + "version": "0.3.5", + "bom-ref": "@jridgewell/gen-mapping@0.3.5", + "author": "Justin Ridgewell", + "description": "Generate source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/gen-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/gen-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2332fc66810320145613394271184e682ba963237981d20af90e9f6c574f0e0e87a97ea3a6422d9fb0c52295bd2d0cd71ba0dff6c03bf8e2a7ab4aa5cff19a42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/gen-mapping" + } + ] + }, + { + "type": "library", + "name": "set-array", + "group": "@jridgewell", + "version": "1.2.1", + "bom-ref": "@jridgewell/set-array@1.2.1", + "author": "Justin Ridgewell", + "description": "Like a Set, but provides the index of the `key` in the backing array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/set-array@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/set-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/set-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/set-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47c80b45365eca9d37ca6ccfffa2e297fdbcb46786133871d6ada4ef4dca19644023555dbcf217746ef4549736a40330dcd03a24a2f986116ed6c257d0c9e7fc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/set-array" + } + ] + }, + { + "type": "library", + "name": "sourcemap-codec", + "group": "@jridgewell", + "version": "1.4.15", + "bom-ref": "@jridgewell/sourcemap-codec@1.4.15", + "author": "Rich Harris", + "description": "Encode/decode sourcemap mappings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.4.15", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/sourcemap-codec.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/sourcemap-codec/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "785dabc4246e9442971d34620eb0f2e9eacc616a8dc382cf750f14400e21baec5a42c55e44f165da833ca031b130584951665ff4c7292ed25ab030d96ff0697a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/sourcemap-codec" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.25", + "bom-ref": "@jridgewell/trace-mapping@0.3.25", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.25", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bcd93a684c326c6b5ac169b2fcfcf09c60ce8c290b5920f6c2abe3186020380c02196c926177d8a31b74d082644c5fbc2dbe7b0f039bdc06b4a3d080a5ea6261" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cc28352722d7ba6df6f99d6bfb57f71a235ebd38782fc236fb5785a4794bdb410763af9ad62aa1c588a59bfdf70ec01f82cc14fea9b5a3be3f8357046c92922" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cross-spawn" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "377c824bf35e82c381a2473c18074cf147267ec2a2492f1c8a985e0ff9e2bf3afbd341fe9ec30ec498d09efc0e711615b8591d1f4c0652f5b659b5c69ab6466d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jackspeak" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc8dc8da6d76a578e1bd0d0d3e0115d66414df9cfe16340ab3ba224aee5978e009b118abff2763384cf8f18d8df39c109fbc15c5cee726d6dc1dc85c9b16a10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width-cjs" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3128d8cdc58d380d1ec001e9cf4331a5816fc20eb28f2d4d1b7c6d7a8ab3eb8e150a8fd13e09ebd7f186b7e89cde2253cd0f04bb74dd335e126b09d5526184e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf29a6e7ebbeb02b125b20fda8d69e8d5dc316f84229c94a762cd868952e1c0f3744b8dbee74ae1a775d0871afd2193e298ec130096c59e2b851e83a115e9742" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23cf1361959cf578981d1438ff7739ae38df8248e12f25b696e18885e18445b350e8e63bc93c9b6a74a90d765af32ed550ff589837186be7b2ab871aee22ea58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eastasianwidth" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "637f153d21dcaa416b0a916743dbee4979aabaebf9a1738aa46793e9a1abaf7a3719cf409556ba2417d448e0a76f1186645fbfd28a08ecaacfb944b3b54754e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aae2505e54d25062f62c7f52517a3c570b18e2ca1a9e1828e8b3529bce04d4b05c13cb373b4c29762473c91f73fd9649325316bf7eea38e6fda5d26531410a15" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi-cjs" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdb07dac22404f5adb8e25436f686a2851cd60bc60b64f0d511c59dc86700f717a36dc5b5d94029e74a2d4b931f880e885d3e5169db6db05402c885e64941212" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c0ac90450a63274b08a7ad84ad265d1ac8cc256b1aa79a1136284786ee86ec954effd8c807a5327af2feb57b8eaab9e0f23fdcc4a4d6c96530bd24eb8a2673fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb55648dd0f44012cfa1d1ab2547aa6ab1fc54022f40e0c86f087d5e93f94b28ac7fb628420b0928f345a2aa8b425bbe550fed552b21311ea5a0f327f14f9d3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@pkgjs/parseargs" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2aa5a1f957217f170c3510098e3dad9ec48974d6c7b1582790185336b5bb023568e8ebcbb71c3ccdf4fda0bc35252a21945cc9f230a84e06a85ef27e907b7a7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.10.2", + "bom-ref": "path-scurry@1.10.2", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef14dabcdcb94505e7b2300dbd5bcc9048ef9683a29e4023bff67a225773f6fd918a767848129358539545b685f29d2fa479f28d5fd4c0d0dd2ae52fe8ce6a70" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry" + } + ] + }, + { + "type": "library", + "name": "lines-and-columns", + "version": "1.2.4", + "bom-ref": "lines-and-columns@1.2.4", + "author": "Brian Donovan", + "description": "Maps lines and columns to character offsets and back.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/eventualbuddha/lines-and-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eventualbuddha/lines-and-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef297295eb1943f3d5dbd8e110397751f8e8e995fb802a89af917b3caaea73ddefedfcd2ca6b75069c0453c9c0517b3cab3cefaa16e384ae50660e8cb7f1e406" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lines-and-columns" + } + ] + }, + { + "type": "library", + "name": "mz", + "version": "2.7.0", + "bom-ref": "mz@2.7.0", + "author": "Jonathan Ong", + "description": "modernize node.js to current ECMAScript standards", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mz@2.7.0", + "externalReferences": [ + { + "url": "git+https://github.com/normalize/mz.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/normalize/mz#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/normalize/mz/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfcd4634eee79d830486b1a1f4b7b29a8138f98af45a7e4c70721930ae5c7d00a5f8d0d7d3cb0266051cf7fe8c1e78bd216b852e6d59dc74c25eedb3f5f37ad9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mz" + } + ] + }, + { + "type": "library", + "name": "any-promise", + "version": "1.3.0", + "bom-ref": "any-promise@1.3.0", + "author": "Kevin Beaty", + "description": "Resolve any installed ES6 compatible promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevinbeaty/any-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed4be629a95646dd708232f546b1b1a12256ff44191487a0a5e1af646f648e9f2fad1bb9e574c76f09eaab61a95e6f6e2db72e8719b722a5fd381e0c651d5bd8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/any-promise" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.1.1", + "bom-ref": "object-assign@4.1.1", + "author": "Sindre Sorhus", + "description": "ES2015 `Object.assign()` ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac98134279149c7d6c170f324fa552537cc3dec5a6bbab19848b1e63c557f8646edcfe85ec5bbe24d0e85df9251256cb2529dcdc55101d57b8714e618fe05c52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "thenify-all", + "version": "1.6.0", + "bom-ref": "thenify-all@1.6.0", + "author": "Jonathan Ong", + "description": "Promisifies all the selected functions in an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify-all.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify-all#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify-all/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44dc501ffa88f3fb77b615c90f072cb543b8cdeaa8eb8f94cbffac355441c785e7d8e5fe399f683fe8899cd16aa6516b6b665455e28249ada85568b74f8b9598" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify-all" + } + ] + }, + { + "type": "library", + "name": "thenify", + "version": "3.3.1", + "bom-ref": "thenify@3.3.1", + "author": "Jonathan Ong", + "description": "Promisify a callback-based function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/thenables/thenify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thenables/thenify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thenables/thenify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "455652215e481b5d079377a7a2dae1bf3d13f5e9ba7321c12e41ff60066e2aa77c85190a8527c218870fd8a518d043f19ddcc034198d965cd63f06a4f9b85e4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/thenify" + } + ] + }, + { + "type": "library", + "name": "pirates", + "version": "4.0.6", + "bom-ref": "pirates@4.0.6", + "author": "Ari Porad", + "description": "Properly hijack require, i.e., properly define require hooks and customizations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pirates@4.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/danez/pirates.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/danez/pirates#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/danez/pirates/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1a2ec1fb59e6183e20f6e4b0ee2d1458fe2fba1da3d8afa1b539494ddfda2dce4493c4a9ee6d1f514f14b7fca939d2cd60d894e01705900d0ca9942e7f48766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pirates" + } + ] + }, + { + "type": "library", + "name": "ts-interface-checker", + "version": "0.1.13", + "bom-ref": "ts-interface-checker@0.1.13", + "author": "Dmitry S, Grist Labs", + "description": "Runtime library to validate data against TypeScript interfaces", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/gristlabs/ts-interface-checker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gristlabs/ts-interface-checker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63f6abbdb9feaebcf72422a5f42e2454d7d37d29b6fe6129e454b3e44b194803463d2950ae9448e4ce0f285fa6267139da338ef743e73d273752bddb4d0c3480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-interface-checker" + } + ] + }, + { + "type": "library", + "name": "tw-elements", + "version": "1.1.0", + "bom-ref": "tw-elements@1.1.0", + "author": "MDBootstrap", + "licenses": [ + { + "license": { + "name": "AGPL" + } + } + ], + "purl": "pkg:npm/tw-elements@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/Tailwind-Elements.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwind-elements.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/Tailwind-Elements/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tw-elements/-/tw-elements-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "214afd616da5f7da13559c6e563420eaba6e0a9a3a559a9b68a19899950d555b2849553f9633e9909018d8f9ff9a8ae55f028f84ff4c4cf3503255a8b2a1cbe3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@popperjs", + "version": "2.11.8", + "bom-ref": "@popperjs/core@2.11.8", + "author": "Federico Zivolo", + "description": "Tooltip and Popover Positioning Engine", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40popperjs/core@2.11.8", + "externalReferences": [ + { + "url": "git+https://github.com/popperjs/popper-core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/popperjs/popper-core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/popperjs/popper-core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f5b2dd1a92c0ab9fdb06661a7c18c63006742c6ef016b19017e38a1734dbcb1c6a8039ca15c668d98a886cb7043b4aa2a76d1e3b6a474d8beba57960fcfa0e8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@popperjs/core" + } + ] + }, + { + "type": "library", + "name": "chart.js", + "version": "3.9.1", + "bom-ref": "chart.js@3.9.1", + "description": "Simple HTML5 charts using the canvas element.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chart.js@3.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/Chart.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.chartjs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/Chart.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chart.js/-/chart.js-3.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "468d896cb9af83cde05c5e45e2c9e2690fa54db4afd7c13e4c87f670e7a21f522a7763c614eb5e9be0d4b9f319b02270144ef2c0f3a97d7141c114c6abb761eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chart.js" + } + ] + }, + { + "type": "library", + "name": "chartjs-plugin-datalabels", + "version": "2.2.0", + "bom-ref": "chartjs-plugin-datalabels@2.2.0", + "description": "Chart.js plugin to display labels on data elements", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chartjs-plugin-datalabels@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chartjs/chartjs-plugin-datalabels.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://chartjs-plugin-datalabels.netlify.app", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chartjs/chartjs-plugin-datalabels/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chartjs-plugin-datalabels/-/chartjs-plugin-datalabels-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d78654df4947ee7f3da2af80e1b59a24f9c01bc6bb65393b74a7f8f1803332f26342d8eb820e43a64f5ff8b6e3085e9ba71dd10064de2f5dc85e929063246f97" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chartjs-plugin-datalabels" + } + ] + }, + { + "type": "library", + "name": "deepmerge", + "version": "4.3.1", + "bom-ref": "deepmerge@4.3.1", + "description": "A library for deep (recursive) merging of Javascript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/TehShrike/deepmerge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TehShrike/deepmerge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dec52a6cc11cefb5eaa5d34eec547246883e796de987e19809b8feacafae63244cbb0b15cb4acc895b4f9fe40994a16f58fff53d8a5aa6a627d0c7b6927167f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deepmerge" + } + ] + }, + { + "type": "library", + "name": "detect-autofill", + "version": "1.1.4", + "bom-ref": "detect-autofill@1.1.4", + "author": "Matteo Badini", + "description": "Small javascript library to detect and even prevent browsers autofill of form elements. Usefull for implementing floating labels or applying custom logics/styles.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-autofill@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/matteobad/detect-autofill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/matteobad/detect-autofill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-autofill/-/detect-autofill-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bad081430091fdb7929c00d09810bb0b8b53b9e0419180a5e964a97c652460a3bff8cccfc6a6068fa1b832f1f370a987d600932be56e9d7daf69a82f9115cfbc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-autofill" + } + ] + }, + { + "type": "library", + "name": "custom-event-polyfill", + "version": "1.0.7", + "bom-ref": "custom-event-polyfill@1.0.7", + "author": "Evan Krambuhl", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/custom-event-polyfill@1.0.7", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumarharsh/custom-event-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumarharsh/custom-event-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c30e47790e4699c5914cf29fb5237c8096f337ad2af5c1bace9621b8c898b08a731937ccff8862fb05394392b25c6139a05126f8cb054273765a52d3ad0bbeb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/custom-event-polyfill" + } + ] + }, + { + "type": "library", + "name": "perfect-scrollbar", + "version": "1.5.5", + "bom-ref": "perfect-scrollbar@1.5.5", + "author": "Hyunje Jun", + "description": "Minimalistic but perfect custom scrollbar plugin", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/perfect-scrollbar@1.5.5", + "externalReferences": [ + { + "url": "git+https://github.com/mdbootstrap/perfect-scrollbar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://perfectscrollbar.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mdbootstrap/perfect-scrollbar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7736a57eeb723f77bf14ea5d96156bc8de002795c355ab955b1c9b4a42d999a905136b12df2de97382674a9af0f2d1a61ef91a1b911daf94fb2c14d9f96594da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/perfect-scrollbar" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "quick-lru", + "version": "5.1.1", + "bom-ref": "quick-lru@5.1.1", + "author": "Sindre Sorhus", + "description": "Simple “Least Recently Used” (LRU) cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quick-lru@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/quick-lru.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/quick-lru/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5aec802d18d63c31adb7fc3326269d3b901763ef2167cd215697ba3328af82b691116ef9d57dd26e146f1b778b28e60dfbc544bea2dc7f7c1d9ede386784b848" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/quick-lru" + } + ] + }, + { + "type": "library", + "name": "validator", + "version": "13.12.0", + "bom-ref": "validator@13.12.0", + "author": "Chris O'Hara", + "description": "String validation and sanitization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@13.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/validatorjs/validator.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/validatorjs/validator.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/validatorjs/validator.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "73543498288f960753555548248ac1bb136271813eb7fee829e23d3162e3ddf87fbaad8fc61ff779e59b559e0e7065b54d47f9dc0b749e31f0e5231d037b6632" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validator" + } + ] + }, + { + "type": "library", + "name": "winston", + "version": "3.13.0", + "bom-ref": "winston@3.13.0", + "author": "Charlie Robbins", + "description": "A logger for just about everything.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/winston.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af089d980d70dd21388f413932e22e7c587224f0431bb36eef5464668af5a76faa1ef25267d1980c0f3503295e41c65b87ff95e878de05d7e74d9266f6b49e41" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston" + } + ] + }, + { + "type": "library", + "name": "xml-formatter", + "version": "3.6.2", + "bom-ref": "xml-formatter@3.6.2", + "author": "Chris Bottin", + "description": "Converts a XML string into a human readable format (pretty print) while respecting the xml:space attribute", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-formatter@3.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-formatter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-formatter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-formatter/-/xml-formatter-3.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a75a17af64d3b07df645521ce5d5631c85af2514b654809ecdcc5b39520e193850a8361786617cf527d233fdef9c4e7f6b0a4b93d46c1369ccfe6259851ce1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-formatter" + } + ] + }, + { + "type": "library", + "name": "xml-parser-xo", + "version": "4.1.1", + "bom-ref": "xml-parser-xo@4.1.1", + "author": "Chris Bottin", + "description": "Parse a XML string into a proprietary syntax tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml-parser-xo@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chrisbottin/xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chrisbottin/xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a07f6cbdd3e63a7bd20ae61a0fb9e99b547274dcf84349d8657449a0cdb8a1ceef64d17068d2c7dc1716928b85b53e5512488d6893e309d09097527f94e0897" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml-parser-xo" + } + ] + }, + { + "type": "library", + "name": "xml2js", + "version": "0.6.2", + "bom-ref": "xml2js@0.6.2", + "author": "Marek Kubica", + "description": "Simple XML to JavaScript object converter.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xml2js@0.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/Leonidas-from-XIV/node-xml2js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Leonidas-from-XIV/node-xml2js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f8ae2787682d445dc112d0ac718f825681a5101c393eab01dc60e0851df8b02b3eed3953cbabb1e3abd74cd5608c87296a3047cfee131c3880a1be8b6265e80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xml2js" + } + ] + }, + { + "type": "library", + "name": "heimdall-lite", + "group": "@mitre", + "version": "2.10.9", + "bom-ref": "@mitre/heimdall-lite@2.10.9", + "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/heimdall-lite@2.10.9", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/heimdall2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/heimdall2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/heimdall2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/heimdall-lite/-/heimdall-lite-2.10.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2461c6dd654cc64d0fe72259a9ce9c523f6cc15b5f4dab68a0b6408109cca569420a5f72a47f4d15c350a49f04c5300a91b4c4aa9d260f00155d13e8d4cec663" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/heimdall-lite" + } + ] + }, + { + "type": "library", + "name": "express", + "version": "4.19.2", + "bom-ref": "express@4.19.2", + "author": "TJ Holowaychuk", + "description": "Fast, unopinionated, minimalist web framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.19.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/express.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://expressjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e53ea7863b13f8438ccee724f098c11c04531df321b743cece503ad16576a4c0f78325f0d8b66767eb9e19d3711bed1c6a538971629ba4572eccb67dd585aaf5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express" + } + ] + }, + { + "type": "library", + "name": "inspec-objects", + "group": "@mitre", + "version": "1.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1", + "author": "The MITRE Security Automation Framework", + "description": "Typescript objects for normalizing between InSpec profiles and XCCDF benchmarks", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/inspec-objects@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/ts-inspec-objects.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/ts-inspec-objects/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@mitre/inspec-objects/-/inspec-objects-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a7136eb75cf5d4548971c289f5e7466f82a8cf013f3f797022b0b49b04307009b52f45647794525979c232788ae0db3f437334472066b39cea8733e4fcd8038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects" + } + ] + }, + { + "type": "library", + "name": "flat", + "group": "@types", + "version": "5.0.5", + "bom-ref": "@types/flat@5.0.5", + "description": "TypeScript definitions for flat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/flat@5.0.5#types/flat", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/flat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/flat/-/flat-5.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cf2e58d940a4a769ce77283503ceecdd45f188d130dbe6a3eb6fe4ab43237732d750ace9c6b0a9e21cdd62619b0910121542f7bde18ea0373db6b2021266af9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "group": "@types", + "version": "1.2.3", + "bom-ref": "@types/he@1.2.3", + "description": "TypeScript definitions for he", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/he@1.2.3#types/he", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/he", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/he/-/he-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abaeffab09716e50f3103bf31e1564c1cd60cd55b168dc5ec87501178c4496bbe32f5d4ef98b737bed5f1a904796bfc7f66ca20546945cd9cd3e6047c717c070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/he" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "group": "@types", + "version": "0.7.0", + "bom-ref": "@types/json-diff@0.7.0", + "description": "TypeScript definitions for json-diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-diff@0.7.0#types/json-diff", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-diff/-/json-diff-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "db4209aaea461f2c2d21a13a7d2df48b2821ddd56a55dce6b27ad89ff545b916902b12f1fd1187e4af618427dcb55c6037b2b32659c3ee060500eacdc220a0b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-diff" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/jstoxml@2.0.4", + "description": "TypeScript definitions for jstoxml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jstoxml@2.0.4#types/jstoxml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jstoxml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jstoxml/-/jstoxml-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c750ca76b7c09f254b0ab7caa396ca595a59157af785836785fe4455f022a2350f8577798991f7b12035ed6449c6ff868965109534d9f8eb335d75254850dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jstoxml" + } + ] + }, + { + "type": "library", + "name": "lodash", + "group": "@types", + "version": "4.17.4", + "bom-ref": "@types/lodash@4.17.4", + "description": "TypeScript definitions for lodash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/lodash@4.17.4#types/lodash", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/lodash", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1808fdba64bc5a4f7477f6488ddbe1dc278913777535c1a23f718ee2bd662a14fea95b764da6f8ba59de8f1d9c7b4ffb7ccf4be5917320dd060b6bb0d9fc825" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/lodash" + } + ] + }, + { + "type": "library", + "name": "pretty", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/pretty@2.0.3", + "description": "TypeScript definitions for pretty", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/pretty@2.0.3#types/pretty", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/pretty", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/pretty/-/pretty-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c51f7aa5284d96bc4b777819ab30a76da0266d88624588d6e750831637a4b597a6aa9059040024330c66e2006b6893ffc5280a72c4212d77655cec03356a3855" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/pretty" + } + ] + }, + { + "type": "library", + "name": "flat", + "version": "5.0.2", + "bom-ref": "flat@5.0.2", + "author": "Hugh Kennedy", + "description": "Take a nested Javascript object and flatten it, or unflatten an object with delimited keys", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/flat@5.0.2", + "externalReferences": [ + { + "url": "git://github.com/hughsk/flat.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hughsk/flat", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hughsk/flat/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fab2e103fb9ff7ad3a5405d1b582ea4897c30f14200c034417c269632e1bc250a714bdd138816932f73a6e1827171ceb33e09f703c6356aba38aa66233cf785" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat" + } + ] + }, + { + "type": "library", + "name": "he", + "version": "1.2.0", + "bom-ref": "he@1.2.0", + "author": "Mathias Bynens", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/he@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/he.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/he", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17fd439d418fa29391662d278be0afac28074391721001d12d2029b9858c9ab6d2c28376327ffb93e1a5dfc8099d1ef2c83664e962d7c221a877524e58d0ca1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/he" + } + ] + }, + { + "type": "library", + "name": "domelementtype", + "version": "2.3.0", + "bom-ref": "domelementtype@2.3.0", + "author": "Felix Boehm", + "description": "all the types of nodes in htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38b113063eb0d0eb1a801c1d5e73dd37472731f17da2937af5ca3eed9adb7cf1ab7693d5341523d36b298ba07537bc0284b4223e7e02487ff326f5f0e7a8261f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domelementtype" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "4.1.2", + "bom-ref": "chalk@4.1.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a0a9db845c91217a54b9ecfc881326c846b89db8f820e432ba173fc32f6463bfd654f73020ef5503aebc3eef1190eefed06efa48b44e7b2c3d0a9434eb58b898" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "3.0.0", + "bom-ref": "slash@3.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83d43585a79bcb7e8e492b706f89ed08618668ab1a5528d0ebc7c1c6841cbad9797d2d6fb98d7c1f7c12b778c5c85b6b931f8acf45751bce40e0cc80743322d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slash" + } + ] + }, + { + "type": "library", + "name": "v8-coverage", + "group": "@bcoe", + "version": "0.2.3", + "bom-ref": "@bcoe/v8-coverage@0.2.3", + "author": "Charles Samborski", + "description": "Helper functions for V8 coverage files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40bcoe/v8-coverage@0.2.3", + "externalReferences": [ + { + "url": "git://github.com/demurgos/v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://demurgos.github.io/v8-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/demurgos/v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21610f120780dbe73bd90786b174c1c6c046908e467316342237d2d562f2050769d25075bdb58a715ab88fad60c0488c626976b1f3744470bc6e49d9c63d9b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@bcoe/v8-coverage" + } + ] + }, + { + "type": "library", + "name": "collect-v8-coverage", + "version": "1.0.2", + "bom-ref": "collect-v8-coverage@1.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collect-v8-coverage@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/SimenB/collect-v8-coverage.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SimenB/collect-v8-coverage/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "947978779fce3446cb949bda24db6c17f2f3f96bc1d3bbb6c9ca9361b76babb532a435da8a5112e2f6a561bd9e5a2245c599559a919e91faa8c50873c85753e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/collect-v8-coverage" + } + ] + }, + { + "type": "library", + "name": "exit", + "version": "0.1.2", + "bom-ref": "exit@0.1.2", + "author": "\"Cowboy\" Ben Alman", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://github.com/cowboy/node-exit/blob/master/LICENSE-MIT" + } + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cowboy/node-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "664fde34a576cdb8e92b3aec43e9f51baa6855b12b4312742c13895da299d445622f31fe86b2eef5c757238cf0f5d05026c970044a5b4363f5a12ee70f1b3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/exit" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "7.2.3", + "bom-ref": "glob@7.2.3", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.2.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9c5474ccba54d9809a471c28089bcbe94bc21f6245c85548bf04cbb087f6d40b8794cb240358614dd93e2e5609b4e958b7dbfa76fb330f604646a04bfa240af5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45b279fe398570d342703579a3d7939c12c9fc7b33595d0fef76dcf857f89d2feb263f98692e881b288e2f45680585fe9755ab97793ade1fcaac7fa7849d17bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "version": "3.2.2", + "bom-ref": "istanbul-lib-coverage@3.2.2", + "author": "Krishnan Anantheswaran", + "description": "Data library for istanbul coverage objects", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-coverage@3.2.2#packages/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3bc769b05fabd1657ff0c35129f9e6aed09686e2a3c6bab6c3e8e9cc12f95192938b62de5569d63a6591c4595eb0938d99cfb02c01af29064439a9e4a342c54e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/core@7.24.4", + "author": "The Babel Team", + "description": "Babel compiler core.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/core@7.24.4#packages/babel-core", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20core%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3015653173fe924979dfde1104b4b1c64fe22d37951ae5d35777080d76af3e930caa74a7b7a6a92a06a7fd4f0edd44966425994ff4db81f12929ae2e3203780e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/parser@7.24.4", + "author": "The Babel Team", + "description": "A JavaScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/parser@7.24.4#packages/babel-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A+parser+%28babylon%29%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd3bc405c82199e0666bd4081ae9d67afbc1029e3f42ef4176afb69343ade1f54c0fabf776c0bd58e71148a93bb5147204cff9df228c264a3dc4e6ad1900304a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/parser" + } + ] + }, + { + "type": "library", + "name": "schema", + "group": "@istanbuljs", + "version": "0.1.3", + "bom-ref": "@istanbuljs/schema@0.1.3", + "author": "Corey Farrell", + "description": "Schemas describing various structures used by nyc and istanbuljs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/schema@0.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "657458e2336f56049543c0cbdcb4dc6a4680b57c13554c44f3586c96cc83d80b685d6ff05686f5d0790e2755ffa4095c23b0fed98a192a0e5da3c1bfc3a45880" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/schema" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "version": "3.0.1", + "bom-ref": "istanbul-lib-report@3.0.1", + "author": "Krishnan Anantheswaran", + "description": "Base reporting library for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-report@3.0.1#packages/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1827c4d66b6c1c63842c253c7bf67b616ce99b26ebc7ff9d4937cbaef63ca9199a63acd74ca5a7e964088da005c34ebd89c9ba19530d920bb437323888f65437" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-source-maps", + "version": "4.0.1", + "bom-ref": "istanbul-lib-source-maps@4.0.1", + "author": "Krishnan Anantheswaran", + "description": "Source maps support for istanbul", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-source-maps@4.0.1#packages/istanbul-lib-source-maps", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-source-maps", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f7b3c13091d1482421b704f28162fb248171a8cbcf00473bde8248ad93ad0dc5177096d2ce4da1fb09488c457bf0628ae5d10ef5da212371607e7cafccad657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-source-maps" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "version": "3.1.7", + "bom-ref": "istanbul-reports@3.1.7", + "author": "Krishnan Anantheswaran", + "description": "istanbul reports", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-reports@3.1.7#packages/istanbul-reports", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05ec265172267ae464d986343d56f180a032b2f8513d4404d21e5044cfbe9d55b2b9b28657497ca90e68a7cf81d833a6c127badc98af8f406390f4157fc7cfe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "merge-stream", + "version": "2.0.0", + "bom-ref": "merge-stream@2.0.0", + "author": "Stephen Sugden", + "description": "Create a stream that emits events from multiple other streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-stream@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/grncdr/merge-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/grncdr/merge-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/grncdr/merge-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-stream" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "8.1.1", + "bom-ref": "supports-color@8.1.1", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@8.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3295043763a876d533c6f29097bd9c505ed14391221ec1af4ac546d226bd73945b5862f6088e02ec4a4f4bc513048a659e5cd988db95e7ac3e16e371cb7b72d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "string-length", + "version": "4.0.2", + "bom-ref": "string-length@4.0.2", + "author": "Sindre Sorhus", + "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-length@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa5eab34de5f607361659cb8d515ec629b428c0d88826ab8106ee4640605408d44d554d76abafa64f5c183a7aaed8e9e2b8144858e80265cae1486ffbff4b455" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string-length" + } + ] + }, + { + "type": "library", + "name": "terminal-link", + "version": "2.1.1", + "bom-ref": "terminal-link@2.1.1", + "author": "Sindre Sorhus", + "description": "Create clickable links in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/terminal-link@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/terminal-link.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/terminal-link/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/terminal-link/-/terminal-link-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d059a245440daf93c9ab2f643fb738d05e4139fa469584ebc689c30a111907ba7367144da7f6edfb29a2cbdfe7a705f26bd287f7d9c9fc65c522252460615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/terminal-link" + } + ] + }, + { + "type": "library", + "name": "ansi-escapes", + "version": "4.3.2", + "bom-ref": "ansi-escapes@4.3.2", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for manipulating the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-escapes@4.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ansi-escapes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-escapes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80a5e3e402eb29640bb181bd8e54d1991ff12a5bb11d5f99f501303488027ccd7fbb03cc0aecd55678799b04ddf8eb8165cc1220c6eab2c356466d65139d5069" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-escapes" + } + ] + }, + { + "type": "library", + "name": "supports-hyperlinks", + "version": "2.3.0", + "bom-ref": "supports-hyperlinks@2.3.0", + "author": "James Talmage", + "description": "Detect if your terminal emulator supports hyperlinks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-hyperlinks@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/supports-hyperlinks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/supports-hyperlinks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "469b00665a56703c0e3d0036d9a087e09d2decbf09980bec0b17ce484c26edc42cdcbb21377e9069393077bd039c13970d61acb30d9e52873c09a4564f45ee9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks" + } + ] + }, + { + "type": "library", + "name": "v8-to-istanbul", + "version": "9.2.0", + "bom-ref": "v8-to-istanbul@9.2.0", + "author": "Ben Coe", + "description": "convert from v8 coverage format to istanbul's format", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/v8-to-istanbul@9.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/v8-to-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/v8-to-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fc41ffb03831536786c5a8ca7702c20e6438156abe9298b7b829811a9c35c49b67031123943f23f0f122196a4220c22cddc88d0201f47774d3262524633c998c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-to-istanbul" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-coverage", + "group": "@types", + "version": "2.0.6", + "bom-ref": "@types/istanbul-lib-coverage@2.0.6", + "description": "TypeScript definitions for istanbul-lib-coverage", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6#types/istanbul-lib-coverage", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-coverage", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-coverage", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9017fb7f6ae5a6d25b32f17b4a54f1b5f6fdec48e42525efd81d981f8dbfca0411ce19257e276abf4baef5adcabdb9306b2c05e6669a8989a41b313fb3354d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-coverage" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-istanbul", + "version": "6.1.1", + "bom-ref": "babel-plugin-istanbul@6.1.1", + "author": "Thai Pangsakulyanont @dtinth", + "description": "A babel plugin that adds istanbul instrumentation to ES6 code", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/babel-plugin-istanbul@6.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635210a24f7cdb5702f689c2c79a2d8057d19bb2e6f88fb0c313b1ef7f0cfd62cf67d438da6e081b95b414d5fc58b2f6818319a37264b97207d833a958cfaac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul" + } + ] + }, + { + "type": "library", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "bom-ref": "fast-json-stable-stringify@2.1.0", + "author": "James Halliday", + "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-json-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "4.0.2", + "bom-ref": "write-file-atomic@4.0.2", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@4.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecac5ab947419927569e6a5a18583ea69363285f2e34baf2f0bcb38dab900ce54e35f14b34aacabd03b167f56e4c8712fe081efd835a85fe512084164d26ab96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/write-file-atomic" + } + ] + }, + { + "type": "library", + "name": "execa", + "version": "5.1.1", + "bom-ref": "execa@5.1.1", + "author": "Sindre Sorhus", + "description": "Process execution for humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/execa@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/execa.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/execa#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/execa/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e4a9659a1c01944100f20420d263dcba3d1f21a2b6595ccdcdbb121e586288e3305327f321cc0cc6941c4d89a9fab4e43ff0b9cc08e091944725edd6f721ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/execa" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "3.1.0", + "bom-ref": "p-limit@3.1.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d839a9ccdf01b0346b193767154d83c0af0e39e319d78f9aa6585d5b12801ce3e714fe897b19587ba1d7af8e9d4534776e1dcdca64c70576ec54e5773ab8945" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "co", + "version": "4.6.0", + "bom-ref": "co@4.6.0", + "description": "generator async control flow goodness", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/co@4.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/tj/co.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/co#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/co/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4156f474ce47bc6fae6b18ad9bcc0e365ee396dc7c76a85f537dc372ab4e65c2d25482920c32c38bbfb42db00a8b223c843f6ee369b66315d290c1964e169e71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/co" + } + ] + }, + { + "type": "library", + "name": "is-generator-fn", + "version": "2.1.0", + "bom-ref": "is-generator-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if something is a generator function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-generator-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-generator-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-generator-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-generator-fn" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "version": "2.0.6", + "bom-ref": "stack-utils@2.0.6", + "author": "James Talmage", + "description": "Captures and cleans stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-utils@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/stack-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/stack-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/stack-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5916bdf226e919ac5ad349c7ebaab4a2d2f1ea856f1520d19ccb5ea63471a132f65ee1aee5fc2298839e3b0b6afa0182a08247bd53a963bc31a5d885e27745" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "5.2.0", + "bom-ref": "parse-json@5.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b208abe6fe98421b13a461148233cda20f072df3f1289d2120092c56c43eef7ba8c7820b059787d955004f44d810a0a8ae57fa1d845ac6cd05d9c1b89f0bc46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "strip-json-comments", + "version": "3.1.1", + "bom-ref": "strip-json-comments@3.1.1", + "author": "Sindre Sorhus", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9f3dcf91e22870a8fe8dfda22fd9fd60307f25395b56407a2a0b8c8aea8483555a1cba602c7c2aa39179ea89832198cc12fe61072e9ed57a196ddea97a9448a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-json-comments" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "group": "@types", + "version": "4.1.9", + "bom-ref": "@types/graceful-fs@4.1.9", + "description": "TypeScript definitions for graceful-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/graceful-fs@4.1.9#types/graceful-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/graceful-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/graceful-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a253f7b1dd6a3847b97574d2685bd01bed3655d45771dcad58b019b00ab53de714f2ea9002192b9db962ec36a08ed5ca5bf065ed825b52c6bc30f72e73c2c711" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "anymatch", + "version": "3.1.3", + "bom-ref": "anymatch@3.1.3", + "author": "Elan Shanker", + "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/anymatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/anymatch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/anymatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28c45e154af4078b7e0fe381923477298aafa1ca765da4b33b9e54701ea681031ddca6dc13e9964f2bd557b0ffcec7446cd9d5e9a71952eb64887417bd3af547" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/anymatch" + } + ] + }, + { + "type": "library", + "name": "fb-watchman", + "version": "2.0.2", + "bom-ref": "fb-watchman@2.0.2", + "author": "Wez Furlong", + "description": "Bindings for the Watchman file watching service", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/fb-watchman@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79d7ad41a9bb826929c1f2321bcd01ce96982c3e62b9ac95437c328ef75031b39342d6ebb71d1426eb0b7d71df7ff86b504083b9dc97465d7a320e94c0b2060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fb-watchman" + } + ] + }, + { + "type": "library", + "name": "fsevents", + "version": "2.3.3", + "bom-ref": "fsevents@2.3.3", + "description": "Native Access to MacOS FSEvents", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/fsevents/fsevents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fsevents/fsevents", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fsevents/fsevents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e71a037d7f9f2fb7da0139da82658fa5b16dc21fd1efb5a630caaa1c64bae42defbc1d181eb805f81d58999df8e35b4c8f99fade4d36d765cda09c339617df43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fsevents" + } + ] + }, + { + "type": "library", + "name": "walker", + "version": "1.0.8", + "bom-ref": "walker@1.0.8", + "author": "Naitik Shah", + "description": "A simple directory tree walker.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/walker@1.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-walker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-walker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6cffc13c9796fb918d2f9562dec0e9035cc98f74b7155781a63902f2c6e4acc0826cc1e78566d02c305ee4d4db33cfe4d8050ae56119b33a7af7f7ccb525e99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/walker" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/code-frame@7.24.2", + "author": "The Babel Team", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.24.2#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-code-frame", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb9fad2d0c95f298377ec8a59faec154b0f53f5dc4838961e515bd985d3352ebcbaeff6e210e0c08bf82453f854ec0650637086a7e8f1ac2dc04dd26dc2954c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/code-frame" + } + ] + }, + { + "type": "library", + "name": "stack-utils", + "group": "@types", + "version": "2.0.3", + "bom-ref": "@types/stack-utils@2.0.3", + "description": "TypeScript definitions for stack-utils", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/stack-utils@2.0.3#types/stack-utils", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/stack-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/stack-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5a11b619dd36d83339cf75c76bdd2988acb5f00bf00a65741e09ff4f81aa3908a6fc0b21ee117e63cd63d392fade82f85124772944ee81168196f7271a3a463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/stack-utils" + } + ] + }, + { + "type": "library", + "name": "jest-pnp-resolver", + "version": "1.2.3", + "bom-ref": "jest-pnp-resolver@1.2.3", + "description": "plug'n'play resolver for Webpack", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-pnp-resolver@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/arcanis/jest-pnp-resolver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/arcanis/jest-pnp-resolver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fb7369c10127468201b71e1fca16e54033e0248d07d48108917ed284b5233c603b4ed513bc8d6888a8b7491e28051d21421411f349785807b946b5c1c16300f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-pnp-resolver" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "3.1.0", + "bom-ref": "detect-newline@3.1.0", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cbcfec7fbc45e6fd8ecfef09f510914d2f1629503e1380ca2cc58e9f0152549c931bba91c13a7731c96506f4ea53687f44043eee148e4b7c482630e739e03b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-newline" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "version": "0.5.13", + "bom-ref": "source-map-support@0.5.13", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-support@0.5.13", + "externalReferences": [ + { + "url": "git+https://github.com/evanw/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/evanw/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "48748a14769d8d5039a11e0f3ea86d01575c056c1161577a83a7005e721b4622307361213eb4ee29405d48bbe510ac883f71827fcf5f96dbdc6623fd30c140d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map-support" + } + ] + }, + { + "type": "library", + "name": "type-detect", + "version": "4.0.8", + "bom-ref": "type-detect@4.0.8", + "author": "Jake Luer", + "description": "Improved typeof detection for node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-detect@4.0.8", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/type-detect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/type-detect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/type-detect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1faff9881f57653bec7b4e570ccbe6c80ea28fb30ffbd2d5727875bbf3b828423866a9a65ed74bb02ee8ee6caf6af4b83a162868d4a50a0d8cf467b93b839fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-detect" + } + ] + }, + { + "type": "library", + "name": "callsites", + "version": "3.1.0", + "bom-ref": "callsites@3.1.0", + "author": "Sindre Sorhus", + "description": "Get callsites from the V8 stack trace API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/callsites@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/callsites.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/callsites#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/callsites/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/callsites" + } + ] + }, + { + "type": "library", + "name": "cjs-module-lexer", + "version": "1.2.3", + "bom-ref": "cjs-module-lexer@1.2.3", + "author": "Guy Bedford", + "description": "Lexes CommonJS modules, returning their named exports metadata", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cjs-module-lexer@1.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/cjs-module-lexer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/cjs-module-lexer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d133621acb5b426085c2de1a9238c1839a4b4534b28ff3e4590d59a0edb39ed9a0f722ea491c7011ae2209f40b1a3aa18aa05f3896bb5bf13cc1f1ab4c39a565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cjs-module-lexer" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "4.0.0", + "bom-ref": "strip-bom@4.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df1bab16fe6d1208a2df7662f09b69e79c042082d1f5e877e05016d343d97fe2674ac4e657f8a87b04a0425f7b247be08e8446c0f4a1b169be21daf1077e5dd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "generator", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/generator@7.24.4", + "author": "The Babel Team", + "description": "Turns an AST into code.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/generator@7.24.4#packages/babel-generator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20generator%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ddebebfa4a78d6571fe7bacfb2d25d6cc4c39338c064c8be3e04875b00bc9ab509c07bf49156300d7833d2098697fa2d62266b8648a7f767e13e57fbdad47bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-typescript", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-typescript@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of TypeScript syntax", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.24.1#packages/babel-plugin-syntax-typescript", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-typescript", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6219e6bf2e476449c752dcba8befa071f1f5fe5ebc0079c8b451e7682bfa867f5d361d2142fbd026cc698b804c0453790cb78706eb9c4ffd038335e27ff3b247" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-typescript" + } + ] + }, + { + "type": "library", + "name": "traverse", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/traverse@7.24.1", + "author": "The Babel Team", + "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/traverse@7.24.1#packages/babel-traverse", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20traverse%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c6e53aa3d9baf0a7aa65b42e0edd9370a4b1530fe6aecbdabe512a43595e67f07e0bdb64e84e2c456cbded669782fab913e9d4ddc5ccc6fdd628e09a9d530299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/types@7.24.0", + "author": "The Babel Team", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/types@7.24.0#packages/babel-types", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20types%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa3edae5cdb9dd17ca87c880041872c1cf0d49f3f92d445eed4878aa9b21ea373e68b260baf98850176349d10c42fd9b10dac247931f45d8c6a3bbf34bfa1bef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/types" + } + ] + }, + { + "type": "library", + "name": "babel__traverse", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__traverse@7.20.5", + "description": "TypeScript definitions for @babel/traverse", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__traverse@7.20.5#types/babel__traverse", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__traverse", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__traverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5970b239c46d1f7ec70149295e151db9ac5d9bcd9be064a5c93a9a8d7be237811f8ae3e0358475d3dc4c08abe997accf229b9ad031a53040c2abe83c11da2179" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__traverse" + } + ] + }, + { + "type": "library", + "name": "prettier", + "group": "@types", + "version": "2.7.3", + "bom-ref": "@types/prettier@2.7.3", + "description": "TypeScript definitions for prettier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prettier@2.7.3#types/prettier", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prettier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prettier", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fbaf243fdcb3b382cca7b54d87c81dccc48f6452f8e0c2c6aa21d6bedb5825efbaaa7b95af8124f70481428bdea98febf8bc2309c536f643559227708a6fa460" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prettier" + } + ] + }, + { + "type": "library", + "name": "babel-preset-current-node-syntax", + "version": "1.0.1", + "bom-ref": "babel-preset-current-node-syntax@1.0.1", + "author": "Nicolò Ribaudo", + "description": "A Babel preset that enables parsing of proposals supported by the current Node.js version.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-current-node-syntax@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nicolo-ribaudo/babel-preset-current-node-syntax/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "33b2d0d1bc5aae4c50a0dfafcf96893ec2c19fbee7f10813166a3c58ad3fe386ae2b6c65097ad8714c47171814eea5b9633c3f0a398b44adae27368277b2efa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-current-node-syntax" + } + ] + }, + { + "type": "library", + "name": "natural-compare", + "version": "1.4.0", + "bom-ref": "natural-compare@1.4.0", + "author": "Lauri Rooden", + "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-compare@1.4.0", + "externalReferences": [ + { + "url": "git://github.com/litejs/natural-compare-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/litejs/natural-compare-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "396343f1e8b756d342f61ed5eb4a9f7f7495a1b1ebf7de824f0831b9b832418129836f7487d2746eec8408d3497b19059b9b0e6a38791b5d7a45803573c64c4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-compare" + } + ] + }, + { + "type": "library", + "name": "leven", + "version": "3.1.0", + "bom-ref": "leven@3.1.0", + "author": "Sindre Sorhus", + "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/leven@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/leven.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/leven#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/leven/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/leven" + } + ] + }, + { + "type": "library", + "name": "react-is", + "version": "18.2.0", + "bom-ref": "react-is@18.2.0", + "description": "Brand checking of React Elements.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/react-is@18.2.0#packages/react-is", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/react.git#packages/react-is", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://reactjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/react/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c56183216eb1f76d71b733e486250bb6d8491e826f05b177ab6e9fce5a0f08ad21b2fc6d3d57a5bdfb70df38db1d64a4476926f59fb8bb16c30caffa670f41f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/react-is" + } + ] + }, + { + "type": "library", + "name": "rimraf", + "version": "3.0.2", + "bom-ref": "rimraf@3.0.2", + "author": "Isaac Z. Schlueter", + "description": "A deep deletion module for node (like `rm -rf`)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "25990931990018514f3f662a5d95cf6cc94c060b31cc4f082ece253085ffda8d0bf54070f4efd8de8eb0170fe2f582daa5c5095b0a9b8b791dc483dd0bad9320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rimraf" + } + ] + }, + { + "type": "library", + "name": "istanbul-reports", + "group": "@types", + "version": "3.0.4", + "bom-ref": "@types/istanbul-reports@3.0.4", + "description": "TypeScript definitions for istanbul-reports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-reports@3.0.4#types/istanbul-reports", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-reports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-reports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a64d81d4d59a945f6da0246eea08c1cd1ebdb321633f839df164405fed2699ff6502309189c2ce59cf99af1647c7fd17463a2d82417db7a89a309f9a5dc39d65" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-reports" + } + ] + }, + { + "type": "library", + "name": "yargs", + "group": "@types", + "version": "17.0.32", + "bom-ref": "@types/yargs@17.0.32", + "description": "TypeScript definitions for yargs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs@17.0.32#types/yargs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c50ebb61cfe568e1b9b8c7d7ff4f77311946182201cd931aad56be81f34a271580220ca462954690175ba84cc60c37c2ad5523e8789f7f8993679040e93980a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs" + } + ] + }, + { + "type": "library", + "name": "import-local", + "version": "3.1.0", + "bom-ref": "import-local@3.1.0", + "author": "Sindre Sorhus", + "description": "Let a globally installed package use a locally installed version of itself if available", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-local@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-local.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-local#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-local/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-local/-/import-local-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012074eee2ed9c3b35a3a1078caa57df804a6034aa9c57ab7d33892f61ef32a17bd0b9f1a639330c1f09e38a13f69bb800c3e44307fc8e5eacce0bcd776b5122" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-local" + } + ] + }, + { + "type": "library", + "name": "prompts", + "version": "2.4.2", + "bom-ref": "prompts@2.4.2", + "author": "Terkel Gjervig", + "description": "Lightweight, beautiful and user-friendly prompts", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompts@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/prompts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/prompts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/prompts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37136ffe42e0b8203ba778c4f282f668406cac95a001a901a609a02ba9693d657e5ae3a663aaf6ff36c05673fe4fc6d0940d27cc75d2252256d07abbca5683d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompts" + } + ] + }, + { + "type": "library", + "name": "kleur", + "version": "3.0.3", + "bom-ref": "kleur@3.0.3", + "author": "Luke Edwards", + "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kleur@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/kleur.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/kleur#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/kleur/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kleur" + } + ] + }, + { + "type": "library", + "name": "sisteransi", + "version": "1.0.5", + "bom-ref": "sisteransi@1.0.5", + "author": "Terkel Gjervig", + "description": "ANSI escape codes for some terminal swag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sisteransi@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/terkelg/sisteransi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/terkelg/sisteransi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/terkelg/sisteransi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sisteransi" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "17.7.2", + "bom-ref": "yargs@17.7.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd4b3cd143ef822a7348fe4aca9d8455ec928a3d45cc121eb5b286872a0f66ad6121cc55a1167c4fc4697eebd703d4ebbadc2d773543c29e621caefa82b8ceb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs" + } + ] + }, + { + "type": "library", + "name": "json-diff", + "version": "0.9.1", + "bom-ref": "json-diff@0.9.1", + "author": "Andrey Tarantsov", + "description": "JSON diff", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-diff@0.9.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/andreyvit/json-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/json-diff", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/json-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-diff/-/json-diff-0.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67778c83a91b55306bde0fc8a6617acf6f322f6b2a8b89242252560d04add1ab905b6cb4405bb746648a8b3be3f3cd04fc453235a9ef598de88bf4f967b640d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-diff" + } + ] + }, + { + "type": "library", + "name": "cli-color", + "version": "2.0.4", + "bom-ref": "cli-color@2.0.4", + "author": "Mariusz Nowak", + "description": "Colors, formatting and other tools for the console", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-color@2.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/cli-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/cli-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/cli-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-color/-/cli-color-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce59e98348cd7226cdaceec61bd21e1c7ee669615e0b3f896b5c31ffbb59354e4049249267efea65c88cd3f2c7098c5276abf9876b1d6d0fcf5d874eb9eb57bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-color" + } + ] + }, + { + "type": "library", + "name": "d", + "version": "1.0.2", + "bom-ref": "d@1.0.2", + "author": "Mariusz Nowak", + "description": "Property descriptor factory", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/d.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/d#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/d/-/d-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30ea87bcc585f7ff4c5fa9f36b42a0bc51f81e9314d04179b940d7a97fc1b71b54f0d7c1d10cd1b49f0e7bfe92b92e246e1cb3549c2377dec40383caaf327c6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/d" + } + ] + }, + { + "type": "library", + "name": "es5-ext", + "version": "0.10.64", + "bom-ref": "es5-ext@0.10.64", + "author": "Mariusz Nowak", + "description": "ECMAScript extensions and shims", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.64", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.64.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a76b270e188b6977ba75a86cb352dd771a849be4a4b83bd5f1d9c8406d0c5a3c87a5c30d7d728f13efc2734cbe3e1c495f7038c4635e1428f9a1cd01521e9d7a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es5-ext" + } + ] + }, + { + "type": "library", + "name": "type", + "version": "2.7.2", + "bom-ref": "type@2.7.2", + "author": "Mariusz Nowak", + "description": "Runtime validation and processing of JavaScript types", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type/-/type-2.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77396f94d96de805d4ec40527e902c732750ee05c1fa93c6b0f9df26766988d2410e3ec8689cd094165819d122e11f4798f741bf65e6589e9852da136bb9660b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type" + } + ] + }, + { + "type": "library", + "name": "es6-iterator", + "version": "2.0.3", + "bom-ref": "es6-iterator@2.0.3", + "author": "Mariusz Nowak", + "description": "Iterator abstraction based on ES6 specification", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-iterator/-/es6-iterator-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf0e12473a1491df9c97e668135e40f68d6841df76d016f488e24c4244219778cd734dd8a958c0846eec71ff42e4a59153f475dceadfe7cf2e082eb9db9a34da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-iterator" + } + ] + }, + { + "type": "library", + "name": "es6-symbol", + "version": "3.1.4", + "bom-ref": "es6-symbol@3.1.4", + "author": "Mariusz Nowak", + "description": "ECMAScript 6 Symbol polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es6-symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-symbol/-/es6-symbol-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d6c51635fcb458804e0b64275ce0db9f8abe2217a6046f4474bcb1abb719f855cd385142b39e92c3de4f40565b630d66cd4e1162750cf5ce40c9f428a464be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-symbol" + } + ] + }, + { + "type": "library", + "name": "ext", + "version": "1.7.0", + "bom-ref": "ext@1.7.0", + "author": "Mariusz Nowak", + "description": "JavaScript utilities with respect to emerging standard", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.7.0#ext", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/es5-ext.git#ext", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/tree/ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ea1c5e25868bd75d1af5be531094a3d20a23c87400980d9c8793acfb2482880d5019d4baf7b5d6635a73b2b4a3a80f4b0c4120741fcaca9225479f5170bb8763" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ext" + } + ] + }, + { + "type": "library", + "name": "esniff", + "version": "2.0.1", + "bom-ref": "esniff@2.0.1", + "author": "Mariusz Nowak", + "description": "Low footprint ECMAScript source code parser", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/esniff@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/medikoo/esniff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/esniff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/esniff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esniff/-/esniff-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91350818a43f9833c5a09d2855f726c899f88810d1a6d8cd548cf020547bb6a59775523dc5f03644cc18fe06d2a491b79647563448cb6a9fcda951d9889b1d7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esniff" + } + ] + }, + { + "type": "library", + "name": "event-emitter", + "version": "0.3.5", + "bom-ref": "event-emitter@0.3.5", + "author": "Mariusz Nowak", + "description": "Environment agnostic event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/event-emitter/-/event-emitter-0.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fdad19fdcbb90b3e727e84cabb4bf9e1be82b0c2f5496a1062d813e6c776ef6ec11d2b75bd8a2f1c0521a33feef6fcb9cce27e9fa37f9d9025f915e4d0aee5c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/event-emitter" + } + ] + }, + { + "type": "library", + "name": "next-tick", + "version": "1.1.0", + "bom-ref": "next-tick@1.1.0", + "author": "Mariusz Nowak", + "description": "Environment agnostic nextTick polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/next-tick@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977548897a66ec363b93a10bf16b23d917d56a86dee17b0b2fcb6b0e59a7cbbe2d9ac1f963f66382e9b1c8839d28ad7f0826f58a63dc1843fcc1da4a203ec95" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/next-tick" + } + ] + }, + { + "type": "library", + "name": "memoizee", + "version": "0.4.15", + "bom-ref": "memoizee@0.4.15", + "author": "Mariusz Nowak", + "description": "Memoize/cache function results", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/memoizee@0.4.15", + "externalReferences": [ + { + "url": "git://github.com/medikoo/memoizee.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/memoizee#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/memoizee/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/memoizee/-/memoizee-0.4.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5015a62692d97794933e6ecf31494ec3f4d2cbdef633ecfc81cc90e6f78e9d20d1444cffd1b9a9c937cab77ff9d4384406a099427d6e74cff97e57123d886475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/memoizee" + } + ] + }, + { + "type": "library", + "name": "es6-weak-map", + "version": "2.0.3", + "bom-ref": "es6-weak-map@2.0.3", + "author": "Mariusz Nowak", + "description": "ECMAScript6 WeakMap polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-weak-map@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/medikoo/es6-weak-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/es6-weak-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es6-weak-map/-/es6-weak-map-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a79ba6df61ce4ced643fec3b3d19c1fb9950e3767a9aeb8cb8831f7ef0cdf1907819c9e32c157acc64ada5b01220c9380c202f11a6a685edb387209bfd05d7b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es6-weak-map" + } + ] + }, + { + "type": "library", + "name": "is-promise", + "version": "2.2.2", + "bom-ref": "is-promise@2.2.2", + "author": "ForbesLindesay", + "description": "Test whether an object looks like a promises-a+ promise", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/then/is-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/then/is-promise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa53f8ffa94a5017d08d9da97714e166f2d401a7e665bf0e03115bf175ed890992df920d82bf3985d386a04b35db87b3d450a7649b7a8dabbf4fe6a5879f1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-promise" + } + ] + }, + { + "type": "library", + "name": "lru-queue", + "version": "0.1.0", + "bom-ref": "lru-queue@0.1.0", + "author": "Mariusz Nowak", + "description": "LRU Queue", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lru-queue@0.1.0", + "externalReferences": [ + { + "url": "git://github.com/medikoo/lru-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/lru-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/lru-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06975892df44bc697c39f5870d03c8495a5c979c59b616fe5cfb1b10b8f90105f1202f08ae20d92106230493c49b9ad2e36d2c8d9d132c4cd172ae4a741858ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-queue" + } + ] + }, + { + "type": "library", + "name": "timers-ext", + "version": "0.1.7", + "bom-ref": "timers-ext@0.1.7", + "author": "Mariusz Nowak", + "description": "Timers extensions", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/timers-ext@0.1.7", + "externalReferences": [ + { + "url": "git://github.com/medikoo/timers-ext.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/medikoo/timers-ext#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/medikoo/timers-ext/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/timers-ext/-/timers-ext-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fce4d50dcd349da1d4a14c86e4cba645d367bc493b5555f0fe7eee1a5d74a11042e9a331fe6c2a492d830f65bb0004ddb00c7edf269a88a17c49a736dfd0da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/timers-ext" + } + ] + }, + { + "type": "library", + "name": "difflib", + "version": "0.2.4", + "bom-ref": "difflib@0.2.4", + "author": "Xueqiao Xu", + "description": "text diff library ported from Python's difflib module", + "licenses": [ + { + "license": { + "name": "PSF", + "url": "http://docs.python.org/license.html" + } + } + ], + "purl": "pkg:npm/difflib@0.2.4", + "externalReferences": [ + { + "url": "git://github.com/qiao/difflib.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/difflib.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/difflib.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/difflib/-/difflib-0.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5857098c6f4c101d036be49f66e814a3e9f938a5f1884c640e3acf83f4597e20d38358539fbe1214d6136fe86811d510680bff4d25cc2eefbcd2871574913ef" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/difflib" + } + ] + }, + { + "type": "library", + "name": "heap", + "version": "0.2.7", + "bom-ref": "heap@0.2.7", + "author": "Xueqiao Xu", + "description": "binary heap (priority queue) algorithms (ported from Python's heapq module)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/heap@0.2.7", + "externalReferences": [ + { + "url": "git://github.com/qiao/heap.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qiao/heap.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qiao/heap.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/heap/-/heap-0.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9bb1e8189241cefa1ffd3066e7e8a59c138e5c1d980f00da392d717b12f59d4f4c93d8482e4953b59c3814e5cf3e64e3f0a76bcc35aed816c26155c0d1f5276" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/heap" + } + ] + }, + { + "type": "library", + "name": "dreamopt", + "version": "0.8.0", + "bom-ref": "dreamopt@0.8.0", + "author": "Andrey Tarantsov", + "description": "Command-line parser with readable syntax from your sweetest dreams", + "purl": "pkg:npm/dreamopt@0.8.0", + "externalReferences": [ + { + "url": "git://github.com/andreyvit/dreamopt.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andreyvit/dreamopt.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dreamopt/-/dreamopt-0.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf2253a7cfa60be1bee5d7e0b18fabddc931973f90317e345633d0b19739831540c4b9a2eb84c1a1590fe7803fa51017317b1bbb618c301ad93f136fdb7c1a32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dreamopt" + } + ] + }, + { + "type": "library", + "name": "wordwrap", + "version": "1.0.0", + "bom-ref": "wordwrap@1.0.0", + "author": "James Halliday", + "description": "Wrap those words. Show them at what columns to start and stop.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "82f57324594fc9c29ce5d64de323e43fcc3b0dcdfb06d3f5c9ccc49de39be2eab7e295d972faed45399657c5be5267be5c2c4a81b8ccfa77af93214f3326dde1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wordwrap" + } + ] + }, + { + "type": "library", + "name": "jstoxml", + "version": "3.2.10", + "bom-ref": "jstoxml@3.2.10", + "author": "David Calhoun", + "description": "Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstoxml@3.2.10", + "externalReferences": [ + { + "url": "git://github.com/davidcalhoun/jstoxml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/davidcalhoun/jstoxml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davidcalhoun/jstoxml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jstoxml/-/jstoxml-3.2.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "735bf6085c4aae120f5abf9c3ab04e2569029646b945f5161b5d98d60ab2143e1dcca4e5c646ab9e2925c0e4ffeb047565f97ec76655223448411f431621b5ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jstoxml" + } + ] + }, + { + "type": "library", + "name": "pretty", + "version": "2.0.0", + "bom-ref": "pretty@2.0.0", + "author": "Jon Schlinkert", + "description": "Some tweaks for beautifying HTML with js-beautify according to my preferences.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/pretty.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/pretty/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty/-/pretty-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bdc54721813122369a2b99d60197e3e16b9d20394a2f4f5f08bc07bb118319d7f7fd5bf59630f467fb123af325cd3149374171c3c28ff5c15ff835e8d535ed7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty" + } + ] + }, + { + "type": "library", + "name": "condense-newlines", + "version": "0.2.1", + "bom-ref": "condense-newlines@0.2.1", + "author": "Jon Schlinkert", + "description": "Replace extraneous newlines with a single newline, or pass a specified number of newlines to use.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/condense-newlines@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/condense-newlines.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/condense-newlines/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/condense-newlines/-/condense-newlines-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3fb5fe40bf476fd07f73c1c8e411452a68e006ed97a50b85f7c599f5790ef9d046824e57830890cfba354a6a6094d588777e7cd54712d1214059fa0884c1cf7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/condense-newlines" + } + ] + }, + { + "type": "library", + "name": "extend-shallow", + "version": "2.0.1", + "bom-ref": "extend-shallow@2.0.1", + "author": "Jon Schlinkert", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc29d3b65c4da0088373782a636698016171ed759689ab2e1762bc31ee566cdf28b4729350a0708cfb4da51b3fadb5199bb2b158068d8fb3f56bfa79d866d5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/extend-shallow" + } + ] + }, + { + "type": "library", + "name": "is-whitespace", + "version": "0.3.0", + "bom-ref": "is-whitespace@0.3.0", + "author": "Jon Schlinkert", + "description": "Returns true if the value passed is all whitespace.", + "purl": "pkg:npm/is-whitespace@0.3.0", + "externalReferences": [ + { + "url": "git://github.com/jonschlinkert/is-whitespace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-whitespace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-whitespace/-/is-whitespace-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47274f865e12e89c00ca3d09263b215891051ba84dc9ede964505165a4d47d9170187c73a6935a34e56042e4bf13f4a586b029b8c5eba672b51042177dda370e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-whitespace" + } + ] + }, + { + "type": "library", + "name": "kind-of", + "version": "3.2.2", + "bom-ref": "kind-of@3.2.2", + "author": "Jon Schlinkert", + "description": "Get the native type of a value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/kind-of.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e5bd4105cca191a0fe8aa754da0d4d320510889dd7adbb5827df50124474cc58029abb98d13b0a9cee7083dcf99420db93e17a3ec8252997de13bea1b94eb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kind-of" + } + ] + }, + { + "type": "library", + "name": "is-buffer", + "version": "1.1.6", + "bom-ref": "is-buffer@1.1.6", + "author": "Feross Aboukhadijeh", + "description": "Determine if an object is a Buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-buffer" + } + ] + }, + { + "type": "library", + "name": "is-extendable", + "version": "0.1.1", + "bom-ref": "is-extendable@0.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extendable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e413142cda1bd6f8055fa123430e62cd60f1ade7162bd00cef6aee80daf44c595d30e8b47e3e8993ecde288b74c468f87047d0209b61e30dce296389e1ff8017" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extendable" + } + ] + }, + { + "type": "library", + "name": "js-beautify", + "version": "1.15.1", + "bom-ref": "js-beautify@1.15.1", + "author": "Einar Lielmanis", + "description": "beautifier.io for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-beautify@1.15.1", + "externalReferences": [ + { + "url": "git://github.com/beautifier/js-beautify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://beautifier.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beautifier/js-beautify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1128cdcd296dfec584f2c722647f24045f013e5c173f0851ea958a030f1bc380708fe899727296e8e35652eb49ede39bb81650a6221bf12ece62ca56acab7bac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify" + } + ] + }, + { + "type": "library", + "name": "config-chain", + "version": "1.1.13", + "bom-ref": "config-chain@1.1.13", + "author": "Dominic Tarr", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "purl": "pkg:npm/config-chain@1.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/config-chain.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa3f9ff003c04571eb33486b6aa5d86f6fdb395495e0fbc9425359fc3563d10ae634cdaad9eba2ce47ae55c910e7b27e5b49911fa1ef8be939d0ce09ba5d9545" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/config-chain" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "1.3.8", + "bom-ref": "ini@1.3.8", + "author": "Isaac Z. Schlueter", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "255ff2ba0576bb35b988c4528990320ed41dfa7c6d5278de2edd1a70d770f7c90a2ebbee455c81f34b6c444384ef2bc65606a5859e913570a61079142812b17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ini" + } + ] + }, + { + "type": "library", + "name": "proto-list", + "version": "1.2.4", + "bom-ref": "proto-list@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "A utility for managing a prototype chain", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/proto-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bed2bff786a4c6c4cc85ed3f71b7e947eb323eeb3372ec21a958c9ab6e82b8d0e01468faf36a1105738fe4c269bf6afb26d13c32c89ea4622abef3930709f6bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proto-list" + } + ] + }, + { + "type": "library", + "name": "editorconfig", + "version": "1.0.4", + "bom-ref": "editorconfig@1.0.4", + "author": "EditorConfig Team", + "description": "EditorConfig File Locator and Interpreter for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/editorconfig@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/editorconfig/editorconfig-core-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/editorconfig/editorconfig-core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fd41ed3c2964e5a98315bcc71322f300765d5c0d4b9bcd13582fe59f0386cb0cc1dee277a62a4a666339339c4d45c0b2aed04126cbaa1b8102b3309ae0e31f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig" + } + ] + }, + { + "type": "library", + "name": "wasm", + "group": "@one-ini", + "version": "0.1.1", + "bom-ref": "@one-ini/wasm@0.1.1", + "description": "Parse EditorConfig-INI file contents into AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/one-ini/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/one-ini/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/one-ini/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eec921b5137f1849c489a0c96aa2f2ebbb829350d4a38154c88f287ba8c5fa68d3791d8e42b792e14497713bbf49b53cca7f357f6e75a9cfeceab98ac84acbf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@one-ini/wasm" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "10.0.1", + "bom-ref": "commander@10.0.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@10.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb8320dad5ec8699446d21b3c7b6a6ccfc0a28e086ba84913ff0a311dc3093414e1a551baba94aba8c83653359926c47749b69e7885d7d8fc952b74bed77ddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7008bd0f1e33e902e9a50bc7ac2e422c15b27cec8bd7775b1cd5dc5a564c6035f45eb6d64c1d6ec01c14a5e02941d95accbe998ea22f5b074f1584142cad0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "js-cookie", + "version": "3.0.5", + "bom-ref": "js-cookie@3.0.5", + "author": "Klaus Hartl", + "description": "A simple, lightweight JavaScript API for handling cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "externalReferences": [ + { + "url": "git://github.com/js-cookie/js-cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/js-cookie/js-cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70488910012821b59f09960a5a157016ebcf5f58044d160fc3a2e56932a8c43decd80917ce40a39e9ea1d15efba33caa8f48da92d789e18a83253f37d3e9551b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-cookie" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.0", + "bom-ref": "nopt@7.2.0", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0950edc02761608be703316827a349e9d5f7a206bdfc7c9c8900e71b5bd00e348b31e28b27803ddd9a98283ae0612af5141639fe13180bed950a2db8a60a6418" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nopt" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ebf9a1d44daed98804b021dd634631e685beeb581953ed6f5daa221c7ae929eb9134d805bd2fbf8ebc07890841e5aa407f9a01ed407b135f689764762ca1fc85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/abbrev" + } + ] + }, + { + "type": "library", + "name": "babel__core", + "group": "@types", + "version": "7.20.5", + "bom-ref": "@types/babel__core@7.20.5", + "description": "TypeScript definitions for @babel/core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__core@7.20.5#types/babel__core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa8429ad9bf3e70405270303a9eb1e4575afdeba8cbe18296d715f5725a16f1f57e3b3ce200ea2ffe75779f12664aa0080e69375a22035232a30853ad72472cc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__core" + } + ] + }, + { + "type": "library", + "name": "template", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/template@7.24.0", + "author": "The Babel Team", + "description": "Generate an AST from a string template.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/template@7.24.0#packages/babel-template", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3A%22pkg%3A%20template%22+is%3Aopen", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/template/-/template-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0647f6abc94c074005a57d0d144a926f1d4e9131dfd1ffb48fcda6930f99a73067924edef50974f3dd6f95f822fa41f03a4f2d4238901e9aa1e0b6926b47ca10" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/template" + } + ] + }, + { + "type": "library", + "name": "bs-logger", + "version": "0.2.6", + "bom-ref": "bs-logger@0.2.6", + "author": "Huafu Gandon", + "description": "Bare simple logger for NodeJS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bs-logger@0.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/huafu/bs-logger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/huafu/bs-logger#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/huafu/bs-logger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5df030a8c666e073b8723ca3afc6da8d7236283ac0013d075c0948c6a77778d95476097d4e46193603cee8aaabb9475924fbbea7b3166ea649b277e315b42a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bs-logger" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "2.2.3", + "bom-ref": "json5@2.2.3", + "author": "Aseem Kishore", + "description": "JSON for Humans", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e63967bb7b21d81f5e1c2dd54fa3283e18e1f7ad85fef8aa73af2949c125bdf2ddcd93e53c5ce97c15628e830b7375bf255c67facd8c035337873167f16acca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json5" + } + ] + }, + { + "type": "library", + "name": "lodash.memoize", + "version": "4.1.2", + "bom-ref": "lodash.memoize@4.1.2", + "author": "John-David Dalton", + "description": "The lodash method `_.memoize` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.memoize@4.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b8fe3739a09d0cd30185dcb0760b8229a5b4e5753171ed94e59fe868cbf4a8fc18ae45227c39268b71bdb3acf88bd5d7f0f3a34e3f7c219f2d5b3b6976f802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.memoize" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "3.26.9", + "bom-ref": "@oclif/core@3.26.9", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@3.26.9", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-3.26.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81e58c5deb60ec1eaa822bfeb42fc2221a94d1214e09f9fcc2a9f6cf462218139f9a81f37ade4a6968cf936eac8c05db27b7f3d03a7603f0186cd6ab94afa7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "group": "@types", + "version": "3.11.5", + "bom-ref": "@types/cli-progress@3.11.5", + "description": "TypeScript definitions for cli-progress", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/cli-progress@3.11.5#types/cli-progress", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/cli-progress", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f83db3516ef88aca9a52e62bc11b214edbd3ce97248b980d87c94144e29e5019acc030cdc2c2429672f4e5f20bc4952bb1461e853ca2fc5e689d5fcef7a2ee2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/cli-progress" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.21.3", + "bom-ref": "type-fest@0.21.3", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.21.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b74af306af3b9b77d571db870d41612a6cb25fef5ea3a5908d9bdfe7511afccd10efe4f7ef8269d5a522c9497418ac69f0cfce113547483be69323e0bd7f97db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-fest" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "cardinal", + "version": "2.1.1", + "bom-ref": "cardinal@2.1.1", + "author": "Thorsten Lorenz", + "description": "Syntax highlights JavaScript code with ANSI colors to be printed to the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cardinal@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/cardinal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/cardinal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/cardinal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "252af978e8281329ad607063356ca3acca9eb7d026da68898657ca35da8ba7ace878087428de5d44073195e723e66009ae64289a088e063df9c472eb163a81a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cardinal" + } + ] + }, + { + "type": "library", + "name": "ansicolors", + "version": "0.3.2", + "bom-ref": "ansicolors@0.3.2", + "author": "Thorsten Lorenz", + "description": "Functions that surround a string with ansicolor codes so it prints in color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansicolors@0.3.2", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/ansicolors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/ansicolors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "417bbb04facfdbd565951c47f06c01ef1e625f9a9628000c2ea2901964de2d656534734ea55309f7576cc50008597a63b96e70aafc6edc977f9d18eb27ed29aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansicolors" + } + ] + }, + { + "type": "library", + "name": "redeyed", + "version": "2.1.1", + "bom-ref": "redeyed@2.1.1", + "author": "Thorsten Lorenz", + "description": "Takes JavaScript code, along with a config and returns the original code with tokens wrapped as configured.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/redeyed@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/redeyed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/redeyed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/redeyed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14da461a8d43c9c600767aca17108c98a620a3f9882c0aad4586e47500fc129fc79363d0e7e684004c7e214ef5dd14c39ae05a1f473c3f9668ceeacdbb939b45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/redeyed" + } + ] + }, + { + "type": "library", + "name": "esprima", + "version": "4.0.1", + "bom-ref": "esprima@4.0.1", + "author": "Ariya Hidayat", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jquery/esprima.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://esprima.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esprima" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "4.0.0", + "bom-ref": "has-flag@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "3.0.1", + "bom-ref": "clean-stack@3.0.1", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "951f70362311715423481ddaef15c62eecf872be3026eb9795a0046d1bad1a8c104e6969ed1ef6fc33a0376d5ef237706e531697d50e24c2576ab5fde29cca76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-stack" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "4.0.0", + "bom-ref": "escape-string-regexp@4.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4eda5c349dd7033c771aaf2c591cc96956a346cd2e57103660091d6f58e6d9890fcf81ba7a05050320379f9bed10865e7cf93959ae145db2ae4b97ca90959d80" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "cli-progress", + "version": "3.12.0", + "bom-ref": "cli-progress@3.12.0", + "author": "Andi Dittrich", + "description": "easy to use progress-bar for command-line/terminal applications", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-progress@3.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/npkgz/cli-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npkgz/cli-progress", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npkgz/cli-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b51915dc7275012c26d7d4c78a22c85cb3bb226ef0953b8a9ef918693932a003de7ea8cd83b5bb0c7294946471cbdbf10ef6f2098424428cefa6db8c9060a0f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-progress" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "4.2.3", + "bom-ref": "color@4.2.3", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@4.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6b5deb94522186af2921f8278176ee487bb389c229c28106346dcec6091c72e71547cbe9a86aa9292ff8ea42ad0cb5039e61caea133e1a6dce5fd0ab54ed6e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-string", + "version": "1.9.1", + "bom-ref": "color-string@1.9.1", + "author": "Heather Arthur", + "description": "Parser and generator for CSS color strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21ad56b0405a239d9bfac4ce346a7c780a4a033fe7d9b30fd97ab10cb16fe9cb3b116c4969b0bfc30555bbab7131c70bac74d5c8de55e9ba1119933b3ca7912" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/color-string" + } + ] + }, + { + "type": "library", + "name": "simple-swizzle", + "version": "0.2.2", + "bom-ref": "simple-swizzle@0.2.2", + "author": "Qix", + "description": "Simply swizzle your arguments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-simple-swizzle.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "240fff910819b5bb98f379bec53fad5c9926267706313153f82fa0da1d91f6ec64608ac4db2cbdb2099c2e10a7c39eff5920fe121dc9f7b14f1031676d79c352" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle" + } + ] + }, + { + "type": "library", + "name": "ejs", + "version": "3.1.10", + "bom-ref": "ejs@3.1.10", + "author": "Matthew Eernisse", + "description": "Embedded JavaScript templates", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/ejs@3.1.10", + "externalReferences": [ + { + "url": "git://github.com/mde/ejs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/ejs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/ejs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51e26615f3ab0104bc38958f678aad807c961316b4f3cfccb4ae54132a091851faedc0c45e4652be23a2291099e178a3d33c48dc9102818b37a0ac7e022cd004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ejs" + } + ] + }, + { + "type": "library", + "name": "jake", + "version": "10.8.7", + "bom-ref": "jake@10.8.7", + "author": "Matthew Eernisse", + "description": "JavaScript build tool, similar to Make or Rake", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/jake@10.8.7", + "externalReferences": [ + { + "url": "git://github.com/jakejs/jake.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jakejs/jake#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jakejs/jake/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jake/-/jake-10.8.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6438b768ff9f1bf2dc87207350cf34e158dd767c1f49fb1d798930b7c35c6ca46fa38ac592386ce39ea22c59f79366545af35ee22e3c5800836f36bc7e1ab6fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake" + } + ] + }, + { + "type": "library", + "name": "async", + "version": "3.2.5", + "bom-ref": "async@3.2.5", + "author": "Caolan McMahon", + "description": "Higher-order functions and common patterns for asynchronous code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/caolan/async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://caolan.github.io/async/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da359caa69a2e1c8b54a9bf0e5bdd5b4e7531280ee9bf1e55f21ece5f44e4fa96c458332e6ff0427b445b8ccecad55bbab0c4af426500b12974e170bc4acbb2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async" + } + ] + }, + { + "type": "library", + "name": "filelist", + "version": "1.0.4", + "bom-ref": "filelist@1.0.4", + "author": "Matthew Eernisse", + "description": "Lazy-evaluating list of files, based on globs or regex patterns", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/filelist@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/mde/filelist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mde/filelist", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mde/filelist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c35704b9fdd2f83acb0902fb113ea4cfe82694975babd27bc970928cafce6423c0faa10dd56c85e1901fd186096b8fec84726b6b6b7f77fafc495e098bec7ef1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de849e50ed13315ebb84dd4099b5ec2b8c9aa94eed8e21e56f144364ea47d0a5bdf82797e1b440697d009f1b74b71d8cae94695b041a3f02252121098585393f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/balanced-match" + } + ] + }, + { + "type": "library", + "name": "concat-map", + "version": "0.0.1", + "bom-ref": "concat-map@0.0.1", + "author": "James Halliday", + "description": "concatenative mapdashery", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd2aefe1db30c903417e8846a73f68e986f71b3dd2ad40ea047e6b4ee84647b6a1b656d82a7571c366c214c4658da03b1171da5d9f30b07768745bdb9212a6aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/concat-map" + } + ] + }, + { + "type": "library", + "name": "get-package-type", + "version": "0.1.0", + "bom-ref": "get-package-type@0.1.0", + "author": "Corey Farrell", + "description": "Determine the `package.json#type` which applies to a location", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-package-type@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/cfware/get-package-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cfware/get-package-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cfware/get-package-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cee2ad63ae0661f5a2ccd009d1fafd56ab6d6643622b6892e37d0bb481f38c112be9b5fc026db39b8b16e11a39c23596e5c02544bd6a00c4dc5db8cd00ed9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-package-type" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "11.1.0", + "bom-ref": "globby@11.1.0", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e121768ecf2d6c6fc232a1c6abb964a7d538e69c156cf00ca1732f37ae6c4d27cab6b96282023dc29c963e2a91925c2b9e00f7348b4e6456f54ab4fd6df52de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globby" + } + ] + }, + { + "type": "library", + "name": "array-union", + "version": "2.1.0", + "bom-ref": "array-union@2.1.0", + "author": "Sindre Sorhus", + "description": "Create an array of unique values, in order, from the input arrays", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-union@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/array-union.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/array-union#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/array-union/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1c6cb1a0e4d853208ceacb547ba1098277781287b0008ef331d7ea3be9068e79599810f3fdc479a5ff2bfdc4785aaeb4b0bfe9d0891c8d41043f04b7185ac8cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-union" + } + ] + }, + { + "type": "library", + "name": "dir-glob", + "version": "3.0.1", + "bom-ref": "dir-glob@3.0.1", + "author": "Kevin Mårtensson", + "description": "Convert directories to glob compatible strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dir-glob@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/dir-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/dir-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/dir-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a4ad6a7d191e0a5df28663338b993b86562d545857f0b37efb9fd71ce79fed6fa0eeab217aa5c43901b88712c85a0e963dbfaa1a4abd9708389d1a633077320" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dir-glob" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "4.0.0", + "bom-ref": "path-type@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "5.3.1", + "bom-ref": "ignore@5.3.1", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@5.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45cadcff22b68c8eaa707dddf891edbc3d354c8d98c91b630f9f9b7b384e1e50250d7fc0406bb6f95944bdfd0bebea6c0e412ecc93abddb0c9e8e617be4fc5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ignore" + } + ] + }, + { + "type": "library", + "name": "hyperlinker", + "version": "1.0.0", + "bom-ref": "hyperlinker@1.0.0", + "author": "James Talmage", + "description": "Write hyperlinks in the terminal.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hyperlinker@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jamestalmage/hyperlinker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jamestalmage/hyperlinker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4f2f146e545614471f4ae21a6a3337e0b74f5c885bb356a3117fc104fbf6e09f9e9d255a11563adf143a9533bd551612e4b028821206d080c9fa9f883f329441" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hyperlinker" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11d0c366ee00d8ec882bb2ebff6cc6fb0e6399bba4d435419c4c11110bc1ceca412640846d16bc1b153596085871a1890a745689b8c35e5abbefd5f5ff2e71c2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/indent-string" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "2.2.0", + "bom-ref": "is-wsl@2.2.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cacc0adad2b18951407018180d90766e4e865c9fe4ed5c7a5e0a09a430930c631d6c40361a092ca32414826b69c7d431a6eecde7d68067a21a154c168decbc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "2.2.1", + "bom-ref": "is-docker@2.2.1", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "17e8b604ab05ac7eba89a505734c280fcb0bcbc81eb64c13c2d3818efb39e82c780a024378a41ea9fcfcc0062249bf093a9ad68471f9a7becf6e6602bef52e5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "natural-orderby", + "version": "2.0.3", + "bom-ref": "natural-orderby@2.0.3", + "author": "Olaf Ennen", + "description": "Lightweight and performant natural sorting of arrays and collections by differentiating between unicode characters, numbers, dates, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/natural-orderby@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/yobacca/natural-orderby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yobacca.github.io/natural-orderby", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yobacca/natural-orderby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7b2931f1534094adc3977bad997eb6f9675de72ef3e149647fb28de416e954414d2c814965d99d0bc29b0b377e7578e383fa1446bbf17583eeb10df3de0fef9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/natural-orderby" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "1.1.33", + "bom-ref": "object-treeify@1.1.33", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@1.1.33", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1055630187f35aa5ac04c4473cc0172c20c8267a4c85d580a91ef11ba33a6b672ce8f305a65ffe676d30f730d6e2f9313857dd75e8012aaf517a17746f1584ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "password-prompt", + "version": "1.1.3", + "bom-ref": "password-prompt@1.1.3", + "author": "Jeff Dickey @jdxcode", + "description": "cross-platform masked or hidden prompt", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/password-prompt@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/password-prompt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/password-prompt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e4ae31b668996f174b7604c1f47b62c1fc41dfdcb72addf34ccf2e066077106e502f3a5f904238b52f1ed644132aa552bca7e291edb0a0ee8a80317b5d82acb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/password-prompt" + } + ] + }, + { + "type": "library", + "name": "slice-ansi", + "version": "4.0.0", + "bom-ref": "slice-ansi@4.0.0", + "description": "Slice a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slice-ansi@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/slice-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/slice-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/slice-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8c08c7e1634e347151d3e372bd045ca0a986d43c564a1ce83b2bbde6b5358945bf29c8fddfcdfe08c5de52cdd10943a311520fd606738bc60859b4a2aeac435" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/slice-ansi" + } + ] + }, + { + "type": "library", + "name": "astral-regex", + "version": "2.0.0", + "bom-ref": "astral-regex@2.0.0", + "author": "Kevin Mårtensson", + "description": "Regular expression for matching astral symbols", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/astral-regex@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/astral-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/astral-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/astral-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "67bb4cc35cad4d7b798ea31c38ff8e42d794d55b8d2bd634daeb89b4a4354afebd8d740a2a0e5c89b2f0189a30f32cd93fe780735f0498b18f6a5d1ba77eabbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/astral-regex" + } + ] + }, + { + "type": "library", + "name": "widest-line", + "version": "3.1.0", + "bom-ref": "widest-line@3.1.0", + "author": "Sindre Sorhus", + "description": "Get the visual width of the widest line in a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/widest-line@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/widest-line.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/widest-line/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36c9a85da96c5950cc1aea71679474f246bd7e56638e22ef1d501660e2ad88a33cba3b595abf5c45f7da93eb92138f3e39bf0e6da957a70c9e522c830fa40582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/widest-line" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6151888f691a98b493c70e8db198e80717d2c2c9f4c9c75eb26738a7e436d5ce733ee675a65f8d7f155dc4fb5d1ef98d54e43a5d2606e0052dcadfc58bb0f5e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "plugin-help", + "group": "@oclif", + "version": "6.1.0", + "bom-ref": "@oclif/plugin-help@6.1.0", + "author": "Salesforce", + "description": "Standard help for oclif.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-help@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-help.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-help", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-help/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53e2cd28a69906ba07aa848622961b42691397c696d0d25c3bdb6bd3dd4b24e67be22a840e2ba97c14c232e9255bdb9365d585600a6a4e6b210ee07f238d63c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help" + } + ] + }, + { + "type": "library", + "name": "ansis", + "version": "3.2.0", + "bom-ref": "ansis@3.2.0", + "author": "webdiscus", + "description": "Colorize terminal with ANSI colors & styles", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ansis@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/webdiscus/ansis.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/webdiscus/ansis", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/webdiscus/ansis/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansis/-/ansis-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "624dc19071fd53ba0fc8237780be5373b0a96a11bff9416fffa506d370b7d75572f65cd1980e6ea310d3a54f423b7ac61cbe8acc9cffa5d0de5d9099e4cbbf4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansis" + } + ] + }, + { + "type": "library", + "name": "cli-spinners", + "version": "2.9.2", + "bom-ref": "cli-spinners@2.9.2", + "author": "Sindre Sorhus", + "description": "Spinners for use in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-spinners@2.9.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-spinners.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-spinners/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb0a95fb9326c8be04ef26d780acace03ba065b5f4142e8b9f0ae18eeca42239caf64f0e41a710edac462a78c35d63619ecd31a2dddb648e61e791fcca8f5c26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-spinners" + } + ] + }, + { + "type": "library", + "name": "cosmiconfig", + "version": "9.0.0", + "bom-ref": "cosmiconfig@9.0.0", + "author": "Daniel Fischer", + "description": "Find and load configuration from a package.json property, rc file, TypeScript module, and more!", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cosmiconfig@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/cosmiconfig/cosmiconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cosmiconfig/cosmiconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8adbcbe61f1111300298e4c573851f23207645f1078bbd40c7a13f3e2bd5c6af4db1e29b396a5ec8710e21b980c35aecf0093456eaec40dc30ee57fb62d530ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cosmiconfig" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fa1d6590b2a164c4d88e8835544a49346ecd64959cb9cd830e4feab2a49345108e5e22e3790d5dd7fb9dad41a1a8cc5480097028d67471fdaea9a9f918bb92d8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/env-paths" + } + ] + }, + { + "type": "library", + "name": "import-fresh", + "version": "3.3.0", + "bom-ref": "import-fresh@3.3.0", + "author": "Sindre Sorhus", + "description": "Import a module while bypassing the cache", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/import-fresh@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/import-fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/import-fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bde6188506be0f54012b39ef8541f16fc7dac65af0527c6c78301b029e39ec4d302cd8a8d9b3922a78d80e1323f98880abad71acc1a1424f625d593917381033" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/import-fresh" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "4.1.0", + "bom-ref": "js-yaml@4.1.0", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c29c59b3d368c596891122462194f20c4698a65d0529203e141f5a262c9e98a84cc24c5083ade1e13d4a2605061e94ea3c33517269982ee82b46326506d5af44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.2", + "bom-ref": "error-ex@1.3.2", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "2.3.1", + "bom-ref": "json-parse-even-better-errors@2.3.1", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c72170ca1ae8fc91287fa1a17b68b3d8d717a23dac96836c5abfd7b044432bfa223c27da36197938d7e9fa341d01945043420958dcc7f7321917b962f75921db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-parse-even-better-errors" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "5.1.6", + "bom-ref": "typescript@5.1.6", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@5.1.6", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cda582a33459e832c4580585ad50f3d47e85557cd449f4f2e4550c5ac42553c626e493fd78ee31913211385090be141feb5cfa3bf1baba0c374a0027bef9be1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d15851ee494dde0ed4093ef9cd63b25c91eb758f4b793ae3ac1733cfcec7a40f9d9997ca947c520f122b305ea22f1d61951ce817fbb1bfbc234d85e870c5f91" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "plugin-plugins", + "group": "@oclif", + "version": "5.2.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2", + "author": "Salesforce", + "description": "plugins plugin for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-plugins@5.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-plugins.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-plugins/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-plugins/-/plugin-plugins-5.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "054027977f9f374f1c7fb2ea9cb851bf991cf8758e2f3dd32eadedf407f6e5af100a9c5804a6339f283152ba08e744ccd34dbe8b49af8e4b518e0d9b1fd791ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6e519014293e66f19cefb3bd975b2dc7b6f55b4d6963444eba70feb46f127302a7f60e0202a3b9584d8d881d498b9cda6362fc396ef9a81ef3dcd103b66badb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3a58cbad0f5241d394a93690c6a2f97447d95ab5c4c72c96b28cd89405856b03d536e0fcde2825eee243d914e434c6e7888620b7c97cd5e08918875017b6af2d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-name" + } + ] + }, + { + "type": "library", + "name": "npm", + "version": "10.8.0", + "bom-ref": "npm@10.8.0", + "author": "GitHub Inc.", + "description": "a package manager for JavaScript", + "licenses": [ + { + "license": { + "id": "Artistic-2.0" + } + } + ], + "purl": "pkg:npm/npm@10.8.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://docs.npmjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm/-/npm-10.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c21f77b91733829ec70e73cc88b5dc0a4bf685a81d252d3327d293ff7d5dd05a173f4dbeaa037600ec29696f397f14569229e5dab10b7cfc3e0a30575b8f3f8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm" + } + ] + }, + { + "type": "library", + "name": "plugin-version", + "group": "@oclif", + "version": "2.2.2", + "bom-ref": "@oclif/plugin-version@2.2.2", + "author": "Salesforce", + "description": "A command that shows the CLI version", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-version@2.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-version.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-version", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-version/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-version/-/plugin-version-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1f8b742bb15567ea42c0b01cd3679965b18c816f58717f0b58c976317ccac5019f3eb98164b4e113621e6d1f4fbd10248c3af30a66d979625c0b1f7bb4767a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version" + } + ] + }, + { + "type": "library", + "name": "plugin-warn-if-update-available", + "group": "@oclif", + "version": "3.1.4", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "author": "Salesforce", + "description": "warns if there is a newer version of CLI released", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-warn-if-update-available@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-warn-if-update-available.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-warn-if-update-available/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-warn-if-update-available/-/plugin-warn-if-update-available-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c63eb3830bee105994ac76055c7a2a993a6f394b0482a5e2ca87fd3aa8e0955dd77813cdb109dbb96ff4f391c549606f2885500addb6b954556890b3de8ece0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available" + } + ] + }, + { + "type": "library", + "name": "content-type", + "version": "1.0.5", + "bom-ref": "content-type@1.0.5", + "author": "Douglas Christopher Wilson", + "description": "Create and parse HTTP Content-Type header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d38ea7dc045122a4a7570afe180d05827e670b64a9bcd65745d29028a53bf2ac51956dc47a3ff54001de46ecdfb4b53afc42a894d2d15a743e852b836d27038" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-type" + } + ] + }, + { + "type": "library", + "name": "is-stream", + "version": "2.0.1", + "bom-ref": "is-stream@2.0.1", + "author": "Sindre Sorhus", + "description": "Check if something is a Node.js stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "845a222624e5eb79e7fa4b2d1c606d7b05922a740ba726f5e7928785e035977f6ebed3bd9d6228a75a77b9da8f71477fc5b17554b30ee27ece23aa7b45b9e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-stream" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf3d3a4bcb74a33a035cc1beb9b7b6eb37824cd5dc2883c96498bc841ac5e227422e6b38086f50b4aeea065d5ba22e4e0f31698ecc1be493e61c26cca63698ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.2.1", + "bom-ref": "safe-buffer@5.2.1", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "test", + "group": "@oclif", + "version": "3.2.15", + "bom-ref": "@oclif/test@3.2.15", + "author": "Salesforce", + "description": "test helpers for oclif components", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/test@3.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/test/-/test-3.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea1b7468b28ccdab24a4c525c89d4d765de736b0f48e92a6072437dd1598961b76bc0b1bb87673e2010be6b3e049b0e94b4267c4425487aa2c9550a38c1e15c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "version": "4.4.1", + "bom-ref": "chai@4.4.1", + "author": "Jake Luer", + "description": "BDD/TDD assertion library for node.js and the browser. Test framework agnostic.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chai@4.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/chai.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://chaijs.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/chai/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d77b0e7ccbf6f8359db8453eff16ee9f72d270ba2a375ee705e4cb52c9837ca768882d5faf49fd3d4e20baee0085170e54593fb16f0bc99587ba15ad419885fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chai" + } + ] + }, + { + "type": "library", + "name": "fancy-test", + "version": "3.0.15", + "bom-ref": "fancy-test@3.0.15", + "author": "Salesforce", + "description": "extendable utilities for testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fancy-test@3.0.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/fancy-test.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/fancy-test", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/fancy-test/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fancy-test/-/fancy-test-3.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91964574fcd55ad2b106498b2d47f1862cec78697565946e0a69ae0a4a35a2202cfd7fccbc4e000a6fef973bf17eee0e79bffb309f2154ff2b522566dd1ef6f5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fancy-test" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chai", + "group": "@types", + "version": "4.3.14", + "bom-ref": "@types/chai@4.3.14", + "description": "TypeScript definitions for chai", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/chai@4.3.14#types/chai", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/chai", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/chai", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a3ef5b1713843802419d1bd4efab5bbf7eab8dcfd11d1b82c824cc1554823b6ac8630fff1c7fc7f221f2408d1afa61cb179d213c70e1903ead60a9e47ccfedf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/chai" + } + ] + }, + { + "type": "library", + "name": "sinon", + "group": "@types", + "version": "17.0.3", + "bom-ref": "@types/sinon@17.0.3", + "description": "TypeScript definitions for sinon", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinon@17.0.3#types/sinon", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinon", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinon", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinon/-/sinon-17.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f7ba8bdd9fc7b0932f644411b5f5b3b06996dec49bbf5e3b641f28ef520b78c5f3c5cf5f1d70e44832a9d887ae85c773e8c2172bf39353e7e7abdfea1589aa7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinonjs__fake-timers", + "group": "@types", + "version": "8.1.5", + "bom-ref": "@types/sinonjs__fake-timers@8.1.5", + "description": "TypeScript definitions for @sinonjs/fake-timers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/sinonjs__fake-timers@8.1.5#types/sinonjs__fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/sinonjs__fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sinonjs__fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/sinonjs__fake-timers/-/sinonjs__fake-timers-8.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "990914da363c8c9105ed81e31efb103bcfb7ba08532f599c9e7f7a8a07e138d991f9f50f48a22479f418a527bc6ec972d84a7ba106e7ffa546e7ff7fd2a700ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/sinonjs__fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-stdin", + "version": "1.0.0", + "bom-ref": "mock-stdin@1.0.0", + "author": "Caitlin Potter", + "description": "Mock STDIN file descriptor in Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-stdin@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/caitp/node-mock-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/caitp/node-mock-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-stdin/-/mock-stdin-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6e91175bf417aedbbb7a74df97ced4911eaf49d01fc2a003b2486cc77e7f144df9aa8a9039c8d4ffb03504c987405771e991ae96c7a90e331b8e6dd39ec7ad1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nock", + "version": "13.5.4", + "bom-ref": "nock@13.5.4", + "author": "Pedro Teixeira", + "description": "HTTP server mocking and expectations library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nock@13.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/nock/nock.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nock/nock#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nock/nock/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nock/-/nock-13.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c80c937dd78d24618117159dcd2282058c6ce45c4b6c28395f94387adb3def885c4331b5faa0b1bc8c8ea388f6472e8c52585654c5f83a860379f008230ba98f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nock" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-safe", + "version": "5.0.1", + "bom-ref": "json-stringify-safe@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSON.stringify, but doesn't blow up on circular refs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642960e80698bda9af60413cd9ddc8c9ddef49222343ea1d823693cd1b8edeceeda0274529cce86f68b4cc287b244f245a7d7bcaf016854571bea1b051a96c44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stringify-safe" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "propagate", + "version": "2.0.1", + "bom-ref": "propagate@2.0.1", + "author": "Pedro Teixeira", + "description": "Propagate events from one event emitter into another", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/propagate@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nock/propagate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/nock/propagate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/nock/propagate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bc6ae139abcf493cf841536e04d75c35778f35d34c68ed718fdc81787d527103e393fae183db129425cf84c905b9a34d5bfb324ef62ab276c82713017d16db6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/propagate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sinon", + "version": "16.1.3", + "bom-ref": "sinon@16.1.3", + "author": "Christian Johansen", + "description": "JavaScript test spies, stubs and mocks.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sinon@16.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/sinon.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sinonjs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/sinonjs/sinon/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sinon/-/sinon-16.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a39d659ecb17007fd9c2d1b5dc3e6883badfa813c1d8ae275337305b17df006152e65b0191a76212129ca161f946d627c82d3f9e367dc198a5093f18d750f94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "3.0.1", + "bom-ref": "@sinonjs/commons@3.0.1", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b79821ca43db1587ca350bd731930c5a3a65e800c943c42d666321eb8ea39611c06362befab7deb32f6ce58f9754199dc74b0db8d17d6a807dcc8dfd72256a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "10.3.0", + "bom-ref": "@sinonjs/fake-timers@10.3.0", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@10.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578046d3b92e6125244c24811c6f06f1336133e175f635c55a742dce3fb07bc0eb92948109e7bd67732cf328867abfdd96685edf9fd7760ca8dffd2b40a83b60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "samsam", + "group": "@sinonjs", + "version": "8.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0", + "author": "Christian Johansen", + "description": "Value identification and comparison functions", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/samsam@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/samsam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sinonjs.github.io/samsam/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/samsam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "069f0a51594ba7c89b259ae7bead9fa1584fd08557d82229acc24f2b4bea1aa82b0dad0e1d529e67207292ab2492b77157ac8a04f9866ac3bc2d58c0291dc67b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.get", + "version": "4.4.2", + "bom-ref": "lodash.get@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.get` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.get@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfe530fef2eecba8107bc71f685583ee9d3056ff1f265de66f35e1df7452fb4a16db0bd4aa2457890ebd80b5922e9801e7feac53eafa065411d0c0482da76a4d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.get" + } + ] + }, + { + "type": "library", + "name": "nise", + "version": "5.1.9", + "bom-ref": "nise@5.1.9", + "description": "Fake XHR and server", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/nise@5.1.9", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/sinonjs/nise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/nise#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/nise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8e9e8ba35b8495e9ee34758c4939bdeebeea0f1ed98bcc89384c5a3e8f48cf2680bee59f718dae6a1f9259a1b10fb1af3e618a6132b392c27aec844846daac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-encoding", + "group": "@sinonjs", + "version": "0.7.2", + "bom-ref": "@sinonjs/text-encoding@0.7.2", + "author": "Joshua Bell", + "description": "Polyfill for the Encoding Living Standard's API.", + "licenses": [ + { + "expression": "(Unlicense OR Apache-2.0)" + } + ], + "purl": "pkg:npm/%40sinonjs/text-encoding@0.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/text-encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/text-encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b175ca1beb8bf48acaa95893b5aa365ace9dcb4ce7bbdb0e68fd5d8bf8ca196d4ce95b2c3bcbe5a5709072967e8e2b10d6d4c5002e49a3f10ecc56e08016a015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/text-encoding" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-extend", + "version": "6.2.0", + "bom-ref": "just-extend@6.2.0", + "author": "Angus Croll", + "description": "extend an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-extend@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "718a1f42ed97a689bcd92eaa0fbefc8c10e9c2fbf2dfdb3597f86b6228f6bbd00c750706469681bba918e26561ba7a39909562d43033e1a8a9840d96235fce03" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/just-extend" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "stdout-stderr", + "version": "0.1.13", + "bom-ref": "stdout-stderr@0.1.13", + "author": "Jeff Dickey @jdxcode", + "description": "mock stdout and stderr", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stdout-stderr@0.1.13", + "externalReferences": [ + { + "url": "git+https://github.com/jdxcode/stdout-stderr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jdxcode/stdout-stderr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stdout-stderr/-/stdout-stderr-0.1.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e7b7dfc71c761f8d9ecd7902efb900f22f52e76ec6dd760305282b9a40ac0609d266f0b9ecb59217a29fae398dfa511d545d7a075df31b0b52a555d55dd892c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stdout-stderr" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abort-controller", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/abort-controller@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "A simple abort controller library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/abort-controller@3.0.0#packages/abort-controller", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/abort-controller", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/abort-controller", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7a1a514606df4ae0c60bbbbd98b89e76dcd551e00f281e50b933624ee8e990a8df2401cfee87526a2c4f858b34e892b4891a0d024af0be06bb261b32adb1928" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/abort-controller" + } + ] + }, + { + "type": "library", + "name": "express", + "group": "@types", + "version": "4.17.21", + "bom-ref": "@types/express@4.17.21", + "description": "TypeScript definitions for express", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express@4.17.21#types/express", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a394f337d79ab02e96909500d38cf76c50549ce99b0fe0037a0255a7a203e343b0958bb3d8177615cfe098de3136a7061fec4ffb1e50c0374ad5d86c531b41d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "group": "@types", + "version": "1.19.5", + "bom-ref": "@types/body-parser@1.19.5", + "description": "TypeScript definitions for body-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/body-parser@1.19.5#types/body-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/body-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/body-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c1dd9bbddae71abb4890d0930215013b6ff76ff0eb74ecd23729a64890850d5eaf3693878102a51a9de5df95e198f495ac91e4bdcbebb49d7332b2972e42b0a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/body-parser" + } + ] + }, + { + "type": "library", + "name": "connect", + "group": "@types", + "version": "3.4.38", + "bom-ref": "@types/connect@3.4.38", + "description": "TypeScript definitions for connect", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/connect@3.4.38#types/connect", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/connect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/connect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bab9139fd4b0fcf2e0d0a890a4b40e32ccbd586002ba3607ec234bff9938323ca5ac5f50a72745cf48385589e8ebbb519c4642d66fc465cc560946a1946daba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/connect" + } + ] + }, + { + "type": "library", + "name": "express-serve-static-core", + "group": "@types", + "version": "4.19.0", + "bom-ref": "@types/express-serve-static-core@4.19.0", + "description": "TypeScript definitions for express-serve-static-core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/express-serve-static-core@4.19.0#types/express-serve-static-core", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/express-serve-static-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/express-serve-static-core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c6c9ea7726a3c246bcb5c2af8ee67ee88818065a67882573e35d70a8f042b4bbc76e6464986abedc1aa77730bd8952c2c6781edf99cd3a298a3d7cb196a8fbd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/express-serve-static-core" + } + ] + }, + { + "type": "library", + "name": "qs", + "group": "@types", + "version": "6.9.15", + "bom-ref": "@types/qs@6.9.15", + "description": "TypeScript definitions for qs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/qs@6.9.15#types/qs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/qs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b971d02844ba0d028a08b878e355effddc313aad53552dc93d432512aa04825be5851e8cc6795ec3f5eafcb4551e92f293b88adf33837b5a981c8325b4eed71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/qs" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "group": "@types", + "version": "1.2.7", + "bom-ref": "@types/range-parser@1.2.7", + "description": "TypeScript definitions for range-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/range-parser@1.2.7#types/range-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/range-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/range-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84aa2b9896e426acd01a1ce26b1e4f22d0d44cc00cf6e1365d7426337eddc9de2154cfb969597ba15c4c554895427da809014dfcb28265dbd2334a4546a6d299" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "group": "@types", + "version": "0.17.4", + "bom-ref": "@types/send@0.17.4", + "description": "TypeScript definitions for send", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/send@0.17.4#types/send", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/send", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/send", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c7610ce9324ec9b79cedce76057d19b293e874cb1051de4be8f4703ae9d5c955215e205229fdc07b30cbf0382f82de68d147ca35fb80d1e30baf6c0b4f802204" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "group": "@types", + "version": "1.3.5", + "bom-ref": "@types/mime@1.3.5", + "description": "TypeScript definitions for mime", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mime@1.3.5#types/mime", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mime", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe9c8165648b0f69f475c1c4de1abcb3c66f7044c7b44b85fb713b5d5b74220da7bec5505dd8211d57049085a3cbd034c0a7d39fdedafcf48362884a2259cfff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "group": "@types", + "version": "1.15.7", + "bom-ref": "@types/serve-static@1.15.7", + "description": "TypeScript definitions for serve-static", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/serve-static@1.15.7#types/serve-static", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/serve-static", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/serve-static", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5bc626fa1f2786e47068a3da0f0df8414930b068ba45ce3262abca168e6b9b61541210856f3556af15d4c6e28af130128d6b32b096349ec98d086842388b2b3b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/serve-static" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "group": "@types", + "version": "2.0.4", + "bom-ref": "@types/http-errors@2.0.4", + "description": "TypeScript definitions for http-errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-errors@2.0.4#types/http-errors", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-errors", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-errors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f408530cb7275b2407a0ccec878ed88a3cb96f9e6de24d9c994526682eada64610dd98b7c858e0983df409e1cbb67ab2a0854fbe42f8dc523a7fe61ee1112a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-errors" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "group": "@types", + "version": "11.0.4", + "bom-ref": "@types/fs-extra@11.0.4", + "description": "TypeScript definitions for fs-extra", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/fs-extra@11.0.4#types/fs-extra", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/fs-extra", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-11.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c936c8b4236b791a28103df7aa3ba73ed8517128c444fd6be0ca8265cef0bf4bb6b149334c5a78e6d8147d2e7eafb16b64f76608235f94b85548ffe8f927a6b1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "group": "@types", + "version": "6.1.4", + "bom-ref": "@types/jsonfile@6.1.4", + "description": "TypeScript definitions for jsonfile", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jsonfile@6.1.4#types/jsonfile", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jsonfile", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jsonfile", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jsonfile/-/jsonfile-6.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f9a86518c23be734d7b1b5d539f7ff9f23eb299f0b53166c903f487e3df20e4a435fa54e803880943a49b88b43a74a4f8dca374f26bc420eba34b09b16951a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jsonfile" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "group": "@types", + "version": "4.0.3", + "bom-ref": "@types/get-installed-path@4.0.3", + "description": "TypeScript definitions for get-installed-path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/get-installed-path@4.0.3#types/get-installed-path", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/get-installed-path", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/get-installed-path/-/get-installed-path-4.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5deea74eebca3b776e98cb29b267f57b092b7bce5f866426335c88bf67e4c99458a9753538d6001fd6f61cc0e2ca43ef76315485eb9de298b3044a48eede8e53" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "jest", + "group": "@types", + "version": "29.5.12", + "bom-ref": "@types/jest@29.5.12", + "description": "TypeScript definitions for jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/jest@29.5.12#types/jest", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7830bc6d3bd3fd0858771240ba542292e7a2818e40b1d0511f6c83296df2bde5bbb2f637f83ccdf38ff6354824c35d114e225b5aa66b4eda0655d625bc525d2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/jest" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "29.7.0", + "bom-ref": "expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@29.7.0#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9992cd217f554b15823591b8742398cfdca1c7c821e991fc87073b125d116097f060f665987cc5bca03f8f74c3e5130cb91cdb11f49bad632ea931e3a1eb59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect-utils@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@29.7.0#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5b0d0568854050958bd4154b1edfe4080c78bc5ef58082b393ee3f63b62dd8c3000f0987d797ee503526aff1757c3759bde1caf94535f6487dc45eb52cd870" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "29.6.3", + "bom-ref": "jest-get-type@29.6.3", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@29.6.3#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cebb5e5e7a98c5f421ee5e451f22f7f232f7f5d8bc1fcac7a1e70b1f724dc47dc1c0eac1b0d79a6dd6a9e5ed08db7943e071c8f16e5514166a1b811aab92cd73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "29.7.0", + "bom-ref": "jest-matcher-utils@29.7.0", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@29.7.0#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b01903f978bd0ed70286c2372f7bb4f8dd28a603d89c244fb4671062b817991fa19adfdf61f5802f4c515d853c79639d7ee2e005ed18096dc016d9d12da82afe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "29.7.0", + "bom-ref": "jest-diff@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@29.7.0#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cc220888ae18a098faecd37247a71521db22122b7bcb14f900a1d3dea34f81b85ef003616841b904835bbc8016014e19dcbbb7b5a040d47c85d5b93a8b4548f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "29.6.3", + "bom-ref": "diff-sequences@29.6.3", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@29.6.3#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12378f2b5b2b0f73f4f28da3e1fd04c67ca5a91b3907db498dca7db7592b1f6a918bc08276c61fc1ef498122eeac5056c2ae2e3a58a9cdf9397c736fc052abf1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "29.7.0", + "bom-ref": "pretty-format@29.7.0", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@29.7.0#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3dd970fe83f137e69776633d474d09542f56545a022d3289bc354b82627ea807df04cc6c57ce65fcbbbbb0dc78cd2ccfca82f67ae226b84c0784e5dd12034565" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "29.7.0", + "bom-ref": "jest-message-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@29.7.0#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "181115e064400de3feaad076fbabbad6cb5e6bc98670e4f8982b6b608499c1fbbdfc8487149ff9cce31761ba4113d46c4b9f866fadc35b81609a7289efd29feb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/types@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@29.6.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb750fb088a558a38cdc5f425edac6f0b10998dc70a02402fd7563e082985efbe9c7b4088bf2a0d4b239b83983a4a95a73ad8d52d5fb78b8d187e8d565c2cecf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "29.7.0", + "bom-ref": "jest-util@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@29.7.0#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cfa11b29a8c8a6a18a539eb2e4a054832d5db758a18502605b352564702b03ff97d9a77b09be6217e00ad445952ff068ed1cfdbaeae9ab0e9288109e7d46c218" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/schemas@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@29.6.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a8e63e57fa321998942f78129e4bf72502e7a2a55eca8225f5bcc802c5a9b544d622a84d70eb69f4fed2499c7b635bc647710728e6063ce630379a2d0bfa748" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.27.8", + "bom-ref": "@sinclair/typebox@0.27.8", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.27.8", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f858f8de948cc09b38291ac7ffddfc51ffae0042c881506643383fab5606d74763c9f0374e7ad4f0df17cea0a1fe891976ccea0504d97fdea274c7c4e659f04c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "group": "@types", + "version": "4.0.9", + "bom-ref": "@types/js-yaml@4.0.9", + "description": "TypeScript definitions for js-yaml", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/js-yaml@4.0.9#types/js-yaml", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/js-yaml", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9383066909794c6a3f8a2a6a6f65031b65308d7ce2496921d2ecac41e953949a57d6a1a5a546589bc3e73b80f11b5a81a26b4951d609eaa47ac5d21a875d092e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mocha", + "group": "@types", + "version": "10.0.6", + "bom-ref": "@types/mocha@10.0.6", + "description": "TypeScript definitions for mocha", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mocha@10.0.6#types/mocha", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mocha", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mocha/-/mocha-10.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "749beb616c4ffd47179b7e909f7e9fc6150abbc03fc4c457553d9c962145d59ed403d9621b93ec8f77b3352670fb9a6e1f67330d744b7174317fc25b26dd1e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mocha" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "group": "@types", + "version": "4.13.4", + "bom-ref": "@types/mock-fs@4.13.4", + "description": "TypeScript definitions for mock-fs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mock-fs@4.13.4#types/mock-fs", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mock-fs", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mock-fs/-/mock-fs-4.13.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "99798cd28ea550b3c8f33dd7367402a4bd011b13f0c75525d705d810f04697879f4a1cb15b64659f424e3c4586c9969864c33a3955ccff5e7352e14c639da58e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "undici-types", + "version": "5.26.5", + "bom-ref": "undici-types@5.26.5", + "description": "A stand-alone types package for Undici", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/undici-types@5.26.5", + "externalReferences": [ + { + "url": "git+https://github.com/nodejs/undici.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://undici.nodejs.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/undici/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26508c3be7a174420aaa517193a21f568014566833edc53bcc3fe1f57674ab37a8b121e650954ecd242fbd84985979055c2f887cb29221f7e1bf4b1566ea7aa4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/undici-types" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "group": "@types", + "version": "1.3.3", + "bom-ref": "@types/objects-to-csv@1.3.3", + "description": "TypeScript definitions for objects-to-csv", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/objects-to-csv@1.3.3#types/objects-to-csv", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/objects-to-csv", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/objects-to-csv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/objects-to-csv/-/objects-to-csv-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0be7cc752da02beacd51ce620231ff778cfea0d6b272d06ba45e46f433b84a9a81efcc06fd3929d917c8f3fe9a29ffd1f8b39a0117106b14371bfe9498083c19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "group": "@types", + "version": "4.2.3", + "bom-ref": "@types/prompt-sync@4.2.3", + "description": "TypeScript definitions for prompt-sync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/prompt-sync@4.2.3#types/prompt-sync", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/prompt-sync", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/prompt-sync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/prompt-sync/-/prompt-sync-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b1efb8024b1d18c9e6a41adfea7ce6544853524a2fac877001a063a20b088ed8a383c78f760499d49bda085d2f801c9b6aa75da233845db98eaf89327d6d8c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "tmp", + "group": "@types", + "version": "0.2.6", + "bom-ref": "@types/tmp@0.2.6", + "description": "TypeScript definitions for tmp", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/tmp@0.2.6#types/tmp", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/tmp", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/tmp/-/tmp-0.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72185a35fda82879519031adfad88a136679689eaa6a59bb67dae52dd07098e88001fd3d610befa0b5e358ae0758f175c54fdfaaf3207cd7e956806c700fed28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/tmp" + } + ] + }, + { + "type": "library", + "name": "uuid", + "group": "@types", + "version": "9.0.8", + "bom-ref": "@types/uuid@9.0.8", + "description": "TypeScript definitions for uuid", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/uuid@9.0.8#types/uuid", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/uuid", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0fbdec4188718f4018724945a68f5607ad283b2b4e06d18d0e4cb208e1fc340a1059740edc91aff5423b20f54f647530d7963cafeeec9a068650d99ca0407c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/uuid" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@7.12.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/eslint-plugin", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec5f757dc6ee0dffdddd2f28db5fabdd99dc18891effe7969341293b6d4b5e10df2da86b89917d0868f87db01eb448e56817637529bd6ba55e5dba5b4fa678d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "group": "@eslint-community", + "version": "4.10.0", + "bom-ref": "@eslint-community/regexpp@4.10.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/regexpp@4.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aef7a49dd81cbd982353c768b228e9aad74bf6da351542fd25427946372d7aa04f79f3dc84f900033dbacc182900e7570a6528373eefda4c955319f2ffaa350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/parser@7.7.1", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@7.7.1#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be63f304e3adcf8f05e89006552fe46589381245daa3a886ac3f37f2ca75c37350402d16f2bcbfabae35294e0fac6ec028d01fe7a34e711f063a91fc97d14f0b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/scope-manager@7.7.1", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.7.1#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f2b4189fd9217ef52a4450aca7627e60d511c575d254732ca71a9ced5f797f8a4eca99912fd7d5823215019075cf53d7acfd55860f7ff3837c20f74f83876ac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/types@7.7.1", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.7.1#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0263e69c65b564b4e959afbfda898facf7d1ec171b514e2885ae5521b49b4b56b54eff7ae9b925bcb357c69de6adb73e3f68f830d3937c37df36c938a3473aff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/visitor-keys@7.7.1", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.7.1#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8012f712adb9b800f0d4b43d915a5fde144cf835b3b34b999271d82b786ae237133ea5420a51c60e707a514515d9215e05e0382961d66db2ea99b19c6781586f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.7.1", + "bom-ref": "@typescript-eslint/typescript-estree@7.7.1", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.7.1#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0977b4247097aeef056b7e9db5e5ea987d98c6780a2639102e3c73a23e8b630cd9eea66f82c2d273e7aa22d0aba88a29f1597650aa008b44ad556bbdec541921" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-api-utils", + "version": "1.3.0", + "bom-ref": "ts-api-utils@1.3.0", + "author": "JoshuaKGoldberg", + "description": "Utility functions for working with TypeScript's API. Successor to the wonderful tsutils. 🛠️️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-api-utils@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/JoshuaKGoldberg/ts-api-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshuaKGoldberg/ts-api-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "510308a3ba5bf1646898a475ffe30554b4eba08bc356d317dcae8e522afcca72f2cc1f097ab8a89edd9b4c0b6634f6b57a402037b60f0f27fa57eca0add53e79" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-api-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "3.4.3", + "bom-ref": "eslint-visitor-keys@3.4.3", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@3.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2973e2d77a2ca28acc4f944914cd4eacbf24b57eb20edcc8318f57ddcbb3e6f1883382e6b1d8ddc56bf0ff6a0d56a9b3a9add23eb98eb031497cfdad86fa26a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "8.57.0", + "bom-ref": "eslint@8.57.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@8.57.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "759ebe99ec6769321b481656828bb9d54e8e9b322160cd9570d76d893b48eea3cd666df9024a6bd1feafb70df0d4a9a7e4f628fad6557e1d775ab8694baa0ba9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0", + "description": "Type utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/type-utils@7.12.0#packages/type-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/type-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9626fdeadc91b4c84bc706ae0d6529fee5b714c84b03a0f4ac9f13ec7987ef1db71a4d46c30bbc519f7834c5c1bce10b9fa7e548f881ac22a57a19225f26aac0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "utils", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0", + "description": "Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/utils@7.12.0#packages/utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63a861c31c03c78d473698ee62cc18a7a8036e4899f078a7f417f9689427d5ba53b3769f618e065fe30f63199af23b68215d864704ccfd4266ff6b86095bfe0d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "group": "@eslint-community", + "version": "4.4.0", + "bom-ref": "@eslint-community/eslint-utils@4.4.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint-community/eslint-utils@4.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint-community/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint-community/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d7fb00e1dc2bcc1032794a10ea8c5a8472a6ad9bec9cb0a0e117f15b76451869909123503c534b57d09410540fd71f446171d3a39a7ac5d85933535ef69fc07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint-community/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graphemer", + "version": "1.4.0", + "bom-ref": "graphemer@1.4.0", + "author": "Matt Davies", + "description": "A JavaScript library that breaks strings into their individual user-perceived characters (including emojis!)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graphemer@1.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/flmnt/graphemer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/flmnt/graphemer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/flmnt/graphemer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12d2b0a0eea4c422fd58ee718a98874d9952cc19bb58b4fadbb4ea0bfb9545dd072a6abc357c9e6e7358c43a018bbc2df1e4d6ad4aca5c2395685abdc759206a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/graphemer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accurate-search", + "version": "1.2.15", + "bom-ref": "accurate-search@1.2.15", + "author": "Florin Mirel Dumitrescu", + "description": "The fastest and most accurate javascript full-text search library. Accurate search uses match distance algorithm to return the accurate order of the matching items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/accurate-search@1.2.15", + "externalReferences": [ + { + "url": "git+https://github.com/florind9/accurate-search.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://accuratesearch.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/florind9/accurate-search/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accurate-search/-/accurate-search-1.2.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2356977547875158d69468d26c177c35a304fc2414f78d87dad1cc12e6797adff16f9da60e18a421e6c08bdb9f12801ef25c331eb6c29784797ae099f0aff07c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accurate-search" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "8.16.0", + "bom-ref": "ajv@8.16.0", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@8.16.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ajv.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-8.16.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "174b7047c535654ebb24812d7a451c2e45e4a0ee6630c9a0183f2c2bfc5417327cd398f11d097dda1226140aaa5ccc8c62348f3b250f0301d8841ef6839b135f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ajv" + } + ] + }, + { + "type": "library", + "name": "fast-deep-equal", + "version": "3.1.3", + "bom-ref": "fast-deep-equal@3.1.3", + "author": "Evgeny Poberezkin", + "description": "Fast deep equal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-deep-equal" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "1.0.0", + "bom-ref": "json-schema-traverse@1.0.0", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34cf3f3fd9f75e35e12199f594b86415a0024ce5114178d6855e0103f4673aff31be0aadaa9017f483b89914314b1d51968e2dab37aa6f4b0e96bb9a3b2dddba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-schema-traverse" + } + ] + }, + { + "type": "library", + "name": "require-from-string", + "version": "2.0.2", + "bom-ref": "require-from-string@2.0.2", + "author": "Vsevolod Strukchinsky", + "description": "Require module from string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/require-from-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/require-from-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dfd2759ee91b1ece214cbbe029f5b8a251b9a996ae92f7fa7eef0ed85cffc904786b5030d48706bebc0372b9bbaa7d9593bde53ffc36151ac0c6ed128bfef13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-from-string" + } + ] + }, + { + "type": "library", + "name": "uri-js", + "version": "4.4.1", + "bom-ref": "uri-js@4.4.1", + "author": "Gary Court", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.4.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/garycourt/uri-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/garycourt/uri-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eeb294cb2df7435c9cf7ca50d430262edc17d74f45ed321f5a55b561da3c5a5d628b549e1e279e8741c77cf78bd9f3172bacf4b3c79c2acf5fac2b8b26f9dd06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/uri-js" + } + ] + }, + { + "type": "library", + "name": "punycode", + "version": "2.3.1", + "bom-ref": "punycode@2.3.1", + "author": "Mathias Bynens", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/punycode.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/punycode", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/punycode.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8b7b503d54f5683ad77f2c84bb4b3af740bbef03b02fe2945b44547707fb0c9d712a4d136d007d239db9fe8c91115a84be4563b5f5a14ee7295645b5fabc16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/punycode" + } + ] + }, + { + "type": "library", + "name": "form-data", + "version": "4.0.0", + "bom-ref": "form-data@4.0.0", + "author": "Felix Geisendörfer", + "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@4.0.0", + "externalReferences": [ + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1131249521a2e6dd10319ba25e803f43abdc9f170b40fe6f76e812a6e0328ba4951a2d9c94f3e9fb180486e31a1c2fb31a09f7d4a776df95b7e5fec7ca491ac3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data" + } + ] + }, + { + "type": "library", + "name": "proxy-from-env", + "version": "1.1.0", + "bom-ref": "proxy-from-env@1.1.0", + "author": "Rob Wu", + "description": "Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-from-env@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/Rob--W/proxy-from-env.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Rob--W/proxy-from-env/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fece439109b03d7f5b5d5912b445a091dc63efe7470cc5caf3e17f24e4b4d2503d43930e3b98a24465036e9c8b514e45b082d6944a8d515454481bd65788562" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-from-env" + } + ] + }, + { + "type": "library", + "name": "assertion-error", + "version": "1.1.0", + "bom-ref": "assertion-error@1.1.0", + "author": "Jake Luer", + "description": "Error constructor for test and validation frameworks that implements standardized AssertionError specification.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assertion-error@1.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/assertion-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/assertion-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/assertion-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8e0b1a35dbb3fa776f1b216ddee4ae5aabf2e250a72098a8beda2e40de4964738a092d90ba111d6dc407161564b33d8dd94f615c9a3ca1d1bb113c969447ae0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/assertion-error" + } + ] + }, + { + "type": "library", + "name": "check-error", + "version": "1.0.3", + "bom-ref": "check-error@1.0.3", + "author": "Jake Luer", + "description": "Error comparison and information related utility for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-error@1.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/check-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/check-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/check-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88a1280d869199dd66c4cf746b63847d6863b233e960fb90fa5318b28c41d76ebeb7c7f0ef24843b8f2798383908e4e3c4323ae7f636396a5e10793764e7bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/check-error" + } + ] + }, + { + "type": "library", + "name": "get-func-name", + "version": "2.0.2", + "bom-ref": "get-func-name@2.0.2", + "author": "Jake Luer", + "description": "Utility for getting a function's name for node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-func-name@2.0.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/get-func-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/get-func-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/get-func-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2f5cebee135ebb0ad21cdcec88b5ca3b37f76946d05b60eb0fb170b3ed7fcf3279468d88d21ae64980cd58ee699ec3b04a7fd06abcb5f6b67395cb504152cc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-func-name" + } + ] + }, + { + "type": "library", + "name": "deep-eql", + "version": "4.1.3", + "bom-ref": "deep-eql@4.1.3", + "author": "Jake Luer", + "description": "Improved deep equality testing for Node.js and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-eql@4.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/deep-eql.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/deep-eql#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/deep-eql/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "59a12d00ea51035310d1ea21a998e9183f33748d0ebec9bc9a616168337c76f0d9cf2a1431c6039dfe58ea2bbb1d35f17fc2434b6dea59ae1afa12820f238fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-eql" + } + ] + }, + { + "type": "library", + "name": "loupe", + "version": "2.3.7", + "bom-ref": "loupe@2.3.7", + "author": "Veselin Todorov", + "description": "Inspect utility for Node.js and browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loupe@2.3.7", + "externalReferences": [ + { + "url": "git+https://github.com/chaijs/loupe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/loupe", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/loupe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cd230834655891da5848e0662e2d03d54a3b254f6755d40aac7c42f1e62557ef5828af5678fa8094bee54a5a2b1bf536170d70d214c199a6bf8eb43751b3c7b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/loupe" + } + ] + }, + { + "type": "library", + "name": "pathval", + "version": "1.1.1", + "bom-ref": "pathval@1.1.1", + "author": "Veselin Todorov", + "description": "Object value retrieval given a string path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pathval@1.1.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/chaijs/pathval.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chaijs/pathval", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chaijs/pathval/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e9eb31aaa537444dd47ade57a12583de20eaa988d04db5cec1a5648bace8deed4688b04e5a63ddabfc0ba7400eebb17bdeb7796b277267657dbd50f4ca5f229" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pathval" + } + ] + }, + { + "type": "library", + "name": "colors", + "version": "1.4.0", + "bom-ref": "colors@1.4.0", + "author": "Marak Squires", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/Marak/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Marak/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colors/-/colors-1.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6be52a4e1e2481983f4a51af7dbcc31e9811bbb00040e9a6a911c99f185164808a1544fdd5bad584d36de7c08c594f4fb016efdcf0c26541db571b83887da6b4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colors" + } + ] + }, + { + "type": "library", + "name": "csv-parse", + "version": "4.16.3", + "bom-ref": "csv-parse@4.16.3", + "author": "David Worms", + "description": "CSV parsing implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-parse@4.16.3", + "externalReferences": [ + { + "url": "git+https://github.com/wdavidw/node-csv-parse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/parse/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wdavidw/node-csv-parse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-parse/-/csv-parse-4.16.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "70ed48ff39b3e30d9d70a1d5be90abec9551bbcfc5ca61b9384a66bec65895c718a253c12e85462941e03687386469057859561840e633204cf934ea45d5bfc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-parse" + } + ] + }, + { + "type": "library", + "name": "dotenv", + "version": "16.4.5", + "bom-ref": "dotenv@16.4.5", + "description": "Loads environment variables from .env file", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/dotenv@16.4.5", + "externalReferences": [ + { + "url": "git://github.com/motdotla/dotenv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/motdotla/dotenv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/motdotla/dotenv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66674bdabba2f9e07663086c5b38c89d1f0b95db591c60e8435ba01fce69a472b0a541cbee3eeb3744e2f4d0a71a241b85a675d45a51fbb6a8d5d36c99db8d52" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dotenv" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif-typescript", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3", + "author": "oclif", + "description": "eslint config for Typscript'd oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif-typescript@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif-typescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif-typescript/-/eslint-config-oclif-typescript-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4de24a5d6050dee28cb73833fbe505356a5ed560b1f267ea46ecd9cb52e2ad112046556feb9e929151b880d65ab79ad13484207c39934be61e6f12b4da47f294" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "experimental-utils", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0", + "description": "(Experimental) Utilities for working with TypeScript + ESLint together", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/experimental-utils@4.33.0#packages/experimental-utils", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/experimental-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cde4233a8112e491634e7021239418ed9be27333330e9b65b35e4616c23a8f250eab490e7fdf96a27921b652218744601d19ea8f981d3715b98f512f032620e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema", + "group": "@types", + "version": "7.0.15", + "bom-ref": "@types/json-schema@7.0.15", + "description": "TypeScript definitions for json-schema", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json-schema@7.0.15#types/json-schema", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/json-schema", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/json-schema", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7e7cff0ff0c14d0be0326420f1ac1da991914f1b3a90594ce949ebae54bbe6f1531ca2b3586af06aa057312bc6d0cf842c6e7e2850411e9b8c032df732b061c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tsutils", + "version": "3.21.0", + "bom-ref": "tsutils@3.21.0", + "author": "Klaus Meinhardt", + "description": "utilities for working with typescript's AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsutils@3.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/ajafff/tsutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajafff/tsutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajafff/tsutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "98728ade25172fedd417ac4be64d0f12129150128f042bfff919043a98d15b1c71dbb28a4419a603ad00f6980e52f322f062a144c3c49a30513f3b365bb3b538" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esrecurse", + "version": "4.3.0", + "bom-ref": "esrecurse@4.3.0", + "description": "ECMAScript AST recursive visitor", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esrecurse@4.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esrecurse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esrecurse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esrecurse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a67ca2f76fa1be457bcff0dd6faf74ead642ffa021609f63585c4b6a3fcfcbde929aa540381bc70555aa05dd2537db7083e17ca947f7df8a81e692d8bafd36a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esrecurse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "3.0.0", + "bom-ref": "eslint-utils@3.0.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae402e3720672dc3af29240d5181b412f3f34feeb721e82c1de23dd906d828e3ff05963e1e184ed96126513778aae69554bfa18f756e59d511657a8f38b8b0c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "highlight", + "group": "@babel", + "version": "7.24.2", + "bom-ref": "@babel/highlight@7.24.2", + "author": "The Babel Team", + "description": "Syntax highlight JavaScript strings for output in terminals.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/highlight@7.24.2#packages/babel-highlight", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-highlight", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-highlight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "61a7356a8e1f9644f14ed7820d92c4bddc60d9f65fcf5bfc338429686ca9abf58f0ea8378a31d86c37ecf8b1b986fcd2a2a69267dfd9f652923f70a3663bfea4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "13.24.0", + "bom-ref": "globals@13.24.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@13.24.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0213b9414723f2596b6c6d3d89684f536076d38275c673de2fc910995a2b4accbe4a38f5b24f2023287a714a1c1a61f82f452e840272fa124c440e26800e2615" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "doctrine", + "version": "3.0.0", + "bom-ref": "doctrine@3.0.0", + "description": "JSDoc parser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/doctrine@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/doctrine.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/doctrine", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/doctrine/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c92f90e62de105fec6064778286f1aede04d3563462d3684c306165228c860cef3ae56033340455c78e33d6956675460ed469d7597880e68bd8c5dc79aa890db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/doctrine" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "enquirer", + "version": "2.4.1", + "bom-ref": "enquirer@2.4.1", + "author": "Jon Schlinkert", + "description": "Stylish, intuitive and user-friendly prompt system. Fast and lightweight enough for small projects, powerful and extensible enough for the most advanced use cases.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enquirer@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/enquirer/enquirer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/enquirer/enquirer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/enquirer/enquirer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad1a8983fea0779dfc547bd1dcf4ab75105bff5572d987f31eacef6e11884290d12886b816057fe786f9435c584b138ec0abe35f0792dba13443e9c0330a76a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enquirer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-colors", + "version": "4.1.1", + "bom-ref": "ansi-colors@4.1.1", + "author": "Brian Woodward", + "description": "Easily add ANSI colors to your text and symbols in the terminal. A faster drop-in replacement for chalk, kleur and turbocolor (without the dependencies and rendering bugs).", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-colors@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/ansi-colors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/ansi-colors", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/ansi-colors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2685f46a919b1da50904d97ac85fa9e89005619ebaebf86108628de6df501636c940a514fe0f0c35b1436ef7eb80a5ef23542966994f3a7c08a3df655ff00098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ansi-colors" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn-jsx", + "version": "5.3.2", + "bom-ref": "acorn-jsx@5.3.2", + "description": "Modern, fast React.js JSX parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-jsx@5.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn-jsx.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn-jsx/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aeaf6cf893617f4202863b435f196527b838d68664e52957b69d0b1f0c80e5c7a3c27eef2a62a9e293eb8ba60478fbf63d4eb9b00b1e81b5ed2229e60c50d781" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-jsx" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esquery", + "version": "1.5.0", + "bom-ref": "esquery@1.5.0", + "author": "Joel Feenstra", + "description": "A query library for ECMAScript AST using a CSS selector like query language.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/esquery@1.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/estools/esquery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esquery/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esquery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6102d7529940c09802c9d43bf08309cb064271ea2a935a07d3538445d48025cffb5360329708e14822c312dab083cd7589d212ffd7c85391a31bbdc882328c56" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esquery" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "esutils", + "version": "2.0.3", + "bom-ref": "esutils@2.0.3", + "description": "utility box for ECMAScript language tools", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/esutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/esutils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/esutils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "file-entry-cache", + "version": "6.0.1", + "bom-ref": "file-entry-cache@6.0.1", + "author": "Roy Riojas", + "description": "Super simple cache for file metadata, useful for process that work o a given series of files and that only need to repeat the job on the changed ones since the previous run of the process", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-entry-cache@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/royriojas/file-entry-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/royriojas/file-entry-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec6a6cfd75b299b2e4d902d82b8373a4c3ab623321748c57b88bf2d9006c2c4ea58eea1d2af7645acfdca72249dc25485691f43a2d47be0d68bdb3332dd14106" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/file-entry-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "functional-red-black-tree", + "version": "1.0.1", + "bom-ref": "functional-red-black-tree@1.0.1", + "author": "Mikola Lysenko", + "description": "A fully persistent balanced binary search tree", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/mikolalysenko/functional-red-black-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikolalysenko/functional-red-black-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76c28d40d763eb10374fe4250030c0ee6392957d2a88c20d8e7d1c82bf9e1871ac6d21f34da6dc228833dbea7f8aa3f55ece843ffb12d926ea1fe6eb1936ead2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/functional-red-black-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2665cc67ac2ebc398b88712697dca4cea3ba97015ba1fd061b822470668435d0910c398c5679f2eece47b0880709b6aad30d8cc8f843aa48535204b62d4d8f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/imurmurhash" + } + ] + }, + { + "type": "library", + "name": "json-stable-stringify-without-jsonify", + "version": "1.0.1", + "bom-ref": "json-stable-stringify-without-jsonify@1.0.1", + "author": "James Halliday", + "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results, with no public domain dependencies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/samn/json-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/samn/json-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d6e8cbe97bb40dce196e858f21475a43f92ee0728f54e4df72e3caad1ac72cdd93dfff2528b6bb77cfd504a677528dc2ae9538a606940bbcec28ac562afa3f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-stable-stringify-without-jsonify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "levn", + "version": "0.4.1", + "bom-ref": "levn@0.4.1", + "author": "George Zahariev", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.4.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/levn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9b4f6b87e04e4b184ee1fe7ddebdc4bfb109495c2a48a7aca6f0e589e5e57afbaec3b2a97f2da693eea24102ddabcdfa1aff94011818710e2c7574cb7691029" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/levn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lodash.merge", + "version": "4.6.2", + "bom-ref": "lodash.merge@4.6.2", + "author": "John-David Dalton", + "description": "The Lodash method `_.merge` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.merge@4.6.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.merge" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "optionator", + "version": "0.9.3", + "bom-ref": "optionator@0.9.3", + "author": "George Zahariev", + "description": "option parsing and help generation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.9.3", + "externalReferences": [ + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/optionator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2630a8ca9a7e8ca9f5b6d105131c617ad08a789b7dce102002f7b91571e2c53bc50d6ff968492d5fd6ee7c128b45131d53b6cdb692df706bbde01ddc7442608e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "progress", + "version": "2.0.3", + "bom-ref": "progress@2.0.3", + "author": "TJ Holowaychuk", + "description": "Flexible ascii progress bar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/progress@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/node-progress.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-progress#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-progress/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ecf887b4b965e4b767288330d74d08fbcc495d1e605b6430598913ea226f6b46d78ad64a6bf5ccad26dd9a0debd979da89dcfd42e99dd153da32b66517d57db0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/progress" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexpp", + "version": "3.2.0", + "bom-ref": "regexpp@3.2.0", + "author": "Toru Nagashima", + "description": "Regular expression parser for ECMAScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexpp@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/regexpp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/regexpp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/regexpp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6ad9b5a8f66543e379dbb6cdb01afd7b5cb88d2f26be1a4959f246832d5d99d3c8030ac1a99ca9fd04531ea6f5ae1c26f256f63b279a39f8156fa106e69492e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexpp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "table", + "version": "6.8.2", + "bom-ref": "table@6.8.2", + "author": "Gajus Kuizinas", + "description": "Formats data into a string table.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/table@6.8.2", + "externalReferences": [ + { + "url": "git+https://github.com/gajus/table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/table#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gajus/table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/table/-/table-6.8.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c36b1fbfcd27ac08765426ea47900adbbc2cc1786a71c9360217e7356efa6de417b24199d55d761b04bfff26156b77777dcbc08a9d8e5276c30235b6937bfd7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/table" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37ef148ac0170c693c3c55cfe07033551f676df995277cd82c05a24c8a2a0b9bf98ac8a786bfabe6e68ef3eeebdc131fb8d22e7c8b00ed176956069c0b6712a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-table" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache", + "version": "2.4.0", + "bom-ref": "v8-compile-cache@2.4.0", + "author": "Andres Suarez", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache@2.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/zertosh/v8-compile-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zertosh/v8-compile-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1cc967376c01c107f82ecaa250548e68e016643e1ce73d8506d9e6bcd06a2777f060356a5aa7c4ce98b49e7901bb6e787628c212c6c91d0031b9f63ef3aee87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confusing-browser-globals", + "version": "1.0.10", + "bom-ref": "confusing-browser-globals@1.0.10", + "description": "A list of browser globals that are often used by mistake instead of local variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/confusing-browser-globals@1.0.10#packages/confusing-browser-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/create-react-app.git#packages/confusing-browser-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/create-react-app#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/create-react-app/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/confusing-browser-globals/-/confusing-browser-globals-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "80d95dff7972487c2e85a565b8950a2de3d88ab33740d08acd5c6a01d849208f7f5972955f93d447331526ca52d634ec952aa37ae1b828c5534a8ba2b7960f1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/confusing-browser-globals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-mocha", + "version": "9.0.0", + "bom-ref": "eslint-plugin-mocha@9.0.0", + "author": "Mathias Schreck", + "description": "Eslint rules for mocha.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-mocha@9.0.0", + "externalReferences": [ + { + "url": "git://github.com/lo1tuma/eslint-plugin-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lo1tuma/eslint-plugin-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-mocha/-/eslint-plugin-mocha-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77b92701c423d633c2cd97f771a781227dc19d6ea291cbdfcf4912a90a703d871518ba09579b33d25d0e241d8b47c23b76f4c36eaab5a15eb29614a0cc0d74ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ramda", + "version": "0.27.2", + "bom-ref": "ramda@0.27.2", + "author": "Scott Sauyet", + "description": "A practical functional library for JavaScript programmers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ramda@0.27.2", + "externalReferences": [ + { + "url": "git://github.com/ramda/ramda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://ramdajs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ramda/ramda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ramda/-/ramda-0.27.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b88b3d4e3426e2678877b141202069ddf685fc1df834547701763e556e2394590f4fef6a151ca3b47cbc3f3a27fb5c10a285f6f66b515c20b66182aa508ac8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ramda" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-node", + "version": "11.1.0", + "bom-ref": "eslint-plugin-node@11.1.0", + "author": "Toru Nagashima", + "description": "Additional ESLint's rules for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-node@11.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-11.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a14c2d3c9d56d12283d13afec2abbdd9ce71b82790a81de14821dab27fd982315d03d88318d90d7f6662f73b58ed7fa136e3226f6dcb346466ebeb8df8a2c4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-es", + "version": "3.0.1", + "bom-ref": "eslint-plugin-es@3.0.1", + "author": "Toru Nagashima", + "description": "ESLint plugin about ECMAScript syntactic features.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-es@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-plugin-es.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-plugin-es/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "194980b0968de0573b19bb65f2e38195aca8d83aa1c16bc4cf290c1d20991d4dd7749f8d4b3cd97158578775715f989ca90fa841d2046b05d7f31911de620599" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-oclif", + "version": "4.0.0", + "bom-ref": "eslint-config-oclif@4.0.0", + "author": "Jeff Dickey @jdxcode", + "description": "eslint config for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-oclif@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/eslint-config-oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/eslint-config-oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-oclif/-/eslint-config-oclif-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6d91441e0b7deb1c0849c5a19e0466087e50cbba6795daa0ffe172c1757841ffa17ff899f075c7bdc181d2be4c74254a9441286942ff09115901a7fcf30fb86" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.27.0", + "bom-ref": "eslint-config-xo-space@0.27.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.27.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.27.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6fc5235be9d0c8e921880355a48a6daa528fc84ed7472438d2e435368061cd57eef798317d91aba658aaf191c1a5a385db008b65a7b14d28e0ed1be6f7dbe3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.35.0", + "bom-ref": "eslint-config-xo@0.35.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.35.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.35.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f96c994cb594265bc4c45ac153f2ddc3c001fd2d1ddf1fb6e8941d0566dcaa283665a5a1d338a761c1e893e113e08a0f68471145fdc513d92322d3558c1c2702" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "helper-validator-identifier", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-validator-identifier@7.22.20", + "author": "The Babel Team", + "description": "Validate identifier/keywords name", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-identifier@7.22.20#packages/babel-helper-validator-identifier", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-identifier", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "638399fb2b656ad47c008fbc2997cab8be6eacaa7ba9ecb4f216b7d4bf1bdc1c1ec0902825a993cf2bf13d1ff90fe2a47490863eaffef13ba41c1958d74157f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-identifier" + } + ] + }, + { + "type": "library", + "name": "clean-regexp", + "version": "1.0.0", + "bom-ref": "clean-regexp@1.0.0", + "author": "Sam Verschueren", + "description": "Clean up regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-regexp@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SamVerschueren/clean-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SamVerschueren/clean-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/clean-regexp/-/clean-regexp-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19f8ac119109bf32ab9865a4bdf860cdccff06594dd5449ea83d95ead835e0e00e81a083d99fcf504bb19c067f9cfbe6687446edaf32efba754ff2114380f51f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-template-visitor", + "version": "2.3.2", + "bom-ref": "eslint-template-visitor@2.3.2", + "licenses": [ + { + "expression": "GPL-3.0-or-later OR MIT" + } + ], + "purl": "pkg:npm/eslint-template-visitor@2.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/futpib/eslint-template-visitor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/futpib/eslint-template-visitor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-template-visitor/-/eslint-template-visitor-2.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df2761a85a6e57bc7533d10ae7604f363e95d0ac2ed0a2a470801fa548701db47ca1c4659ffa141e07f142ea58f0ed61e10bff3ce1c3ba66ff070c0d7f16ed9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/eslint-parser@7.24.1", + "author": "The Babel Team", + "description": "ESLint parser that allows for linting of experimental syntax transformed by Babel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/eslint-parser@7.24.1#eslint/babel-eslint-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#eslint/babel-eslint-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77982ebb33253de0df6486e943cfa0d4d68236e00604118d1028741d5ab3d6c8ce7952e1d8211a89fb8ecac087d7c5115ba47ba6a5c836f7f93da47f742ea32d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope-5-internals", + "group": "@nicolo-ribaudo", + "version": "5.1.1-v1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "description": "Proxy package exposing internals of eslint-scope@5 for @babel/eslint-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/@nicolo-ribaudo/eslint-scope-5-internals/-/eslint-scope-5-internals-5.1.1-v1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e78fc946f90b233cc35ac84259fba169d7eb7d954f884958f057209a0d47ae8125cbf1034accf384102c6ab0aec7e0ff90eb254d1aae373bb21929944934c71a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "multimap", + "version": "1.1.0", + "bom-ref": "multimap@1.1.0", + "author": "villa.gao", + "description": "multi-map which allow multiple values for the same key", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multimap@1.1.0", + "externalReferences": [ + { + "url": "git://github.com/villadora/multi-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/villadora/multi-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/villadora/multi-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/multimap/-/multimap-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d19211f4f6ac3f1197991b0417c8ec0f39ddcc70e3eed21abfe2549af20507f587b30962167aaec44093fc37bb191e3283df64cbf36544a253f361b5cb6ef56f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/multimap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "3.2.1", + "bom-ref": "is-builtin-module@3.2.1", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0522c4dc79d5dacc99d052b488c03fc941a995478c98dcf8016e5f9d3ba76c222a662e2f1b75a3253f451cccb90faf719806011d742125d00b769c15c55e74d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-builtin-module" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pluralize", + "version": "8.0.0", + "bom-ref": "pluralize@8.0.0", + "author": "Blake Embrey", + "description": "Pluralize and singularize any word", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pluralize@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/blakeembrey/pluralize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/pluralize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35cdc84f9c87cdf9537db8e0a967023e9a3b0da2b2e059e907497fcc2016d1373b8f1022baa4b11dab27b41dc3efcf3b2d2ac0f7790327d217a2fc49631c8b08" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pluralize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "7.0.1", + "bom-ref": "read-pkg-up@7.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccad1307b5dde89a422e694b9ae7eaca4184fbf4e539e3c3eaa28294d5bb8470ca161fc9effee0096191ee3a044045b56caab76b7c9465239b3a858b150e2886" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regexp-tree", + "version": "0.1.27", + "bom-ref": "regexp-tree@0.1.27", + "author": "Dmitry Soshnikov", + "description": "Regular Expressions parser in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp-tree@0.1.27", + "externalReferences": [ + { + "url": "git+https://github.com/DmitrySoshnikov/regexp-tree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DmitrySoshnikov/regexp-tree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regexp-tree/-/regexp-tree-0.1.27.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8844f1a632ba628456246e68ea15cbc2f8d80285be144667f68b343c3fdbe803fac50c2c6bf63b942560222c416d43cc7e1bbe8b62ed75e02a5538069506ab7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regexp-tree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safe-regex", + "version": "2.1.1", + "bom-ref": "safe-regex@2.1.1", + "author": "James C.", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/davisjam/safe-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/davisjam/safe-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/davisjam/safe-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-regex/-/safe-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af1fb1f0033329be50e6543de59a22e996c9ab008b92a8b75ee257a793f7ad3f0e11ceac642246e40139754de5b2046bfc5e01b37d634a554dfa3e4aaec1aef4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-regex" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "52.0.0", + "bom-ref": "eslint-plugin-unicorn@52.0.0", + "author": "Sindre Sorhus", + "description": "More than 100 powerful ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@52.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-52.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58ce6eff9bed11e1d8c7d2d8c38df55e8bf8eedb0dc0cd41a31baabc267b8d20be71230b1f9720a8a16e6c7c1bd0a76a4c61015259608538db2309ac751079e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "2.1.4", + "bom-ref": "@eslint/eslintrc@2.1.4", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbaf59dfd312eb0549b6ca14975d0beb459d92125574f1b6e10e1e6531f79e717a969bd24a110adf04230d7f494560143ef3e1ec23a8b8fa54f48aea69916fb5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "9.6.1", + "bom-ref": "espree@9.6.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@9.6.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/espree/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2bb99685923a2b4e9177da40d2239ffbe558b019e6608a7186cb636839283743d6e7c259e60e6e072e7925d111379fe9e30d7474dfb698d7ec79f19ff315dc1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parent-module", + "version": "1.0.1", + "bom-ref": "parent-module@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the path of the parent module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parent-module@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parent-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parent-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parent-module" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "4.0.0", + "bom-ref": "resolve-from@4.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4dd1ea8067fda1d77c49736ec6d501571f0dbfea9939e8c4eaacaa8b2e4db5b61840e7856bace61e4c653f399a2f15961ec53a9c9981ec01137553e2fb634152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core-js-compat", + "version": "3.37.0", + "bom-ref": "core-js-compat@3.37.0", + "author": "Denis Pushkarev", + "description": "core-js compat", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js-compat@3.37.0#packages/core-js-compat", + "externalReferences": [ + { + "url": "git+https://github.com/zloirock/core-js.git#packages/core-js-compat", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd8ab82fe4fc692e54b858385300e173b60d45655e559c25b5a77d0bf8d5dd1d8b8153a94bd043afb97f58be8137475b5779355de8cf4c7aaa133260b1ad1fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-js-compat" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browserslist", + "version": "4.23.0", + "bom-ref": "browserslist@4.23.0", + "author": "Andrey Sitnik", + "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserslist@4.23.0", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/browserslist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/browserslist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/browserslist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "416f0788cd6c8614f61aece4be495f8dc2838961571ce78508803f86e24fc07b2c97073276093b5fecf6cd7a448a33fdf14098ec76ee6d9b79276660bdfd0269" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browserslist" + } + ] + }, + { + "type": "library", + "name": "caniuse-lite", + "version": "1.0.30001612", + "bom-ref": "caniuse-lite@1.0.30001612", + "author": "Ben Briggs", + "description": "A smaller version of caniuse-db, with only the essentials!", + "licenses": [ + { + "license": { + "id": "CC-BY-4.0" + } + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001612", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/caniuse-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/caniuse-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001612.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "945827674ed485a09cb12660596d0ae63e1eebd74ad6efe5b6b2fd95352214ec0d1ecd764b750c204620055d19e82ea14437afee2467333cd898a69b61d5c5f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/caniuse-lite" + } + ] + }, + { + "type": "library", + "name": "electron-to-chromium", + "version": "1.4.747", + "bom-ref": "electron-to-chromium@1.4.747", + "author": "Kilian Valkhof", + "description": "Provides a list of electron-to-chromium version mappings", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/electron-to-chromium@1.4.747", + "externalReferences": [ + { + "url": "git+https://github.com/kilian/electron-to-chromium.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kilian/electron-to-chromium/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.747.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f859d2599200bc51dbb0d566531844a9689a3a23cc71fba6d464339560a0ff02e2815b6c84eb235c7c8415f9ade9c14aebe1e44b740e241bfaff738fba66c17f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/electron-to-chromium" + } + ] + }, + { + "type": "library", + "name": "node-releases", + "version": "2.0.14", + "bom-ref": "node-releases@2.0.14", + "author": "Sergey Rubanov", + "description": "Node.js releases data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-releases@2.0.14", + "externalReferences": [ + { + "url": "git+https://github.com/chicoxyzzy/node-releases.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chicoxyzzy/node-releases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cb5d30396b7cc99a6a5e63a0468efb59a1c49a1610606340eb2e36d4f2ac2985842bc696f9ca80a616e8ad90e1a9fc8aadb64437dd823755f629b69f636b3b63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-releases" + } + ] + }, + { + "type": "library", + "name": "update-browserslist-db", + "version": "1.0.13", + "bom-ref": "update-browserslist-db@1.0.13", + "author": "Andrey Sitnik", + "description": "CLI tool to update caniuse-lite to refresh target browsers from Browserslist config", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/update-browserslist-db@1.0.13", + "externalReferences": [ + { + "url": "git+https://github.com/browserslist/update-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/browserslist/update-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/browserslist/update-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5e6cff3548d70fb8da4f3f7bb3796d4d617c48debc72273177a43eac1f88c4ee8fc85fe5ad4a9c27554faa22c0cfca4d1dde198543b9a3a9ce80b55eb4e216e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/update-browserslist-db" + } + ] + }, + { + "type": "library", + "name": "escalade", + "version": "3.1.2", + "bom-ref": "escalade@3.1.2", + "author": "Luke Edwards", + "description": "A tiny (183B to 210B) and fast utility to ascend parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escalade@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/escalade.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/escalade#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/escalade/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b08730269ed7dbd1f2f4067b9d3122c5689b2d7dae0ea016edfeaf78e410ee3ab2e2cc58192cbd5ca81a0415fa339f97ce1948e4a59afe86c5af3d3e64c698" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escalade" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "5.3.0", + "bom-ref": "estraverse@5.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@5.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "30c74046e54443388d4de243f0380caa6870475d41450fdc04ffa92ed61d4939dfdcc20ef1f15e8883446d7dfa65d3657d4ffb03d7f7814c38f41de842cbf004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "3.3.0", + "bom-ref": "builtin-modules@3.3.0", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce16820e271d2ee58de546cde4832716a34c84d7e8f75f6c1fce72dbf79afb9620f53b1391e671a4bf892dba7a7206054b8b112e9dd85784bac83baa5561d83b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/builtin-modules" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "3.0.2", + "bom-ref": "jsesc@3.0.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@3.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4aab3cd65c3b6d26e39c6b006de0a9ca1c721fe6843f0b16b1fb43d6146f83143807340762f935c40800c8f91622154326c7cefddb1b0c6db8178f80b09cfe2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-try", + "version": "2.2.0", + "bom-ref": "p-try@2.2.0", + "author": "Sindre Sorhus", + "description": "`Start a promise chain", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-try.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-try" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "4.0.0", + "bom-ref": "path-exists@4.0.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a4f50cb943b8d86f65b071ecb9169be0d8aa0073f64884b48b392066466ca03ec1b091556dd1f65ad2aaed333fa6ead2530077d943c167981e0c1b82d6cbbff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "5.2.0", + "bom-ref": "read-pkg@5.2.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "520ebd98d3a97ef28301cd90f034693238f376dae7bfd1dc48c5fee15b19c43d5a67a673ac813bae5cd706d593ca150b48c2a0d3be805ba591e626690f42623a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "group": "@types", + "version": "2.4.4", + "bom-ref": "@types/normalize-package-data@2.4.4", + "description": "TypeScript definitions for normalize-package-data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/normalize-package-data@2.4.4#types/normalize-package-data", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/normalize-package-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/normalize-package-data", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfb8be39a59387da9e2b82d21cfb32442ecd6a19c6a2d36e66f8cb4a070fcdb9691c1debac227100e808e6009d2a6edca289ec697d4e7f420b8937276636dfc4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "regjsparser", + "version": "0.10.0", + "bom-ref": "regjsparser@0.10.0", + "author": "'Julian Viereck'", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/regjsparser@0.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jviereck/regjsparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jviereck/regjsparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jviereck/regjsparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab1fb1406655b32e79087d1ad61895c079aa8cbaf27e1ef04321791ced3b5c9f5fedd40c63f80f407865c83908cc9282fb1d9f502a42714383514505ae6ed21c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-indent", + "version": "3.0.0", + "bom-ref": "strip-indent@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip leading whitespace from each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-indent@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "95a2536b725bf95429682e83b1e1e117b75756a1d37c93c24436846e277f76b3a1822b60624bbf95eb4c52a397168595d3320851b8e9747dadfad623e1b40c45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "min-indent", + "version": "1.0.1", + "bom-ref": "min-indent@1.0.1", + "author": "James Kyle", + "description": "Get the shortest leading whitespace from lines in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/min-indent@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejameskyle/min-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejameskyle/min-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23d8f0327d3b4b2fc8c0e8f7cd59158a4d894ef8296b29036448a02fa471e8df4b6cccb0c1448cb71113fbb955a032cb7773b7217c09c2fbae9ecf1407f1de02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/min-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js", + "group": "@eslint", + "version": "8.57.0", + "bom-ref": "@eslint/js@8.57.0", + "description": "ESLint JavaScript language implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/js@8.57.0#packages/js", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git#packages/js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cfb78364da5bb8000ce2733edf37489b420e13239dd703305550fd38fd880d417c9cc5283f660145d3dce7a7a6e3c76c8e8ffe6c840b1449ae87d4b03c7fe6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.11.14", + "bom-ref": "@humanwhocodes/config-array@0.11.14", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.11.14", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd3f0b90e9a0e39055e452026f5e5040cb325125ab43c0328157c2ed91b7db339a967aab8a59b4d7c6550b0d1e6a95eec7c16d037deaf0f4914acb6379ede34a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "2.0.3", + "bom-ref": "@humanwhocodes/object-schema@2.0.3", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f77cd874c112fdcd43ebdc9988a0c18f4576e2fa8dcc1fe4a05dba28f69a8007dddcfff8814961dc3cace688002be1318bd432ce50fcc7fd3c66def020a70370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "module-importer", + "group": "@humanwhocodes", + "version": "1.0.1", + "bom-ref": "@humanwhocodes/module-importer@1.0.1", + "author": "Nicholas C. Zaks", + "description": "Universal module importer for Node.js", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/module-importer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/module-importer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f1bde57857cbf961be277054d3deb3d281904ea429237cad32e28555549c08b8354144c0d7acfc9744bf7cf22e5aa7d9bd6e7c8412359f9b95a4066b5f7cb7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/module-importer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs.scandir", + "group": "@nodelib", + "version": "2.1.5", + "bom-ref": "@nodelib/fs.scandir@2.1.5", + "description": "List files and directories inside the specified directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5#master", + "externalReferences": [ + { + "url": "git+https://github.com/nodelib/nodelib.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodelib/nodelib/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodelib/nodelib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "beadb806adf29b91c4426d8d282af7c970f08dceef4ec1138510e7929d832bda75baa2d1f831eeae6fcd393a34286ec760753b7a9a4a663dcccaa62e3017fada" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nodelib/fs.scandir" + } + ] + }, + { + "type": "library", + "name": "run-parallel", + "version": "1.2.0", + "bom-ref": "run-parallel@1.2.0", + "author": "Feross Aboukhadijeh", + "description": "Run an array of functions in parallel", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/feross/run-parallel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/run-parallel", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/run-parallel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65e15c9947ce8b67f943c594d1ea3a8bf00144d92d0814b30fdba01b8ec2d5003c4776107f734194b07fb2dfd51f0a2dddcf3f0e950b8f9a768938ca031d004" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-parallel" + } + ] + }, + { + "type": "library", + "name": "queue-microtask", + "version": "1.2.3", + "bom-ref": "queue-microtask@1.2.3", + "author": "Feross Aboukhadijeh", + "description": "fast, tiny `queueMicrotask` shim for modern engines", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "externalReferences": [ + { + "url": "git://github.com/feross/queue-microtask.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/queue-microtask", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/queue-microtask/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36e68d49ae9f94a4f925a498433268934e09cd32f5080e9a1a1bf9adf2d6dcf82a03e3360a1a59427002f21f22e19164052f17e51aa40c11c0eebe217a3dcaf4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/queue-microtask" + } + ] + }, + { + "type": "library", + "name": "fastq", + "version": "1.17.1", + "bom-ref": "fastq@1.17.1", + "author": "Matteo Collina", + "description": "Fast, in memory work queue", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fastq@1.17.1", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/fastq.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/fastq#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/fastq/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b11543de55952175a0e81cbaf1937bbe1a3d6b5a5070dfd604568002c0c31739498efa06c743fccfb575b7bda0ac525f261bb760f641baedb97fb29ac368cdd7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastq" + } + ] + }, + { + "type": "library", + "name": "reusify", + "version": "1.0.4", + "bom-ref": "reusify@1.0.4", + "author": "Matteo Collina", + "description": "Reuse objects and functions with style", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/reusify@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/mcollina/reusify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mcollina/reusify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mcollina/reusify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53d9c7f3c6b77dcfde902175974fd43f5228b22b888f24e1ee106f5d530762055c7c6bedf3ded782e8f650e2c3788e411b69bbfeec3268b553e9f6ed0b04f2cf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/reusify" + } + ] + }, + { + "type": "library", + "name": "structured-clone", + "group": "@ungap", + "version": "1.2.0", + "bom-ref": "@ungap/structured-clone@1.2.0", + "author": "Andrea Giammarchi", + "description": "A structuredClone polyfill", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40ungap/structured-clone@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/ungap/structured-clone.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ungap/structured-clone#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ungap/structured-clone/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cee55d16b3098ae083414302cd0683e8a2f6f0c8e7aaa37c5e702a884abd3cd9bf8423d34867eb5c239fc23d68c382c56ffb4dca624fc2c35b55e3dcd7116aad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ungap/structured-clone" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-command" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/shebang-regex" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "447c4c2e9f659ca1c61d19e0f5016144231b600715a67ebdb2648672addfdfac638155564e18f8aaa2db4cb96aed2b23f01f9f210d44b8210623694ab3241e23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "7.2.2", + "bom-ref": "eslint-scope@7.2.2", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@7.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "74eb76d4eee54cc84333e5fd981e065fe0d9ad9b425093cbff095c4eac72af1e48bced0862d20b76dad0190a7ef27e52d20c1256639ff4d42b8cc3a07d066522" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "8.11.3", + "bom-ref": "acorn@8.11.3", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@8.11.3", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63dad17c91b98dc28e13408b8ac61ba2352322b20413b00633303f4a6e01b2500d85b4be70332980175c3d3f75a09eceb89f61609071e7d4636e1c559eb17c5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn" + } + ] + }, + { + "type": "library", + "name": "flat-cache", + "version": "3.2.0", + "bom-ref": "flat-cache@3.2.0", + "author": "Jared Wray", + "description": "A stupidly simple key/value storage using files to persist some data", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flat-cache@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/flat-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/flat-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09870435af85b5c50a2e6861ab272da5c96cabb405dfca4a8d91ec18d892405e6be05b6828359a6c50e5de1cda11032f4f52c7132b30e6dc202efa5861be2f6f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flat-cache" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "flatted", + "version": "3.3.1", + "bom-ref": "flatted@3.3.1", + "author": "Andrea Giammarchi", + "description": "A super light and fast circular JSON parser.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/flatted@3.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/flatted.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/flatted#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/flatted/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5fc72a30b2e27bb2ac3540d277378df0560af6b12de03b7aeceb06fc33469d84d20c11b8b850091419d47a257ecc2540bf0172e7a22333db07e758d568484dc7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/flatted" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "keyv", + "version": "4.5.4", + "bom-ref": "keyv@4.5.4", + "author": "Jared Wray", + "description": "Simple key-value storage with support for multiple backends", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@4.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/keyv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/keyv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/keyv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3154790747f1097f608d5e75b144b5ba9a0ec9c82094706d03b441a62f672d528d4f3538a7d4f52297eafffb8af93295600bf7e7d648ecc7b9a34ae8caa88a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/keyv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-buffer", + "version": "3.0.1", + "bom-ref": "json-buffer@3.0.1", + "author": "Dominic Tarr", + "description": "JSON parse & stringify that supports binary via bops & base64", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1b57905f4769aa7d04c99be579b4f3dd7fe669ba1888bd3b8007983c91cad7399a534ff430c15456072c17d68cebea512e3dd6c7c70689966f46ea6236b1f49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-buffer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "5.0.0", + "bom-ref": "find-up@5.0.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "efcfcf5d3d7094b2c3813cc3b3bb23abd873cf4bd70fece7fbbc32a447b87d74310a6766a9f1ac10f4319a2092408dda8c557dd5b552b2f36dac94625ba9c69e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "6.0.0", + "bom-ref": "locate-path@6.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "88f64ae9e6236f146edee078fd667712c10830914ca80a28a65dd1fb3baad148dc026fcc3ba282c1e0e03df3f77a54f3b6828fdcab67547c539f63470520d553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "5.0.0", + "bom-ref": "p-locate@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2da363b51594058fbecc1e6713f37071aa0cca548f93e4be647341d53cdd6cc24c9f2e9dca7a401aded7fed97f418ab74c8784ea7c47a696e8d8b1b29ab1b93f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-extglob", + "version": "2.1.1", + "bom-ref": "is-extglob@2.1.1", + "author": "Jon Schlinkert", + "description": "Returns true if a string has an extglob.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-extglob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "49b29b00d90deb4dd58b88c466fe3d2de549327e321b0b1bcd9c28ac4a32122badb0dde725875b3b7eb37e1189e90103a4e6481640ed9eae494719af9778eca1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-extglob" + } + ] + }, + { + "type": "library", + "name": "is-path-inside", + "version": "3.0.3", + "bom-ref": "is-path-inside@3.0.3", + "author": "Sindre Sorhus", + "description": "Check if a path is inside another path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-path-inside@3.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-path-inside.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-path-inside/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15de200016fec9c18098aa2ef1e31fb42ba94a2af9951c6a7f8683fef774703daa7381cbd3b3a309eb8732bf11a380a831a782283074fc40813955a34f052f3d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-path-inside" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "prelude-ls", + "version": "1.2.1", + "bom-ref": "prelude-ls@1.2.1", + "author": "George Zahariev", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prelude-ls@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://preludels.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be47033eb459a354192db9f944b18fa60fd698843ae6aa165a170629ffdbe5ea659246ab5f49bdcfca6909ab789a53aa52c5a9c8db9880edd5472ad81d2cd7e6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prelude-ls" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-check", + "version": "0.4.0", + "bom-ref": "type-check@0.4.0", + "author": "George Zahariev", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.4.0", + "externalReferences": [ + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gkz/type-check", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e5794a1cf6ec065ea8d6c176944d9026ccc705679f39f10036befc7552be7121c8b15c83fef0b9c50e0469954df4bacead7aa765b2415fbbe69ee0aefd3a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-check" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "word-wrap", + "group": "@aashutoshrathi", + "version": "1.2.6", + "bom-ref": "@aashutoshrathi/word-wrap@1.2.6", + "author": "Jon Schlinkert", + "description": "Wrap words to a specified length.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6", + "externalReferences": [ + { + "url": "git+https://github.com/aashutoshrathi/word-wrap.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aashutoshrathi/word-wrap/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d588ecd92bccf137e5111fce0f770e8e15963996f9f00dadef0a44d92f577c161388897e5c58501b66e3cb83eed48f8402508d533443603745c056142af5dc20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aashutoshrathi/word-wrap" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "deep-is", + "version": "0.1.4", + "bom-ref": "deep-is@0.1.4", + "author": "Thorsten Lorenz", + "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.4", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a083f392c993838fccae289a6063bea245c34fbced9ffc37129b6fffe81221d31d2ac268d2ee027d834524fcbee1228cb82a86c36c319c0f9444c837b7c6bf6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/deep-is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "accepts", + "version": "1.3.8", + "bom-ref": "accepts@1.3.8", + "description": "Higher-level content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/accepts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d802d8536b69b654ac6ebd20f70cf0bf1b2f94fac380d4b02e4fc9a4991bafc3e34009269e5c443e34771517bace365eaa71ac55dd4b9e9b06b093eefe4892f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/accepts" + } + ] + }, + { + "type": "library", + "name": "mime-types", + "version": "2.1.35", + "bom-ref": "mime-types@2.1.35", + "description": "The ultimate javascript content-type utility.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-types.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64363e6cf9b9cd34c5f98a42ac053d9cad148080983d3d10b53d4d65616fe2cfbe4cd91c815693d20ebee11dae238323423cf2b07075cf1b962f9d21cda7978b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-types" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8452ca863cbb0cfa3ff37428598ec9d7e758385eb1c53885f07e70953c695093f9398226a470ab2ec4239b051bba0d29bda29c3f3bab2559b25d82140ce1b06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/negotiator" + } + ] + }, + { + "type": "library", + "name": "array-flatten", + "version": "1.1.1", + "bom-ref": "array-flatten@1.1.1", + "author": "Blake Embrey", + "description": "Flatten an array of nested arrays into a single flat array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c254042cc167a6bba51dc6c0c5157ffe815798a8a0287770f75159bdd631f0ca782e3b002f60f871f2736533ef8da9170ae82c71a5469f8e684874a88789baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/array-flatten" + } + ] + }, + { + "type": "library", + "name": "body-parser", + "version": "1.20.2", + "bom-ref": "body-parser@1.20.2", + "description": "Node.js body parsing middleware", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/body-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a5f6945e0aedcceb590696aa139b6ba64974e5453b864f1d1b7d88feb8850a298c9c1b936d49b79eb55ddf69253a47b6a338fc3483f2753ef2b8a8dcbbb396c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser" + } + ] + }, + { + "type": "library", + "name": "bytes", + "version": "3.1.2", + "bom-ref": "bytes@3.1.2", + "author": "TJ Holowaychuk", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/bytes.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcd7fb4f2cd3c7a4b7c9124e6ce015efde7aafc72bdbe3a3f000b976df3048fdc1400a1e5f9f0da07c8253c3fccc690d5d2b634d28ba7f33ba174a4175c61b12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bytes" + } + ] + }, + { + "type": "library", + "name": "depd", + "version": "2.0.0", + "bom-ref": "depd@2.0.0", + "author": "Douglas Christopher Wilson", + "description": "Deprecate all the things", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/dougwilson/nodejs-depd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/depd" + } + ] + }, + { + "type": "library", + "name": "destroy", + "version": "1.2.0", + "bom-ref": "destroy@1.2.0", + "author": "Jonathan Ong", + "description": "destroy a stream if possible", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/destroy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dac246253697208691d70e22252368374867318ec6a5cfe7f03e2a482270f10a855977fb72e0209c41f1069c1e69570f7af0b69772a98d80b1dcdca941081a26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/destroy" + } + ] + }, + { + "type": "library", + "name": "http-errors", + "version": "2.0.0", + "bom-ref": "http-errors@2.0.0", + "author": "Jonathan Ong", + "description": "Create HTTP error objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/http-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16dc2b1bf7ae0736848d8791a8e825cbb1b4aaf8a25e82569ef107d99d6994175781bca3bf7e291d349bf73a1e1ccc83cb7dfe0d6cb95adf56a3e4d446d39849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-errors" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.4.24", + "bom-ref": "iconv-lite@0.4.24", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/iconv-lite" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safer-buffer" + } + ] + }, + { + "type": "library", + "name": "on-finished", + "version": "2.4.1", + "bom-ref": "on-finished@2.4.1", + "description": "Execute a callback when a request closes, finishes, or errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/on-finished.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a15973920dc4340842936cddbfb209c1dfd0503e33d91c51c2991c198f29b0255c09864dab8c189d55802c733e6ebb6e26378f5a2605fc2966b83afc0a1e7e92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/on-finished" + } + ] + }, + { + "type": "library", + "name": "qs", + "version": "6.11.0", + "bom-ref": "qs@6.11.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.11.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/qs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/qs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32f8e830227011aad26d4624e4efa79a84b34aeb52b13c05f39cdc1cf43d3ab945a193982236aa040248a885e3a6dc83e6f4e1c46ab9d97bbf31a273464224e1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/qs" + } + ] + }, + { + "type": "library", + "name": "raw-body", + "version": "2.5.2", + "bom-ref": "raw-body@2.5.2", + "author": "Jonathan Ong", + "description": "Get and validate the raw body of a readable stream.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/raw-body.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f331aaca97c4363088a868605d3a02f1a076afb62b057f804007c83ecfcc964f81b4f4f3b4ebd34b4d4d456ff7121eb427e6b8f25b7caac0b38ab43a9680957c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/raw-body" + } + ] + }, + { + "type": "library", + "name": "unpipe", + "version": "1.0.0", + "bom-ref": "unpipe@1.0.0", + "author": "Douglas Christopher Wilson", + "description": "Unpipe a stream from all destinations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/stream-utils/unpipe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a63cb66d8852b2e7f05a52b03dcfa5ddc37bfb0b8994aeaecf461d2443a54036e5ea3a3f6253e2e266fc6a0524542f0117b57c36ecdec8f36a464b00de1ced29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/unpipe" + } + ] + }, + { + "type": "library", + "name": "type-is", + "version": "1.6.18", + "bom-ref": "type-is@1.6.18", + "description": "Infer the content-type of a request.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/type-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/type-is" + } + ] + }, + { + "type": "library", + "name": "content-disposition", + "version": "0.5.4", + "bom-ref": "content-disposition@0.5.4", + "author": "Douglas Christopher Wilson", + "description": "Create and parse Content-Disposition header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/content-disposition.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "16f7994cdb86c34e1cc6502259bce2eb34c02ff9617a16966d3b6096e261e3f13de43a8cc139a16b7299375680580f1c148847ccc654bcb7af930e51aa4fad49" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/content-disposition" + } + ] + }, + { + "type": "library", + "name": "cookie-signature", + "version": "1.0.6", + "bom-ref": "cookie-signature@1.0.6", + "author": "TJ Holowaychuk", + "description": "Sign and unsign cookies", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4000f395a1dcf22715f08eef6da257270a1df47598a7cb82a9fd716b839f36ed53ec9571408ad480e5ad1dd343b4f8b2c2615b892d76563a2d2172eb28cde8ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie-signature" + } + ] + }, + { + "type": "library", + "name": "cookie", + "version": "0.6.0", + "bom-ref": "cookie@0.6.0", + "author": "Roman Shtylman", + "description": "HTTP server cookie parsing and serialization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/cookie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53bd5cc936a6ba1d4244d09fa4663ab68dbc971bcdc0f1b81aecff1158e07f7266cefd2f943a756ad4fd792e5d0e33181ee7291db5a7b3a2f07f704acfab2f77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cookie" + } + ] + }, + { + "type": "library", + "name": "encodeurl", + "version": "1.0.2", + "bom-ref": "encodeurl@1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/encodeurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4cf257abc26a15a5589b609698fbe73f6232a3865233bfd029c4a6b8c2c339b7e91f97e2ed150699dfeb4c37feaeeb7fb1a88389011e5533600262447403b1d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/encodeurl" + } + ] + }, + { + "type": "library", + "name": "escape-html", + "version": "1.0.3", + "bom-ref": "escape-html@1.0.3", + "description": "Escape string for use in HTML", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/component/escape-html.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/escape-html#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3624aea59e0e7ae1b0afaf251887b29bf92c219309a1d506392099fc54a74f172b7a46efaab81d53194938ca628da299563009ad6ac6b3fe89cbc38cbb28fda3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/escape-html" + } + ] + }, + { + "type": "library", + "name": "etag", + "version": "1.8.1", + "bom-ref": "etag@1.8.1", + "description": "Create simple HTTP ETags", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/etag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6882f9171ee66b055adf4d1a976067104e2236fa35a844f12eb3c8fe8d392fbcfa828edf0b0d49e844266cae05989d804bb920545fca1195ae7c17dd0a531c3e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/etag" + } + ] + }, + { + "type": "library", + "name": "finalhandler", + "version": "1.2.0", + "bom-ref": "finalhandler@1.2.0", + "author": "Douglas Christopher Wilson", + "description": "Node.js final http responder", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/finalhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e5dc5157ed9503059d60bdaaefecbe45afdc64ddd8f7d484aff73cb9183407bb15ba8932ddf9d791dac44e9e44bef819db2b8a2c2e8e26b075a0750691084a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler" + } + ] + }, + { + "type": "library", + "name": "parseurl", + "version": "1.3.3", + "bom-ref": "parseurl@1.3.3", + "description": "parse a url with memoization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/parseurl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parseurl" + } + ] + }, + { + "type": "library", + "name": "statuses", + "version": "2.0.1", + "bom-ref": "statuses@2.0.1", + "description": "HTTP status utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/statuses.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "470340f59ffb3eb2b4eab60b23314c95a17e97bde2c29ceca9120581b30b6d370b0fa70e6a8f364da59e7cf5d0bc1d9f382e008ee612127752ecdfe64c26e475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/statuses" + } + ] + }, + { + "type": "library", + "name": "fresh", + "version": "0.5.2", + "bom-ref": "fresh@0.5.2", + "author": "TJ Holowaychuk", + "description": "HTTP response freshness testing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/fresh.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cc9da6418335f2b1053ae75e57819285318843b45bcc0ee8cdb53d23f5c1a66ee4aa0332c209b294cc171f16499a45686249daf5dda95575573dd6133fd7a3f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fresh" + } + ] + }, + { + "type": "library", + "name": "setprototypeof", + "version": "1.2.0", + "bom-ref": "setprototypeof@1.2.0", + "author": "Wes Todd", + "description": "A small polyfill for Object.setprototypeof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/wesleytodd/setprototypeof.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setprototypeof" + } + ] + }, + { + "type": "library", + "name": "toidentifier", + "version": "1.0.1", + "bom-ref": "toidentifier@1.0.1", + "author": "Douglas Christopher Wilson", + "description": "Convert a string of words to a JavaScript identifier", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/toidentifier.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39b123ca12483f0c840d987e37574fee7ab2eba7355e764521f2d18dbda797a5fa6ec2329e9e54a8c7fd8efc14e5654b447be246eece58844cfad3c3e500744" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/toidentifier" + } + ] + }, + { + "type": "library", + "name": "merge-descriptors", + "version": "1.0.1", + "bom-ref": "merge-descriptors@1.0.1", + "author": "Jonathan Ong", + "description": "Merge objects using descriptors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/component/merge-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7028ba837fd9af58aa422eb249bb1e3355efa286bdf0dd30df58f3518ad73d7db1a8e6e61461c9d2d439bbbe07de6561ef02e8b93b1e672608ab7f60f1c369d7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/merge-descriptors" + } + ] + }, + { + "type": "library", + "name": "methods", + "version": "1.1.2", + "bom-ref": "methods@1.1.2", + "description": "HTTP methods that node supports", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/methods.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "89c9401de36a366ebccc5b676747bed4bdb250876fccda1ab8a53858103756f1ffbcf162785eea7d197051953e0c0f4ff5b3d7212f74ba5c68528087db7b15db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/methods" + } + ] + }, + { + "type": "library", + "name": "ee-first", + "version": "1.1.1", + "bom-ref": "ee-first@1.1.1", + "author": "Jonathan Ong", + "description": "return the first event in a set of ee/event pairs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonathanong/ee-first.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58cc26f4b851528f9651a44dfaf46e113a86f3d22066985548d91d16079beac4bf1383ab0c837bb78f0201ec121d773a0bc95e7c3f0a29faf9bd8eb56eb425a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ee-first" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "0.1.7", + "bom-ref": "path-to-regexp@0.1.7", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "git+https://github.com/component/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e43164ba8aa5bf5b9840ac72f2898505e24f41c768134ecabf6b1f7ab0c2ac0ab5a21394f8c483b300c86e7c7760033ad2a20e9d86b9df00615d6d046cca27ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-to-regexp" + } + ] + }, + { + "type": "library", + "name": "proxy-addr", + "version": "2.0.7", + "bom-ref": "proxy-addr@2.0.7", + "author": "Douglas Christopher Wilson", + "description": "Determine address of proxied request", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/proxy-addr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96542c30b4940d43d3e388ddad4fcedfbaa59e27e2b433fe670ae699972848ac8b2afb59c69c95d27dbf6c3fcde2d040019fe024475953b28cadaa0ad7e5d802" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/proxy-addr" + } + ] + }, + { + "type": "library", + "name": "forwarded", + "version": "0.2.0", + "bom-ref": "forwarded@0.2.0", + "description": "Parse HTTP X-Forwarded-For header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/forwarded.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ee446d1fa41b511d24c238049eea10f6e7cb44b9b16844b6f864d03a3713151cdc3680e7301e8f70c9a6e5ccccce039cfdc40f4bd4a36393f36de8c4fd698a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/forwarded" + } + ] + }, + { + "type": "library", + "name": "ipaddr.js", + "version": "1.9.1", + "bom-ref": "ipaddr.js@1.9.1", + "author": "whitequark", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0a23feb4ef1a31493a07ec68cdd457d26cba14d3e6ed4e2723b1049642587f859ca437c2a998c7fbb98c0f5b747e6a467a47fc35f199574870585e26143cede" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ipaddr.js" + } + ] + }, + { + "type": "library", + "name": "side-channel", + "version": "1.0.6", + "bom-ref": "side-channel@1.0.6", + "author": "Jordan Harband", + "description": "Store information about any JS value in a side channel. Uses WeakMap if available.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/side-channel@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/side-channel.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/side-channel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/side-channel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c35bf119e90f5188ef1e146f078feeeefe85be5eb3d320287008e336fad87603a39b943b58608a6f7bd9be2af23d6780bda9211795a191e9b4c460745eba094" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/side-channel" + } + ] + }, + { + "type": "library", + "name": "call-bind", + "version": "1.0.7", + "bom-ref": "call-bind@1.0.7", + "author": "Jordan Harband", + "description": "Robustly `.call.bind()` a function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/call-bind@1.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/call-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/call-bind#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/call-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1874d2352608090eec707eec67e336ac5a294682e1f2dd9b2d25ba05b82bb4bb1a84e201e62c805497fd1a358addc6130da323e17741a4cd5c03aa484b42afdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/call-bind" + } + ] + }, + { + "type": "library", + "name": "es-define-property", + "version": "1.0.0", + "bom-ref": "es-define-property@1.0.0", + "author": "Jordan Harband", + "description": "`Object.defineProperty`, but not IE 8's broken one.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-define-property@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-define-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-define-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-define-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f16b22ca4a1ac4aaacc9d1eba641b5614d840cdbb09f4f54f7e7e8028031682fcd892ec5ea4c9efacefe80d182ce8049cb50cbcbcec0ec188ae5f0d1694f681" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-define-property" + } + ] + }, + { + "type": "library", + "name": "get-intrinsic", + "version": "1.2.4", + "bom-ref": "get-intrinsic@1.2.4", + "author": "Jordan Harband", + "description": "Get and robustly cache all JS language-level intrinsics at first require time", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-intrinsic@1.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/get-intrinsic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/get-intrinsic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6e621b091fc549053bfba2c960e01ce7258843a1123ac1a602c4c9827674eb702ac703f7c214aa13173d8928a1341dd0c5505effa10ba1cee99724aee968145" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-intrinsic" + } + ] + }, + { + "type": "library", + "name": "es-errors", + "version": "1.3.0", + "bom-ref": "es-errors@1.3.0", + "author": "Jordan Harband", + "description": "A simple cache for a few of the JS Error constructors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/es-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/es-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/es-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65fe47d8ac6ddb18d3bdb26f3f66562c4202c40ea3fa1026333225ca9cb8c5c060d6f2959f1f3d5b2d066d2fa47f9730095145cdd0858765d20853542d2e9cb3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/es-errors" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ed71cdc47eea5fdc46e66230c6486e993a31fcc21135c3a00ebc56b0cb76a40af6dd61e9e8cad194dec50521690a9afea153b417be38894811f369c931f1b648" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/function-bind" + } + ] + }, + { + "type": "library", + "name": "set-function-length", + "version": "1.2.2", + "bom-ref": "set-function-length@1.2.2", + "author": "Jordan Harband", + "description": "Set a function's length property", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-function-length@1.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/set-function-length.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/set-function-length#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/set-function-length/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6045ce21278fec363582492f409a74b8d31ddb34c0d39271e02f951a3014ccc899d4f741205a1d51cfe302f5e16ee01b8dfd4c198ca42e63fd6fdeb33b1cc7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/set-function-length" + } + ] + }, + { + "type": "library", + "name": "define-data-property", + "version": "1.1.4", + "bom-ref": "define-data-property@1.1.4", + "author": "Jordan Harband", + "description": "Define a data property on an object. Will fall back to assignment in an engine without descriptors.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-data-property@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/define-data-property.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/define-data-property#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/define-data-property/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac132f23396903cbfa13e489668a3ef87018aac2eb920ecc49f2229cc3c5866928af0ed7f9d39754942cf904faf731a4cccc9f0e720c3765a2775f8d6cbdd3f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-data-property" + } + ] + }, + { + "type": "library", + "name": "gopd", + "version": "1.0.1", + "bom-ref": "gopd@1.0.1", + "author": "Jordan Harband", + "description": "`Object.getOwnPropertyDescriptor`, but accounts for IE's broken implementation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gopd@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/ljharb/gopd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/gopd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/gopd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77ae5b36521a771be96ff03669b55d96a2aa579eb78ee4676755ad93ab35b0847cb8db1747bd31a88cd5ab155fd5e4ea0ee9f04f632473311e69ecc2293661c0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gopd" + } + ] + }, + { + "type": "library", + "name": "has-property-descriptors", + "version": "1.0.2", + "bom-ref": "has-property-descriptors@1.0.2", + "author": "Jordan Harband", + "description": "Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-property-descriptors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-property-descriptors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-property-descriptors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7924d2ae216fafab829ed418ce4e333661cb5022f093ec61731f099f64f1a8e709eb82489dd1842d9c095e152aae9999b86b3de7d814be7ab6f2e62a49760ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-property-descriptors" + } + ] + }, + { + "type": "library", + "name": "has-proto", + "version": "1.0.3", + "bom-ref": "has-proto@1.0.3", + "author": "Jordan Harband", + "description": "Does this environment have the ability to get the [[Prototype]] of an object on creation with `__proto__`?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-proto@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/has-proto.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/has-proto#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/has-proto/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "489d5a999009522652f8f86c54b7f9b46c9d95a541f04745a5a48ee209a250a50ec64f2ace7e40232e19789526876db39c8764fee300513da9977171cd5507f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-proto" + } + ] + }, + { + "type": "library", + "name": "has-symbols", + "version": "1.0.3", + "bom-ref": "has-symbols@1.0.3", + "author": "Jordan Harband", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/has-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9772c2b85e8c8033704c32a47581848a1623b79a513db120e3aaed9669d23e551b82607c2ce22b2896d86050526e73da25ec4c2ad88f3bc8667918d1cf64ddf8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-symbols" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d21254f5208fbe633320175916a34f5d66ba76a87b59d1f470823dcbe0b24bcac6de72f8f01725adaf4798a8555541f23d6347e58ef10f0001edb7e04a391431" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hasown" + } + ] + }, + { + "type": "library", + "name": "object-inspect", + "version": "1.13.1", + "bom-ref": "object-inspect@1.13.1", + "author": "James Halliday", + "description": "string representations of objects in node and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.13.1", + "externalReferences": [ + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e6aa23d5152228e32c08234b57508188f604d74b33893b2798dc64008feb661883eb7085ec8a9d1460bf5f38d68e94a02dfd0bc575f76c3148874135f1fe9485" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/object-inspect" + } + ] + }, + { + "type": "library", + "name": "range-parser", + "version": "1.2.1", + "bom-ref": "range-parser@1.2.1", + "author": "TJ Holowaychuk", + "description": "Range header field string parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/range-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1eb82cc7ea2baa8ca09e68456ca68713a736f7a27e1d30105e8c4417a80dba944e9a6189468cb37c6ddc700bdea8206bc2bff6cb143905577f1939796a03b04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/range-parser" + } + ] + }, + { + "type": "library", + "name": "send", + "version": "0.18.0", + "bom-ref": "send@0.18.0", + "author": "TJ Holowaychuk", + "description": "Better streaming static file server with Range and conditional-GET support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.18.0", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/send.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aaa5b3b8e8d214ebaa3e315ee0d3ac30b69f4e8410c0148e1294be17012ddc0d95def2ae6d3aae4f7be62d3429160317a7c02515616e3f5a8a68964eb4fa555e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send" + } + ] + }, + { + "type": "library", + "name": "mime", + "version": "1.6.0", + "bom-ref": "mime@1.6.0", + "author": "Robert Kieffer", + "description": "A comprehensive library for mime-type mapping", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-mime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c74567f2ca48fb0b89d4ee92ee09db69083c3f187834d1dbeca4883661162a23c4e1128ea65be28e7f8d92662699180febc99cef48f611b793151b2bb306907a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime" + } + ] + }, + { + "type": "library", + "name": "serve-static", + "version": "1.15.0", + "bom-ref": "serve-static@1.15.0", + "author": "Douglas Christopher Wilson", + "description": "Serve static files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/expressjs/serve-static.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c6b910cd8d75228ec50bd2f97a9d20fb730511bb31208256ce685b9933d8379300d7396553724d232f38cfcc60fe4dacd66dba1962ee76ffdfd73dd5209def6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serve-static" + } + ] + }, + { + "type": "library", + "name": "media-typer", + "version": "0.3.0", + "bom-ref": "media-typer@0.3.0", + "author": "Douglas Christopher Wilson", + "description": "Simple RFC 6838 media type parser and formatter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/media-typer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76afaa7a543d6a41e970e97f8145514f15483a4009d70477400bdbe11b158d2f285681630c64dcebbf702589949a49d41791f030b3a06f93be6b72b17d66a93d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/media-typer" + } + ] + }, + { + "type": "library", + "name": "utils-merge", + "version": "1.0.1", + "bom-ref": "utils-merge@1.0.1", + "author": "Jared Hanson", + "description": "merge() utility function", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "http://opensource.org/licenses/MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a4c653bc8913d5df93146bc33aaa1d39c971d105a49208ba4dda1af200bc7df18002acfda733d36560326dbb071e8103ff3b4cb64bff5686136324a1527f3584" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/utils-merge" + } + ] + }, + { + "type": "library", + "name": "vary", + "version": "1.1.2", + "bom-ref": "vary@1.1.2", + "author": "Douglas Christopher Wilson", + "description": "Manipulate the HTTP Vary header", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/vary.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04d19b58b7ddd1e50f69b8645d4566d23f2ebaf444c93879a2f45afddca8c3f06a01b649c82fb97d4f88cd03b39802b362a6110084a8461750af778867f3d7aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/vary" + } + ] + }, + { + "type": "library", + "name": "asynckit", + "version": "0.4.0", + "bom-ref": "asynckit@0.4.0", + "author": "Alex Indigo", + "description": "Minimal async jobs utility library, with streams support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/alexindigo/asynckit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39e8bd387e2d461d18a94dc6c615fbf5d33f9b0560bdb64969235a464f9bb21923d12e5c7c772061a92b7818eb1f06ad5ca6f3f88a087582f1aca8a6d8c8d6d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/asynckit" + } + ] + }, + { + "type": "library", + "name": "combined-stream", + "version": "1.0.8", + "bom-ref": "combined-stream@1.0.8", + "author": "Felix Geisendörfer", + "description": "A stream that emits multiple other streams one after another.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/combined-stream" + } + ] + }, + { + "type": "library", + "name": "delayed-stream", + "version": "1.0.0", + "bom-ref": "delayed-stream@1.0.0", + "author": "Felix Geisendörfer", + "description": "Buffers events from a stream until you are ready to handle them.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "672483ecd7fdd5a2c1d11c4be0a1ab28705797b11db350c098475ca156b05e72c3ed20e1a4d82db88236680920edaed04b8d63c4f499d7ba7855d1a730793731" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/delayed-stream" + } + ] + }, + { + "type": "library", + "name": "mime-db", + "version": "1.52.0", + "bom-ref": "mime-db@1.52.0", + "description": "Media Type Database", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/mime-db.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0f538b95edd625bed589c70c311c3d0fba285536213b4f201b439496c43081f66518bce82ba103b061040e28f27c0886c4fb51135653a82b5502da7537818be" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mime-db" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "11.2.0", + "bom-ref": "fs-extra@11.2.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@11.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e60e2deec0ae6716e5e1ed70d39559d2d7bc494bbbd6dfa8acdbec37c5cbfc495c620783720137f872d9156396e44a35f46389dbbd90aad7f123b44cabf64b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs-extra" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "6.1.0", + "bom-ref": "jsonfile@6.1.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@6.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5d8277563ab8984a6e5c9d86893616a52cd0ca3aa170c8307faebd44f59b067221af28fb3c476c5818269cb9fdf3e8ad58283cf5f367ddf9f637727de932a5d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jsonfile" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "2.0.1", + "bom-ref": "universalify@2.0.1", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "829b4735082120d9dcfef4c6224d12385185357c3b255ae5454b42a2725196f6b0e83b97d303b925e928f6c5ab301861f8fb18019ee85c088e9dffd42a88328b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/universalify" + } + ] + }, + { + "type": "library", + "name": "get-installed-path", + "version": "4.0.8", + "bom-ref": "get-installed-path@4.0.8", + "author": "Charlike Mike Reagent", + "description": "Get installation path where the given package is installed. Works for globally and locally installed packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-installed-path@4.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/tunnckoCore/get-installed-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tunnckoCore/get-installed-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-installed-path/-/get-installed-path-4.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e600d2b5c449481e51c7dad5df3a84e74835235f55f71af28ae99c8b6d49d20829f5a400f0bbaede556b6db8fcc95ab5c30d3d8c7ceeae01a2882ce15f8ad98" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-installed-path" + } + ] + }, + { + "type": "library", + "name": "global-modules", + "version": "1.0.0", + "bom-ref": "global-modules@1.0.0", + "author": "Jon Schlinkert", + "description": "The directory used by npm for globally installed npm modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-modules/-/global-modules-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0ace91247f5d46a4e16ec346738f39ade01e146708ce706ef9ecf3efadf87170b15bab4c29b20a4eab1a71b71162086e03b46f7733a5d155b176a0675ebfb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-modules" + } + ] + }, + { + "type": "library", + "name": "global-prefix", + "version": "1.0.2", + "bom-ref": "global-prefix@1.0.2", + "author": "Jon Schlinkert", + "description": "Get the npm global path prefix.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/global-prefix.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/global-prefix/-/global-prefix-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e65b31d4d5031ed4a37e0d1e1e5998bd92aff3f9d5a97e1c9056ccf85ac6710fb4e0a59c585a3d3f93313d9612cd4bf2ce67536c8ec48b1f10e086c42c3ab32a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix" + } + ] + }, + { + "type": "library", + "name": "expand-tilde", + "version": "2.0.2", + "bom-ref": "expand-tilde@2.0.2", + "author": "Jon Schlinkert", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or `~+` to the cwd.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expand-tilde/-/expand-tilde-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0391267ac1d6eab7e767dcac1d08cf7494678b44916abd2d8ed1b930db66f67e5352fb1853ca28ce9aed443e00a87c5c6565a556e026428da758a7cdf68ca34f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/expand-tilde" + } + ] + }, + { + "type": "library", + "name": "homedir-polyfill", + "version": "1.0.3", + "bom-ref": "homedir-polyfill@1.0.3", + "author": "Brian Woodward", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/homedir-polyfill.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7929a6584e5b6532b6368bb8834008df367daecc29ec644aa0a5d2d412d492f3ef88eaace184cdd5d8d022aad7cbd939804b5d2cfcbce898d1c2c34cf6d9c370" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/homedir-polyfill" + } + ] + }, + { + "type": "library", + "name": "parse-passwd", + "version": "1.0.0", + "bom-ref": "parse-passwd@1.0.0", + "author": "Brian Woodward", + "description": "Parse a passwd file into a list of users.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/doowb/parse-passwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-passwd/-/parse-passwd-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d58d40fff4145c464aed82b3fab0fd5b275c135f84b8fafa64180a79c001f2d9a85ba505bf435111525ed69fa3471b5386471b6ca91fc086d625efc8784ea6d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/parse-passwd" + } + ] + }, + { + "type": "library", + "name": "is-windows", + "version": "1.0.2", + "bom-ref": "is-windows@1.0.2", + "author": "Jon Schlinkert", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-windows.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-windows" + } + ] + }, + { + "type": "library", + "name": "resolve-dir", + "version": "1.0.1", + "bom-ref": "resolve-dir@1.0.1", + "author": "Jon Schlinkert", + "description": "Resolve a directory that is either local, global or in the user's home directory.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-dir/-/resolve-dir-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bba24e3102cef3ac5927dd33440a14d05515c2b6eda1ce53076f2b9dc1716f33aa719d629d056e3f36732e78fb60383f6b45336d89e6445f7b547e94cff5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-dir" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "5.0.3", + "bom-ref": "domhandler@5.0.3", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "720c25bffd621508859d4f7a5d78113a1f314de7adb272620ec4dced36022c577dfbf58d908a8f4f188cffca5277c548ae15c64dfd4dcb5ab586ab95a83241e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "3.1.0", + "bom-ref": "domutils@3.1.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@3.1.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fbf2e32642d23602180326359e4261f0249d9b2cf0f718c98eed98dafd9661f38c249bee2eb7e2149d47516bcb82197f3c0e2571d63e8545ed577f11208c464" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "2.0.0", + "bom-ref": "dom-serializer@2.0.0", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-serializer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-serializer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c08900af28aab7f9d5e4440aa90a68dd24e848e57d2740e76c9ab02bb5affd3adcf76cc801867816532ef893c55b50df185b7cd594c21a00c469b7df5de2f226" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "4.5.0", + "bom-ref": "entities@4.5.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease & speed", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@4.5.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5748631f87463e1f40a39a74328458e8156ab700a3873eaf2392d3f00279e47fb883dff8bdb1f1d48e787d2d17b9c94b8431c0acf40288c8c3c6368bf1f3f187" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "https", + "version": "1.0.0", + "bom-ref": "https@1.0.0", + "author": "hardus van der berg", + "description": "https mediation", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/https@1.0.0", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/https/-/https-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e040b9edd757ae4685d31f373a3f2c33a48b4070165f0f744a4aaed8ce0011610d677174d9d14913f180440f2280eefdb5c818a86ac3eda7b87f92f7ba6da582" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/https" + } + ] + }, + { + "type": "library", + "name": "inquirer-file-tree-selection-prompt", + "version": "2.0.2", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2", + "author": "anc95", + "description": "inquerer file tree selection prompt", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inquirer-file-tree-selection-prompt@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/anc95/inquirer-file-tree-selection.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anc95/inquirer-file-tree-selection/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer-file-tree-selection-prompt/-/inquirer-file-tree-selection-prompt-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae56d0ec1ca4819fdf9aded259cdac681072b8cb10ad487e8aa9f2e1a32868bab6e426354ed643a7171a3bea0407335e5410fbe7d7789936884877e74a75414b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt" + } + ] + }, + { + "type": "library", + "name": "cli-cursor", + "version": "3.1.0", + "bom-ref": "cli-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Toggle the CLI cursor", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/cli-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/cli-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "23fcc7030b0a7fd16a1a85cce16591002a1bf7e48dba465377de03585e7b138b68a2e46e95b0b171487a44a5043909584c7267ce43ccc92bcf35a6922cd7cb67" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-cursor" + } + ] + }, + { + "type": "library", + "name": "restore-cursor", + "version": "3.1.0", + "bom-ref": "restore-cursor@3.1.0", + "author": "Sindre Sorhus", + "description": "Gracefully restore the CLI cursor on exit", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restore-cursor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/restore-cursor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/restore-cursor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97eb1279fcc7a63e6a8a6845484e5af27b9f65800cdec05254c00fb589260bee041f66a7486684317483d22cd141bbbd9dfc90f72e49ad59a9ec4f2866b523bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/restore-cursor" + } + ] + }, + { + "type": "library", + "name": "onetime", + "version": "5.1.2", + "bom-ref": "onetime@5.1.2", + "author": "Sindre Sorhus", + "description": "Ensure a function is only called once", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/onetime@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/onetime.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/onetime#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/onetime/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91ba5a4921894d674063928f55e30e2974ab3edafc0bc0bbc287496dcb1de758d19e60fe199bbc63456853a0e6e59e2f5abd0883fd4d2ae59129fee3e5a6984a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/onetime" + } + ] + }, + { + "type": "library", + "name": "mimic-fn", + "version": "2.1.0", + "bom-ref": "mimic-fn@2.1.0", + "author": "Sindre Sorhus", + "description": "Make a function mimic another one", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-fn@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-fn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-fn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-fn" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "3.0.7", + "bom-ref": "signal-exit@3.0.7", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.7", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c270f6644fa5f923c2feea12d2f5de13d2f5fb4c2e68ca8a95fcfd00c528dfc26cc8b48159215c1d1d51ae2eb62d9735daf2ebd606f78e5ee2c10860c2901b19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "figures", + "version": "3.2.0", + "bom-ref": "figures@3.2.0", + "author": "Sindre Sorhus", + "description": "Unicode symbols with Windows CMD fallbacks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/figures@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/figures.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/figures#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/figures/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c9a76e40544a2d760e1a0127e8065abbdd23de08123b28aa5d4d05f4965f79762135af899385feb38e40db38398e7b3cec60056b7e01066da45f0e17a4d71b76" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures" + } + ] + }, + { + "type": "library", + "name": "inquirer", + "version": "8.0.0", + "bom-ref": "inquirer@8.0.0", + "author": "Simon Boudrias", + "description": "A collection of common interactive command line user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inquirer@8.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inquirer/-/inquirer-8.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38df291093cf09dca3c63f9cc6c6117ba5df0897a94f100d74d9d379bb13b90817a51c994514fdb78749c2346e6e09af9f6d022d2127a334546b25f233d5535c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "3.0.0", + "bom-ref": "cli-width@3.0.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "171aa990f3f0bb51e3b8df773a67e6e21f2e21a9d7a1f5b44715445b793944ac7e9892584ad873361a77d8acf1c72dd800467f0dcfc458dd6f651634fa43a16f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cli-width" + } + ] + }, + { + "type": "library", + "name": "external-editor", + "version": "3.1.0", + "bom-ref": "external-editor@3.1.0", + "author": "Kevin Gravier", + "description": "Edit a string with the users preferred text editor using $VISUAL or $ENVIRONMENT", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/external-editor@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mrkmg/node-external-editor.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mrkmg/node-external-editor/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84c438097d69d62ce6b8b63266a2cc3bfa86370d74c12bfd40308f7f35dfc85ace682492a117ea13529fd6ce5a9fae89e49642eb635ec06fa62b8f63382b507b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor" + } + ] + }, + { + "type": "library", + "name": "chardet", + "version": "0.7.0", + "bom-ref": "chardet@0.7.0", + "author": "Dmitry Shirokov", + "description": "Character detector", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chardet@0.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/runk/node-chardet.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/runk/node-chardet", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/runk/node-chardet/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "993f220dcae1d37a83191466a00da1981267c69965311fb4ff4aa5ce3a99112e8d762583719902340938acf159f50f39af6eee9e488d360f193a2c195c11f070" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chardet" + } + ] + }, + { + "type": "library", + "name": "os-tmpdir", + "version": "1.0.2", + "bom-ref": "os-tmpdir@1.0.2", + "author": "Sindre Sorhus", + "description": "Node.js os.tmpdir() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f6151d37562afb148bb8e57058db49936fefd9496074d2c8d4f637505edf37803ac8e19b73e45b3bff2cbbe20d8de52550638c58d6a0ebe2b35d770611557d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/os-tmpdir" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "0.0.8", + "bom-ref": "mute-stream@0.0.8", + "author": "Isaac Z. Schlueter", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@0.0.8", + "externalReferences": [ + { + "url": "git://github.com/isaacs/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e76d658e9285b252c4e32ab8600f475ccf6da67644a7a58a9b123226da787086ec654a4a72c09981a3c87466a25d929ef799bf744acb0790de2bb1168101f00" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mute-stream" + } + ] + }, + { + "type": "library", + "name": "run-async", + "version": "2.4.1", + "bom-ref": "run-async@2.4.1", + "author": "Simon Boudrias", + "description": "Utility method to run function either synchronously or asynchronously using the common `this.async()` style.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-async@2.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/run-async.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/run-async#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/run-async/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6f56756fd356fc73546b03a129ec9912b63f391aebff62b31cc2a6109f08ec012d9c4e698f181063023a425bb46b4a874d4a8136fea83d3b86dc78dbd4b8381" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-async" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "6.6.7", + "bom-ref": "rxjs@6.6.7", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.7", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.7.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "853770afeef260d213e67e00318a7ce4a03acb0d956b414b6b7460baf6e96b85b7239c729da059a38d5c3375ccfb843a7d1323dec058211d5502664c5d826f45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "through", + "version": "2.3.8", + "bom-ref": "through@2.3.8", + "author": "Dominic Tarr", + "description": "simplified stream construction", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "git+https://github.com/dominictarr/through.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dominictarr/through", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3cf6a83b3c8f3001dbd7eb46cc0cff9b1680f90ef866f682e1785a793b86b6405d1c4811ac057e2a66669d3ccbd5aa52c9041722f96a8618e00fbdc0de35256" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/through" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "29.7.0", + "bom-ref": "jest-mock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@29.7.0#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21338c667f949184b864587cdf16003b3592b65a0dcc914edacf035ab138961b460fe028ae09db92228445ee3041507274818fc74e7d83aae25b906da7a2e59f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-report", + "group": "@types", + "version": "3.0.3", + "bom-ref": "@types/istanbul-lib-report@3.0.3", + "description": "TypeScript definitions for istanbul-lib-report", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.3#types/istanbul-lib-report", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/istanbul-lib-report", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/istanbul-lib-report", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3509fb00742793f4522cec6b05b1b224cfda550fa98e3e470a06ac1717342bf2a1a004df43fe3b032525d79236c815298a18e66acf9af952413aa79cac51feb8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/istanbul-lib-report" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "group": "@types", + "version": "21.0.3", + "bom-ref": "@types/yargs-parser@21.0.3", + "description": "TypeScript definitions for yargs-parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/yargs-parser@21.0.3#types/yargs-parser", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/yargs-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/yargs-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "238abd414f4c42fe2810ecf8b401c9b4dcf5730b8bc67d85df171cda257959da8b3e95278f7d1a52ec6dd660316131bea1ef0264c57ffbaad4e12e20443ceab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "29.7.0", + "bom-ref": "jest@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@29.7.0#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348cb7a00169f6c85d6b5f61cb81cad0745358ab4f26619d9efcb0bb4d673aa342daf660f99f9fbc90f1a4c400f3c79bd88f4471a7dc763620b03b619d84ef1b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/core@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@29.7.0#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fb69e5d628c9c6b43038f32f132d624f2662e6999eb8d827a8efc718584a620fb1730e098d0d5fc6095468acf0017572c967ff70cf38190251e35e3c431c6b2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/console@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@29.7.0#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e4d8b8094ed71d08b7d88277f7c1043f846b07c795d3db173f644ea83e1b92c1eb9d3ade7b9d8fb31bd7f2da4bf0bbd3677a45cd7c8f6cd411792378d420213a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/reporters@29.7.0", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@29.7.0#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c0a6ad0a25b24e1330056231c00cd371004dca6e1c50075cb92a995be566aac3acd56ee59ab529cc8c4e60b3c1548043e636c9d90373425a5f4d1b489ad383e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-result@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@29.7.0#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15dc7eb6feb1d7396424f7165e6303006d87067691f573d277968359056c7eb6662d54f7954d5cc32c4b81199747dcabab8341a049bd04cb1f805cd34006c960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/transform@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@29.7.0#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24fc14cf17314a54cc0ee5e38746bbe70551dd472f48aecad6d46a4c690f4c0a78a534b5d02a6017f2cd585c315a6a2f7126969cdb24b357461e451102af657" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "fs.realpath", + "version": "1.0.0", + "bom-ref": "fs.realpath@1.0.0", + "author": "Isaac Z. Schlueter", + "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/fs.realpath.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38ed291f694ae9ad2166701d6aee48b731cf23aa5496f23b8cc567c54411b70e28c05db093c94e49a6ed1830933f81a0ae0d8c6c69d63bd5fc2b5b78f9f18c0f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fs.realpath" + } + ] + }, + { + "type": "library", + "name": "inflight", + "version": "1.0.6", + "bom-ref": "inflight@1.0.6", + "author": "Isaac Z. Schlueter", + "description": "Add callbacks to requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/npm/inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/inflight", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "93dd88fdbd3cab8c2f16c71708bbea7ec1c2ae3ac5ef2897b10b8856f544ecdf365b7f9aaa9cee51d05b7e159ccbf159477ff82207e532028b3acbcf0eb18224" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inflight" + } + ] + }, + { + "type": "library", + "name": "path-is-absolute", + "version": "1.0.1", + "bom-ref": "path-is-absolute@1.0.1", + "author": "Sindre Sorhus", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0156f0dd42767bd6eaeb8bd2692f409b47e37b53daf296c6a934ec9977da2223299ebe4394385f24eb8b8fd49ff7964f5430147ab0df124f3c30f98f7bb50242" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-is-absolute" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "6.0.2", + "bom-ref": "istanbul-lib-instrument@6.0.2", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@6.0.2#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5652c67d475940d07b414a8853926dfd5933e534a489e62164ed4c2a5e404ba07413fa17ea3ec7ec4c356e65d286681c27edd8a7f5b4bb4ac9e802bf78de1bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "make-dir", + "version": "4.0.0", + "bom-ref": "make-dir@4.0.0", + "author": "Sindre Sorhus", + "description": "Make a directory and its parents if needed - Think `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/make-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8577544d960854eb75131fff8c0422fb04d9669529c018ffd10b0ecea7a06f7ac630c78989212ee712c79d87c1ad1578447dbe38248e3bde48b3fef1d562786f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/make-dir" + } + ] + }, + { + "type": "library", + "name": "source-map", + "version": "0.6.1", + "bom-ref": "source-map@0.6.1", + "author": "Nick Fitzgerald", + "description": "Generates and consumes source maps", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/mozilla/source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mozilla/source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/source-map" + } + ] + }, + { + "type": "library", + "name": "html-escaper", + "version": "2.0.2", + "bom-ref": "html-escaper@2.0.2", + "author": "Andrea Giammarchi", + "description": "fast and safe way to escape and unescape &<>'\" chars", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-escaper@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/WebReflection/html-escaper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/WebReflection/html-escaper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/html-escaper" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "29.7.0", + "bom-ref": "jest-worker@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@29.7.0#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "788cf69ac2ff1332fd5054c5171ee305391e65f92ed32500c99659989f771f64d8122ae8231d8f42311773062d625f335c2c5bf8f02603684b22dffa64490f1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "char-regex", + "version": "1.0.2", + "bom-ref": "char-regex@1.0.2", + "author": "Richie Bendall", + "description": "A regex to match any full character, considering weird character ranges.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/char-regex@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/Richienb/char-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Richienb/char-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Richienb/char-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "916597cedbd9e5205057e79180a15e87cab9b0bb99636fbc5942339715954e0fa81b0635e2aca5c7529b2b31ddf0fe99624020d31c880d4f4930787224c6758f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/char-regex" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "2.0.0", + "bom-ref": "convert-source-map@2.0.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afa78e7d1eb576144275080b22d4abbe318de46ac1f5f53172913cf6c5698c7aae9b936354dd75ef7c9f90eb59b4c64b56c2dfb51d261fdc966c4e6b3769126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "29.7.0", + "bom-ref": "jest-changed-files@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@29.7.0#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c402b162c1fd41a50fb86d74a9adc0dcdffc781d2ccbe1a976b68cf05690c5a6cc402e32d87728882b87b9573eba1902486d727cdbedf93edcaca1fa6d357db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "get-stream", + "version": "6.0.1", + "bom-ref": "get-stream@6.0.1", + "author": "Sindre Sorhus", + "description": "Get a stream as a string, buffer, or array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b6ce968beda3de3423aa2ef4c3902537c0c59e44b00be32a9b113374400b076a976585775ff6f50937e03cb18934c7805b174f7d4f053b59acdcd51f68708f62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stream" + } + ] + }, + { + "type": "library", + "name": "human-signals", + "version": "2.1.0", + "bom-ref": "human-signals@2.1.0", + "author": "ehmicky", + "description": "Human-friendly process signals", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/human-signals@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/ehmicky/human-signals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://git.io/JeluP", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ehmicky/human-signals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07814567aabf4f68e1864b2091b116dc706f5887c35bce6c9e44206b0b74ed2ec9e505d393a064355fb4c80799acce50a4c01d625a1c1a89639f4b09fd642417" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/human-signals" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "4.0.1", + "bom-ref": "npm-run-path@4.0.1", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "strip-final-newline", + "version": "2.0.0", + "bom-ref": "strip-final-newline@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip the final newline character from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-final-newline@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-final-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-final-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/strip-final-newline" + } + ] + }, + { + "type": "library", + "name": "yocto-queue", + "version": "0.1.0", + "bom-ref": "yocto-queue@0.1.0", + "author": "Sindre Sorhus", + "description": "Tiny queue data structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yocto-queue.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yocto-queue/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ad592cbec9cd09d27fa2119ceb180fc3237c7a1782c6c88b33c9b1b84fedfe6395a897b03ee3b59a22e94c74224604ca08b7b12f831e00555a82db3b1e6359d9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yocto-queue" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "29.7.0", + "bom-ref": "jest-config@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@29.7.0#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b976e97de43b47a4d906a237fd3c42538ab8b6d937bb43c9782f84d336df4a84a3aba6c9edbb813f1cd03cbd227eb918e0336ee0951d9342269415188bce3479" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/test-sequencer@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@29.7.0#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "190c09e56655aca9ce26e898880179d94354257813671d4d1e3152101d2a10c99264a02474ca08cf0fc28fac7a345e00bd5db7014a83a45cd090dfde602613c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "29.7.0", + "bom-ref": "jest-haste-map@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@29.7.0#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7cff2eda9c9fab1d0ad6b1a7d51f69c84d3f2939fe1bb3f192d5a274e053a853cb617d1bf64b1a3059212b9beb4b70d5ba7d3da5c90b765c7dd10b61956ec098" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "29.7.0", + "bom-ref": "babel-jest@29.7.0", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@29.7.0#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06bbc6637c594b011c0b32af2ac0a2d86807a83aac62438fe3f6f2e710a023019743120487ef1ec37826ac4d72ed7451e8b1d9223eb22d89d48bf9a6d8a5ca06" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "29.7.0", + "bom-ref": "jest-circus@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@29.7.0#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc4d6708c822a5c4e40a8705c0cf745d741a6fd6d2f8632c8dda663eb95e95ac700fddc077c8951235ffbef1cf74b3e715ff8be34bbee7e8aeb51740d4df66cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/environment@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@29.7.0#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "69021f1c3ab7dc4c6c3788cfd4d5865e1c6043fc22c6ceb480388a3be5d531df0c9f43563d681cdf86500d36f68ca694590eccbb0a22b5702c3765d55cd32903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/expect@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@29.7.0#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2e31e00cc9cb6da6f6b73f59411c1f157224bd5745c0af71b298fa62a5dc905db05cba190b40e49ef04fe9f7647201d4e84ba643d6d1645fe0a486810213475" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "29.7.0", + "bom-ref": "jest-snapshot@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@29.7.0#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "466d01316b7105c8a81ebd7f397e5808ff14a2fe2b887bca3e49ce1acf34e1983d2466609880646ed971242ffb6789ac29855b209b5f53eb4a6fcc6560d7dd93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "1.5.3", + "bom-ref": "dedent@1.5.3", + "author": "Desmond Brand", + "description": "A string tag that strips indentation from multi-line strings. ⬅️", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@1.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-1.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34742d7ce396ebc583f25832a5b2c0e684fe06dd315c986262fa11e929a635765fa733865f074a5a67301bc37b3f0555595dde17febc9e60fd05a252b13061c9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "29.7.0", + "bom-ref": "jest-each@29.7.0", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@29.7.0#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "827b3e12bd78f99ac4a02e5f84e7d8098d4b3871ebd1323ead0507652f13b70da5ee097ef3478773f8057f62ad930d3e4880020d3796be915cbf7074e157a66d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "29.7.0", + "bom-ref": "jest-runtime@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@29.7.0#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8149cb8e0c1d1aa5bb0782ef38891b2acf5619b9fe40ba91410f63b82e879dd78389ecc8c210cffa684cc0758211c7d0e515176ba38f9c517c049879c5e830c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "pure-rand", + "version": "6.1.0", + "bom-ref": "pure-rand@6.1.0", + "author": "Nicolas DUBIEN", + "description": " Pure random number generator written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pure-rand@6.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/dubzzz/pure-rand.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dubzzz/pure-rand/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d559ac2fa19a01629a7ac88a10b505c76639b3df94525479d439379f97c55c8ebf2c9d33d8d709e948f3167a4705c1bc48ea0b664fbad260f16fcfbd6576238" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pure-rand" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "29.7.0", + "bom-ref": "jest-environment-node@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@29.7.0#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ce4b0091a978ab4ceca178cfb87796193ab59c76ed0b359f3b7b0528cb06dc6f65d1e302a0aa21bcbcd798c218c531b1247e3bbbc31d86607d0fda07af1af17" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/fake-timers@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@29.7.0#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ab80c7d476b84d314f7712eca835cad5ddfe8a848bef22f9a023096600d89ba8bee82ca05b9139c55aff0f51ddb06c63b7565649f500b3d3b1481fc135e956ad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "29.6.3", + "bom-ref": "jest-regex-util@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@29.6.3#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "289241b110b2c8b35608d04ebd9c910e70087d489127cbfe84e0506069fc803c85dd47a0c223f8830451dff4836b8da0d586d5c9c4e2754177aca8f22c50d66e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "29.7.0", + "bom-ref": "jest-resolve@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@29.7.0#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20e561652ae0f94bd502c843483b47c8508205497f43700026ff2267a6639d9ef8c73bf0bb32d789df482083e04e763ad922637eeba930a66c65046c0afc4480" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "29.7.0", + "bom-ref": "jest-runner@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@29.7.0#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ec73837a70f0806a1c9b1817d345cab9c0547a7e92f39cc838eec639683a6ca1e8ce7156056f4ec01ee4a747496231c3d3801b00dd924bea414e8cf768362a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "29.7.0", + "bom-ref": "jest-validate@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@29.7.0#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "641ef01ea691195c3ff61493fceb85511786eccf2f29eab4fc9d9e80818b76f8c70a662a180461cd79ad822fa055e679b97145db5f5a39cdcbb36c8b836eed93" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "bser", + "version": "2.1.1", + "bom-ref": "bser@2.1.1", + "author": "Wez Furlong", + "description": "JavaScript implementation of the BSER Binary Serialization", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/bser@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/watchman.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://facebook.github.io/watchman/docs/bser.html", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/watchman/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bser" + } + ] + }, + { + "type": "library", + "name": "node-int64", + "version": "0.4.0", + "bom-ref": "node-int64@0.4.0", + "author": "Robert Kieffer", + "description": "Support for representing 64-bit integers in JavaScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-int64@0.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/broofa/node-int64.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/broofa/node-int64#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/broofa/node-int64/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b9973f75c5239ea173fa0ee9721df965a6af84834d0c5a2b5921bb4f7e8484bea207765e607dc63a858cc35a78f4a83e6dcf9d8f234f2ef6a52f49579405e1f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/node-int64" + } + ] + }, + { + "type": "library", + "name": "makeerror", + "version": "1.0.12", + "bom-ref": "makeerror@1.0.12", + "author": "Naitik Shah", + "description": "A library to make errors.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/makeerror@1.0.12", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-makeerror.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-makeerror/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "266a82bd4866b78de669d9691731b8050cc6d99de6eadbd00cd29d0a56673b755b22e749626c6c4f414d24c7a2076f894d295341349b53c41d7ac566c097262e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/makeerror" + } + ] + }, + { + "type": "library", + "name": "tmpl", + "version": "1.0.5", + "bom-ref": "tmpl@1.0.5", + "author": "Naitik Shah", + "description": "JavaScript micro templates.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tmpl@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/daaku/nodejs-tmpl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/daaku/nodejs-tmpl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddfd2e384010c08a86b965b6315cd883c7d5fd036773f229b89346f37eeb2ee73301a2d51ec9561d9423e081a2125e47b379246e1c0bf406fb1ebb26ba3f929b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmpl" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "29.7.0", + "bom-ref": "jest-resolve-dependencies@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@29.7.0#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba7d330ffeaac49f92d1eb7b5b1788dc7e5749ef654c1051edb3870875e4291ea5b86e66c030e5233550d15e5c642ba84e011d71dc334e085891359fb9b8be9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "2.0.2", + "bom-ref": "resolve.exports@2.0.2", + "author": "Luke Edwards", + "description": "A tiny (952b), correct, general-purpose, and configurable \"exports\" and \"imports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@2.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5f6516e8dc379ff68c803572fb4ad2aa01e5bf7f56640959ad709d9dbc8488a9b5ec34aa1d7e0c99031a493dc56de591e454ee45c530600ce265a8e38b463b9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.13.1", + "bom-ref": "emittery@0.13.1", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.13.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0de5b06b093aaf9c91f631609c3298b78b0b4b42e61c9262dd93a76f9fc975b6308f79d6f85c509c72238412b3f182c2ee844d3d533d350e3b237095c77e1ea9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "29.7.0", + "bom-ref": "jest-docblock@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@29.7.0#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abad7b02ec3703ad7682ec9a160b1b15e62934fe6dd9aa1434bc0151b73fd240f5478b7d8b10dbc854c77759e89387a9a15169afb3e67961eb86fb95dd7689e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "29.7.0", + "bom-ref": "jest-leak-detector@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@29.7.0#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "91803c20971262d493d8163d23e48c0b7da70e9053dc9d8dbd6271f3e242b82765fc247523810a50944e88ff17b42731aa04d304624d75b07503c5d129b4deb7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "29.7.0", + "bom-ref": "jest-watcher@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@29.7.0#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e3d160ed65e4537565da1e8b6cbb4c43f1f207aad74885fb4aabc12d09acb1104637d2343cdbcf980982592398e923afae3848fc5eff6c602ff51b67b0f034de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "29.7.0", + "bom-ref": "@jest/globals@29.7.0", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@29.7.0#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a98b3dddbad2db916d8c345b9b50650454b9131a2a96eb22d54c0f896cfe9f23a27988bf58d0d960f24f79a5c17c72d2b0092ed6571b5e06cdbd8617c0a2dcd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "29.6.3", + "bom-ref": "@jest/source-map@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@29.6.3#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3078d3f7942e8a970fae92ccfbc24c4b3171e9e1e9e419bee177850c9970b2f5418e628d88802f6ac18ad9fc73d966c64659efa9e8456e1d3b30c6bb9f76099f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-jsx", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/plugin-syntax-jsx@7.24.1", + "author": "The Babel Team", + "description": "Allow parsing of jsx", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.24.1#packages/babel-plugin-syntax-jsx", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-jsx", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-jsx", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9e0adc595dffa46e4308b174b8a684ef4f862ee6b5e245afbdc46553e7aada8218e605328ca4535cf51e080e20787a66a8f5e3b6d8ec7b0b1b891bb060131a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-jsx" + } + ] + }, + { + "type": "library", + "name": "helper-plugin-utils", + "group": "@babel", + "version": "7.24.0", + "bom-ref": "@babel/helper-plugin-utils@7.24.0", + "author": "The Babel Team", + "description": "General utilities for plugins to use", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-plugin-utils@7.24.0#packages/babel-helper-plugin-utils", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-plugin-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-plugin-utils", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5c5339d7306d3e17146e25fbcbf364254ea2338555bdb0bd0a8cc3c784038ebe94062fc42d7719c12882e306ac651f2962cf4c826b51bdd3765723f16e1f2db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-plugin-utils" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-async-generators", + "group": "@babel", + "version": "7.8.4", + "bom-ref": "@babel/plugin-syntax-async-generators@7.8.4", + "description": "Allow parsing of async generator functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-async-generators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-bigint", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-bigint@7.8.3", + "description": "Allow parsing of BigInt literals", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c274e71651be631426def0f1a46139ecf8f4b2b454e2c1c4fe60e4b75aafd9824949e50079cda66b858b52750f78a8f2adf9ed5707bf37a7425e953eccbdcda6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-bigint" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-class-properties", + "group": "@babel", + "version": "7.12.13", + "bom-ref": "@babel/plugin-syntax-class-properties@7.12.13", + "description": "Allow parsing of class properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13#packages/babel-plugin-syntax-class-properties", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-class-properties", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-class-properties", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e6e227632a56b461a85436014d2c2074ab249db283e264fde2404deb932d26054b4c676df20c9f5225d83a7574d20e7ba5395aa21771e0afd9db5ef5d341960" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-class-properties" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-import-meta", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-import-meta@7.10.4", + "description": "Allow parsing of import.meta", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4#packages/babel-plugin-syntax-import-meta", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-import-meta", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62a7e6f970f1d3e3eb8775527844023d4f35c82f89599da90cf1524b865da5f661a7832414c6830b552ab1ea2f10ac125299c82fbfaf2be0a5a7b6df874883ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-import-meta" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-json-strings", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-json-strings@7.8.3", + "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-json-strings" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-logical-assignment-operators", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "description": "Allow parsing of the logical assignment operators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4#packages/babel-plugin-syntax-logical-assignment-operators", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-logical-assignment-operators", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "77cc1a4a19691438a743932dbc653dc4300ecca1f8efe145a277b2d9b68522832bf79da128e2e9d4747b56cce866f3ac57fe3e451b33358ec3d7b6dad2d7b48a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-logical-assignment-operators" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-nullish-coalescing-operator", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "description": "Allow parsing of the nullish-coalescing operator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-nullish-coalescing-operator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-numeric-separator", + "group": "@babel", + "version": "7.10.4", + "bom-ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4#packages/babel-plugin-syntax-numeric-separator", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-numeric-separator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-numeric-separator" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-object-rest-spread", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "description": "Allow parsing of object rest/spread", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-object-rest-spread" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-catch-binding", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "description": "Allow parsing of optional catch bindings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-catch-binding" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-optional-chaining", + "group": "@babel", + "version": "7.8.3", + "bom-ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "description": "Allow parsing of optional properties", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3#master", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#master", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/babel/babel/tree/master#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-optional-chaining" + } + ] + }, + { + "type": "library", + "name": "plugin-syntax-top-level-await", + "group": "@babel", + "version": "7.14.5", + "bom-ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "author": "The Babel Team", + "description": "Allow parsing of top-level await in modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5#packages/babel-plugin-syntax-top-level-await", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-plugin-syntax-top-level-await", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-plugin-syntax-top-level-await", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "871fbeba92efe54d6b8187f07b5c41414851994e35344be952fae9f2392b48276f1929cce7fa9d44cb72949e8f1b938590168791b4c02939dddff63211244717" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/plugin-syntax-top-level-await" + } + ] + }, + { + "type": "library", + "name": "pkg-dir", + "version": "4.2.0", + "bom-ref": "pkg-dir@4.2.0", + "author": "Sindre Sorhus", + "description": "Find the root directory of a Node.js project or npm package", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-dir@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/pkg-dir.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-dir/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1d10f36da2a30be00e5955f1014ff1e7808e19e22ff5e6fee82903490a0d4ede17c96a0826fb8fb178b3c6efc5af6dc489e91bb59c2687521c206fe5fdad7419" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir" + } + ] + }, + { + "type": "library", + "name": "resolve-cwd", + "version": "3.0.0", + "bom-ref": "resolve-cwd@3.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from the current working directory", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-cwd@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-cwd.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-cwd/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3ab65a5f631bfab242a47ffa0a94aab7dc4556937efb1d355e737689ef60e8fe7fdf17a52c0917595003a5dcf52070ff2857c45f213a574534d4e43750edab12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "29.7.0", + "bom-ref": "jest-cli@29.7.0", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@29.7.0#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3955686f0d88b9b37f19262cc444e2fa039eeca6b9f4414c47fb70394dc96f61a728a78c189079486514ac4cf7485566240494759533cbcdec2cd350da066c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "create-jest", + "version": "29.7.0", + "bom-ref": "create-jest@29.7.0", + "description": "Create a new Jest project", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-jest@29.7.0#packages/create-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/create-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "01dcf66dd1f456adc5e772843093a87ed405bad582ba49ba276e306cf5913b893590c63b812eddb3fba826436e57cc030ad5969eec06709c2959c8a1fb3116d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-jest" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "8.0.1", + "bom-ref": "cliui@8.0.1", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05278d9f2bacef90b8fff350f6042dd7f72c4d7ca8ffc49bf9a7cb024cc0a6d16e32ca1df4716890636e759a62fe8415ef786754afac47ee4f55131df83afb61" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "get-caller-file", + "version": "2.0.5", + "bom-ref": "get-caller-file@2.0.5", + "author": "Stefan Penner", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/stefanpenner/get-caller-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-caller-file" + } + ] + }, + { + "type": "library", + "name": "require-directory", + "version": "2.1.1", + "bom-ref": "require-directory@2.1.1", + "author": "Troy Goode", + "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c6c4423bfb0b06f71aef763b2b9662f6d8e3134e21d1c0032ba2211e320abc833a0b0bf3d0afb46c4434932d483f6d9019b45f9354890773aff84482abba2f9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/require-directory" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "5.0.8", + "bom-ref": "y18n@5.0.8", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d297c5cde81e0d62472480264cb44fd83c078dd179b3b8e8f6dbb3b5d43102120d09dbd2fb79c620da8f774d00a61a8947fd0b8403544baffeed209bf7c60e7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "2.0.1", + "bom-ref": "argparse@2.0.1", + "description": "CLI arguments parser. Native port of python's argparse.", + "licenses": [ + { + "license": { + "id": "Python-2.0" + } + } + ], + "purl": "pkg:npm/argparse@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f3ef56a9e6db173a57f4e47e59ae8edbd6ac22881e44ccdc1ad00835da4c1c7c80835d1fd3969215505b704a867ff3d7c35123019faadbf6c4060dc3beeacadd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "json-colorizer", + "version": "2.2.2", + "bom-ref": "json-colorizer@2.2.2", + "author": "Joe Attardi", + "description": "A library to format JSON with colors for display in the console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-colorizer@2.2.2", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/joeattardi/json-colorizer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/joeattardi/json-colorizer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-colorizer/-/json-colorizer-2.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7aa19b70575a625eb42744d4ed25ea91bfe07d63f7570182ea04169897f08e71476867180b04b00ef3cf829e46d3e8cc4db3473913d98f0486f6b0570dcf7bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer" + } + ] + }, + { + "type": "library", + "name": "markdown-diff", + "version": "2.0.0", + "bom-ref": "markdown-diff@2.0.0", + "author": "Martijn van Duijneveldt", + "description": "Generate a diff between two markdown files in markdown format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-diff@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/martijnvanduijneveldt/markdown-diff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/martijnvanduijneveldt/markdown-diff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-diff/-/markdown-diff-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "625ac74890b6ac0b1e707082ddce556a178aec6a6dd749040552aa2b9012ead91b4e2fa1bfe9393d73e517e8aa010ff7e9720d36aaab2baf13f6811a66a49174" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff" + } + ] + }, + { + "type": "library", + "name": "marked", + "version": "12.0.2", + "bom-ref": "marked@12.0.2", + "author": "Christopher Jeffrey", + "description": "A markdown parser built for speed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marked@12.0.2", + "externalReferences": [ + { + "url": "git://github.com/markedjs/marked.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://marked.js.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/markedjs/marked/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/marked/-/marked-12.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a97526edefd8285a2a14f60f6b752483dc6523973202d1a6c8423331f5bffe6ea45f00b2d8fb3d0d87f98a88a314a43cab2bac72b1e8634e2224672dbb62a0d1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/marked" + } + ] + }, + { + "type": "library", + "name": "markdown-table-ts", + "version": "1.0.3", + "bom-ref": "markdown-table-ts@1.0.3", + "author": "Jiri Hajek", + "description": "A zero-dependency library for generating Markdown tables written in TypeScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/markdown-table-ts@1.0.3", + "externalReferences": [ + { + "url": "git+https://gitlab.com/jiri.hajek/markdown-table-ts.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://gitlab.com/jiri.hajek/markdown-table-ts/-/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/markdown-table-ts/-/markdown-table-ts-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "958ae9ec55e606aa661a6b0417dd969d2ba476062f2e6d7914f20e0d93b1f7ede7a1b9312718c161cb33a997f956a4e306d2123d2342ef38d4f68df3c292fa01" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-table-ts" + } + ] + }, + { + "type": "library", + "name": "mocha", + "version": "10.4.0", + "bom-ref": "mocha@10.4.0", + "author": "TJ Holowaychuk", + "description": "simple, flexible, fun test framework", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mocha@10.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/mochajs/mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mochajs.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mochajs/mocha/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mocha/-/mocha-10.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7aa84607c24a6a9118702e32b57ff1af329fa2b8047378f5a469405d5cb7791c2bb40cb9fe721f4f54af806cdf3745d967178bab46905a4394026a88262bfe6c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "browser-stdout", + "version": "1.3.1", + "bom-ref": "browser-stdout@1.3.1", + "author": "kumavis", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/browser-stdout@1.3.1", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kumavis/browser-stdout.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kumavis/browser-stdout/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa1015235f80bf65fba9e94e7c0218c1738da2877a5e5644fdf5da052996fd3e52ccb0260a0ce2f9e89613b7d4bdb1da78d0501f5dd47ed8e95f1b1f2e432983" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/browser-stdout" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fill-range", + "version": "7.0.1", + "bom-ref": "fill-range@7.0.1", + "author": "Jon Schlinkert", + "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/fill-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ea3d17e74c5260b62dc6f805b56f9ca2714cf8c29be451a5ee200ee1abce42fb984565fdd8d84aed8e750d8f6b7d36378a2a91283d8abea368b589d94495a5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fill-range" + } + ] + }, + { + "type": "library", + "name": "to-regex-range", + "version": "5.0.1", + "bom-ref": "to-regex-range@5.0.1", + "author": "Jon Schlinkert", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/micromatch/to-regex-range.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb93fb8b3e97e7212bd5cc1c82f4316db230ed493780ecb974876d678ac3bde2ea86b7493fe2e2fc7c7ab722b43446fed860b29de08c2621aaac00c248d93cb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-regex-range" + } + ] + }, + { + "type": "library", + "name": "is-number", + "version": "7.0.0", + "bom-ref": "is-number@7.0.0", + "author": "Jon Schlinkert", + "description": "Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/jonschlinkert/is-number.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e350a27e483a7bc4f2952a5db53a5e2d532abd20445734edb47bc4443ef8d7ea6767c00dbf4d34e0c44be3740a3c394af5c1af369e8d6566540656c65d8c719e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-number" + } + ] + }, + { + "type": "library", + "name": "is-binary-path", + "version": "2.1.0", + "bom-ref": "is-binary-path@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a file path is a binary file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-binary-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-binary-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "64c11161eb3aa43c9dcae1a276c7bb3ac1f1b5b23b595794128ce047f83baddd31522998365bd9444fcad8c8194e35b2ef6e487de94b79570433dee69ad4465f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-binary-path" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "09e87eee8c79a9eecb26e2c7a18d1f7a1de91ee5031c071151ec8bd95620859c1fa64348cbffbc39c8346b752e4a86336af9b2970b8b59039fde19748e330c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/binary-extensions" + } + ] + }, + { + "type": "library", + "name": "readdirp", + "version": "3.6.0", + "bom-ref": "readdirp@3.6.0", + "author": "Thorsten Lorenz", + "description": "Recursive version of fs.readdir with streaming API.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "externalReferences": [ + { + "url": "git://github.com/paulmillr/readdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/paulmillr/readdirp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/paulmillr/readdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e4b4f3da27f1176ea9d6e1bd0e59dfb0341128ecab3eaa9d171f7ec314df8f7916e4dda929beedb849dbd26f20eb010c41276a7e433eef6ddd3a3d55194ccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/readdirp" + } + ] + }, + { + "type": "library", + "name": "wrappy", + "version": "1.0.2", + "bom-ref": "wrappy@1.0.2", + "author": "Isaac Z. Schlueter", + "description": "Callback wrapping utility", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/wrappy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/wrappy", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9784a9fc346c7a8afdc0be84bd5dbe4ee427eb774c90f8d9feca7d5e48214c46d5f4a94f4b5c54b19deeeff2103b8c31b5c141e1b82940f45c477402bdeccf71" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/wrappy" + } + ] + }, + { + "type": "library", + "name": "is-unicode-supported", + "version": "0.1.0", + "bom-ref": "is-unicode-supported@0.1.0", + "author": "Sindre Sorhus", + "description": "Detect whether the terminal supports Unicode", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unicode-supported@0.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-unicode-supported.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-unicode-supported/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "927c46daae140b7bbcb2d446c8054908e771166bf90d989171d94868041701b49f2726be3a1a29368b4b42bb2d061aaeaaee19a6e29b0dcffc4ba9a05e03c53f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-unicode-supported" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "serialize-javascript", + "version": "6.0.0", + "bom-ref": "serialize-javascript@6.0.0", + "author": "Eric Ferraiuolo", + "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/serialize-javascript@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yahoo/serialize-javascript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yahoo/serialize-javascript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "42bdd3a2cbe0b85b7c78f5aab2f45facac905c8896fa719b629cbc5cadb83501c4f3771ac56b7e988ca64d3d7d0c615b35634b7c4c2cae44a637ae2555607d6a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/serialize-javascript" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "randombytes", + "version": "2.1.0", + "bom-ref": "randombytes@2.1.0", + "description": "random bytes from browserify stand alone", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/randombytes@2.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/crypto-browserify/randombytes.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/crypto-browserify/randombytes/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bd897788e5fee022945aec468bd5248627ba7eca97a92f4513665a89ce2d3450f637641069738c15bb8a2b84260c70b424ee81d59a78d49d0ba53d2847af1a99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/randombytes" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "workerpool", + "version": "6.2.1", + "bom-ref": "workerpool@6.2.1", + "author": "Jos de Jong", + "description": "Offload tasks to a pool of workers on node.js and in the browser", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/workerpool@6.2.1", + "externalReferences": [ + { + "url": "git://github.com/josdejong/workerpool.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/josdejong/workerpool", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/josdejong/workerpool/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b10813dee40d9bc5f566fd7fa8796972b8b304a528651c3841a22186f638ebbf22b0d4f62c23d1f0fffd2b00e84e626f0271a44be1ba59496384a5e0672903" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/workerpool" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "20.2.4", + "bom-ref": "yargs-parser@20.2.4", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@20.2.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e92980d84f4e513bde1e1514016c3a7a262556a8bcef15a8b0f3cb9b1a0a1441150141a0c622ae8c325be43d1c1e07145e19ed5653886de24b3249036f7244" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs-unparser", + "version": "2.0.0", + "bom-ref": "yargs-unparser@2.0.0", + "author": "André Cruz", + "description": "Converts back a yargs argv object to its original array form", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs-unparser@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-unparser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-unparser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ee9453200f5073571a6746d9e9161119b1c9b61256b9a91ff969872b4ad578b90daeb1a17e869b04d76e7ba91d20d23aaf889fee872af5a0ff9fbc7028e77338" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "4.0.0", + "bom-ref": "decamelize@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f621353e04a293d1de208c3624ef78222767137781a10ac5277c3bb05bb3497e03a66677bf9b19a54895e52c1c7fa990105f98d2bbbc35ea3ea7e9f287627e85" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decamelize" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "2.1.0", + "bom-ref": "is-plain-obj@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6169dfc91c312fff92b2b5987cea54b73e5bdd80fe9f27e41ef8db71a9f393cce0c8ee00483ebbb95311b7c9396cce252cc0e75dfae24613a97a6c3e35f4f578" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mock-fs", + "version": "5.2.0", + "bom-ref": "mock-fs@5.2.0", + "author": "Tim Schaub", + "description": "A configurable mock file system. You know, for testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mock-fs@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/tschaub/mock-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tschaub/mock-fs", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tschaub/mock-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mock-fs/-/mock-fs-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9d17647a60c4996e98a9d55d561ca18b363aff938f2e40296a3156f91f730ebf073daa1622b37fc859b8f4daa220fd8f0c0d7285178739bf4af1c76a3ac5367" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mock-fs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "objects-to-csv", + "version": "1.3.6", + "bom-ref": "objects-to-csv@1.3.6", + "author": "Anton Ivanov", + "description": "Converts an array of objects into a CSV file. Saves CSV to disk or returns as string.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/objects-to-csv@1.3.6", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/objects-to-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/anton-bot/objects-to-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/objects-to-csv/-/objects-to-csv-1.3.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfcdde4a94b786680292c5bce4a22a06d71b8125b90c356c0a6ccba0ce82deae32cce5f6ae6b56c45e296cb27be9fcfeb9f03ee3f4b0013e1075a63a2145a602" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/objects-to-csv" + } + ] + }, + { + "type": "library", + "name": "async-csv", + "version": "2.1.3", + "bom-ref": "async-csv@2.1.3", + "author": "Anton Ivanov", + "description": "ES7 async-await wrapper for the csv package.", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/async-csv@2.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/anton-bot/async-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/catcher-in-the-try/async-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-csv/-/async-csv-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a9b0237e0fb9b365eaab943c3b5133e1bc3403971d62f35f44f5f6ca22df1dae48040f91523a506fdd193ffac5dd7af9cedb0c2546454e43891d4f4032a8fa9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-csv" + } + ] + }, + { + "type": "library", + "name": "csv", + "version": "5.5.3", + "bom-ref": "csv@5.5.3", + "author": "David Worms", + "description": "A mature CSV toolset with simple api, full of options and tested against large datasets.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv@5.5.3", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-csv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv/-/csv-5.5.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "413698d178e385340e760b80445d2518a9b9fe612af4f0fdfd585965e8070c806adad43080da47737767783e261a8da226cf9f4cabf9069d1f67e051b98dd9d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv" + } + ] + }, + { + "type": "library", + "name": "csv-generate", + "version": "3.4.3", + "bom-ref": "csv-generate@3.4.3", + "author": "David Worms", + "description": "CSV and object generation implementing the Node.js `stream.Readable` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-generate@3.4.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-generate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/generate/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-generate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-generate/-/csv-generate-3.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3f4feaea474bf0bc7a96b3fd59c8c0d6b471d225a374ea4951a895c11290c968cffe75992ca3438a87555cbae62f2b75cce772b2b1536af0aa3f7a908af303b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-generate" + } + ] + }, + { + "type": "library", + "name": "csv-stringify", + "version": "5.6.5", + "bom-ref": "csv-stringify@5.6.5", + "author": "David Worms", + "description": "CSV stringifier implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/csv-stringify@5.6.5", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-csv-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/stringify/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-csv-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e3890eb9f5a43e7d44d0a92addd571039ceaf9da3877d1106eadfce4b1c684dad3da16c0c7e703801c98b0f17007a614649c2c0c504f4a45ac9ce0afcd6cef0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/csv-stringify" + } + ] + }, + { + "type": "library", + "name": "stream-transform", + "version": "2.1.3", + "bom-ref": "stream-transform@2.1.3", + "author": "David Worms", + "description": "Object transformations implementing the Node.js `stream.Transform` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stream-transform@2.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/adaltas/node-stream-transform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://csv.js.org/transform/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-stream-transform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stream-transform/-/stream-transform-2.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f461d488ce613220a2e98d378c3d80442d5eb6d0579100684007bb9c9b0f9279c8d28c35d1a5e34e77b0f10b584262e3ce7f7be019e658400980263a64fd4379" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stream-transform" + } + ] + }, + { + "type": "library", + "name": "mixme", + "version": "0.5.10", + "bom-ref": "mixme@0.5.10", + "author": "David Worms", + "description": "A library for recursively merging JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixme@0.5.10", + "externalReferences": [ + { + "url": "git+https://github.com/adaltas/node-mixme.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/adaltas/node-mixme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/adaltas/node-mixme/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mixme/-/mixme-0.5.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e47efa00d5a29c1d47dedc2927a258f2ebc0b69985bc7340ae98a52408d744a5d20c32cf20ca1902bc39487d2af73fa52ecf08accc3b436556a568a614a153d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mixme" + } + ] + }, + { + "type": "library", + "name": "oclif", + "version": "4.13.0", + "bom-ref": "oclif@4.13.0", + "author": "Salesforce", + "description": "oclif: create your own CLI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/oclif@4.13.0", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/oclif.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/oclif", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/oclif/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/oclif/-/oclif-4.13.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c12b4e4be3963c2c513ca2bc87a037648009aeed940377b6f568d791ad2085e0fd64a60375495d8e3b6df2d2930dfac3ac64009d17f06de32f4baea28620726d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-cloudfront", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Cloudfront Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-cloudfront@3.575.0#clients/client-cloudfront", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-cloudfront", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-cloudfront", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-cloudfront/-/client-cloudfront-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a3a39ffdc9954b510287ef7fc531f8267a2b003663279a9c563b7b40ef5cad4106549b9183585e20e327c7a14d6745e453c284854a1c3b32f69d641a6e08693" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "xml-builder", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/xml-builder@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "XML builder for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/xml-builder@3.575.0#packages/xml-builder", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/xml-builder", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/xml-builder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "716800c266c560d085ccfc312fbd39fa55a9b3417766f39c92e7ddd8a2a8119526b69570f7fb7151736b3f24945d29914d2461a1ab4830004d7d2b56474e376d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/xml-builder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-waiter", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/util-waiter@3.0.0", + "author": "AWS SDK for JavaScript Team", + "description": "Shared utilities for client waiters for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/util-waiter@3.0.0#packages/util-waiter", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/util-waiter", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/util-waiter", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f9f1172711832c2a2a44a5529a8d1ab86c5aa9b882a3ef28a61fb86ae79f62368dc6338b2926363315507d1ce8eb93da66fe1fafee655a0f9abbbbd2b8927fcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/util-waiter" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-s3", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-s3@3.583.0#clients/client-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a52ef09dcba04ae210f1182d44813d0f2b2d76677798c9e37e388ed62035521197932020a09cd0e231f4afee57f9e5a660761071fcbd7d44174f682a577b7d18" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sha1-browser", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/sha1-browser@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/sha1-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/sha1-browser/-/sha1-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "349b61e5cf7dec62c7b3a9ce613cc52936d874c340ebfd5794a5609d9a1a65c43bcfb50994e823d8975b1c4f2d8982d2ddfcd734282e72defb48f19ab76ada4b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/region-config-resolver@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.577.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e0284214008dc33ab1ff18e0df3805716f00962e91f42f797051022964ffec250cd43d0c1af91c9521f670b6ab9870a626053aa272a426ba05b56a74907860ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-user-agent-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.577.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eabed1636d232dc9c653595c037bc0d15a8beea0c6c0e789e1528670554eab5bd3920fa359586479d7605418715a5b35b45a0f3ef838f5d05aca4c6d97b6a7c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-env@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.577.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "271bb6e798f4813a0c1848aab9f3fc66d288f075bdd2538b8f02772eb7650ff34bb00634b4e41fd5f59ce77bb6f215a698d18cc660ab2f6a7ae883a030384353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-process@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.577.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a29fa056b4e897c488084eb27737073e6363f5b954fa86e611e0471b03f0c950f5b23b49fdcb95052dec0fbd56cb9119f5e49784a84ac12d4ac772592238ab7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.577.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6461c6351682b49266b336fd5139c2ee2ccd0ad454b6d74f94b74c921e3528f4b7daf7ddac10c7b3526ba5b6628c8b518f5c4ab8e5ec8984972c068719c2e1f1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/token-providers@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.577.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d02908669702dc3350250d610e39b66dd4b2fd78ececdcb962f4ac69c6ac18e90d7e4f85764890cba37aedb657dd96dcf4a231f8dcf86eede20de3523699679d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso-oidc@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.577.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9e398a48f0d6b9e59661516915c6763f77c8ebfa5d4150dad05802c986613a724b8041d921c04183502c9e455669c06e2e8a69f5756dda6fbb84eeae818d7fd6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sts@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.577.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e74f4a9258a6bdad575658466e94e9797de438fe8e4699b8e2dc09c431e96bd4d445b9a86b18fbbde5a59cb09b0e8af10d3adbb03821bd866c86f70bb288d5a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.576.0", + "bom-ref": "@aws-sdk/core@3.576.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.576.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.576.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "283bc395b7a2a524c87fe7df2ad4e0d66e35f532bbb3d9994960bc6efb99f6ac7afec8d014e5c828e56acae962e839dfc466ef45cc2846e63df4e7021f537fd3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-node@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.577.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a96751ce32cad704d7337341d0a6fd15323a80129734f43500ed183781425f9fcba684c2fb03b6d79d4caa3c0f92e78ab7f7b51883595e40a7529f6dce8b041" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-user-agent@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.577.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3f9e470178309a21c7a45c792443ef3a701b7e137bbfab16bfd3c142cfb3dad0bb42205c3d2d1c74947a3df57b2759f854f2b9dbf3a7acade5f55c5d43b32cd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/util-endpoints@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.577.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "163b94cf529dcb8665cb6abf739f2da5da8777acfb88e754fdc698ce873c8f08001c10c16c824d40b094f615c99cf57633ca56c500f2219b28570b66bc4acfcf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-http@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.577.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9fefb2842a7aedbf7e651184758d6385a981e44fcef90b080ce3d2b9199d69218c08e77cda850428f8085445356e4ab10ec071822116bafb5f84aeac3620d2d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-ini@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.577.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abb9473edbfa06346f0a1504de6d2d21a1192b13d3699d41de52b1198b0597754b02ee4df3218250ac2e0358b37f8b9c4fe2f22ac7151aa2ba543671d5ebf79f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/credential-provider-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.577.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8959b9490bd2ec48194c9b116aa50e9834290503cf3dab78d9209b585bc540e2eb97ca9ec2af0e3fde21152e70da63fadb39e0798cea8499c37a5efd1d76f17b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/client-sso@3.577.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.577.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "070ba3757af276593a504c8f99ec26e46a86e27910e8e5724614bf4b264fffa50a485bf6fec7f7f750a6cf484dd22b544c7d6b4785de2e59fc5c23ad6ab92bce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-bucket-endpoint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-bucket-endpoint@3.577.0#packages/middleware-bucket-endpoint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-bucket-endpoint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-bucket-endpoint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b70964357d95a1f33a9075f30c48893a260273db550017b971bcb1300ad15ac708b02586f666a63e10bbedecc6e17b0df5d144c157711180f90aba66ff91148b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-bucket-endpoint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-arn-parser", + "group": "@aws-sdk", + "version": "3.568.0", + "bom-ref": "@aws-sdk/util-arn-parser@3.568.0", + "author": "AWS SDK for JavaScript Team", + "description": "A parser to Amazon Resource Names", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-arn-parser@3.568.0#packages/util-arn-parser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-arn-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-arn-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.568.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d4289596a3e28e07b7db9cf3f4fa0fe8e54964bbf5f9dedee2fe1fac3c7af9c71613249f426276d3a28f799b3c5eef15af90baec36d27c2fe327367f4836cdb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/util-arn-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-expect-continue", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-expect-continue@3.577.0#packages/middleware-expect-continue", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-expect-continue", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-expect-continue", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e9d3e9f13bf8174a1fe2e9f9200c86eaafbe1ab46b3504383f6340301d56d153b826812ed42f0689ebdb6c32e2f3c4c52059ad2a99c70743830b3c27a1ef09b0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-expect-continue" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-flexible-checksums", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-flexible-checksums@3.577.0#packages/middleware-flexible-checksums", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-flexible-checksums", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "207014122a487da823c3dd8b57c48e48188217b667a9f1dcc35e0891c656dbf99fac2cb5161fe4e343284bfb774eba36b50f75ae040fc14a12801fd00a2d8eae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-flexible-checksums" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2334a0b2bc5472cade8d06cf5629482b2d7a9004f9d84c01eb349a23e337c712212a1e7e6a5744caf23ecfa7ab33b4c22c1d8126c16bb478e9ebfe3fb2bfb774" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "crc32c", + "group": "@aws-crypto", + "version": "3.0.0", + "bom-ref": "@aws-crypto/crc32c@3.0.0", + "author": "AWS Crypto Tools Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-crypto/crc32c@3.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/aws/aws-sdk-js-crypto-helpers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/tree/master/packages/crc32c", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-crypto-helpers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10d34f3cc6a79a7549e014d794e8c0803ed446275b0339d446a0f42af7d1132738a36d033d874495d5357f9710ec96e3d0224948f68c224ffd66c85d077db5d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-location-constraint", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-location-constraint@3.577.0#packages/middleware-location-constraint", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-location-constraint", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-location-constraint", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ca3d30f60f6b3eb76414a3f21762d55affa527f0667ea61493064c81371da47d9cf82b06af865fc92734aa4d5dc67c25e455d16eec2ae3a17ec167aa9679350" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-location-constraint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-sdk-s3", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-sdk-s3@3.582.0#packages/middleware-sdk-s3", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-sdk-s3", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-sdk-s3", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c9a90a4ba0b6993d12382ff5d951e1e477d5152bc540afd477f30bf4a2c19e313bf30fd8b0cf39342364ed06a15d6bfe71101d58815619c32aaf992b579adb6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-sdk-s3" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-signing", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-signing@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-signing@3.577.0#packages/middleware-signing", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-signing", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-signing", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "412fdd877f8da996d7b58d23fc367cebba203f8d77a46e5c146a81cbd39e3a10ccb2895cc0bad06e2d12d1ceb6d5d73540dabe7abf5f7da32167f68f9325d722" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-signing" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-ssec", + "group": "@aws-sdk", + "version": "3.577.0", + "bom-ref": "@aws-sdk/middleware-ssec@3.577.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-ssec@3.577.0#packages/middleware-ssec", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-ssec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-ssec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.577.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8b604f251faba7cc6645520673487590344570cd89f469c296aaa973e34b4a399869d95c83898f9258accfd1f3c0555c44f2795dc19fdd4e0162ce46f3e893ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/middleware-ssec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signature-v4-multi-region", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/signature-v4-multi-region@3.582.0#packages/signature-v4-multi-region", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/signature-v4-multi-region", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/signature-v4-multi-region", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68508e8e336a117da5f95f108ce5b2e45ec2b47202fd1958741bafdcda3acb19fea4cbd55147bacdd324db21d672e755a475accaf719cc050196200f7852cfb1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/signature-v4-multi-region" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-browser@3.0.0#packages/eventstream-serde-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "341ec01623cde0dc4ffd80809ebbd8475f33dbf66c887885ed5b46df482c84ef466c5ac86f5ac2f1ea78346a49496af3e8feb8ba13d77a8e0cd14b022e764aab" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-universal", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-universal@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-universal@3.0.0#packages/eventstream-serde-universal", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-universal", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-universal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1cd15f4a19a8b5619e0285b8ba33fc99e57d0596af72999eac36cf2239096f129b37c46c51ca5143fd8ec88c563715cd1f6196080c6e481ef29e62062654370f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-universal" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-codec", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-codec@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-codec@3.0.0#packages/eventstream-codec", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-codec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-codec", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3d4b72100d0e8a4e7449a105099d163d5b45f6dcffb5ecded9f0e9b56e9645797e46b11e9c7f146c48ee74ecfc89a922325de513794256a61fd98fb39cbf1015" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-codec" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-config-resolver", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-config-resolver@3.0.0#packages/eventstream-serde-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "454406def4372d7ee97aaa8701b99aca182b1796938a53e76b38a7692185d4fd3eb60337bef21158f1e694b233daa16a07d2ea148c5d8adc5cf0ed99ea9b2b47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eventstream-serde-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/eventstream-serde-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/eventstream-serde-node@3.0.0#packages/eventstream-serde-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/eventstream-serde-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/eventstream-serde-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6da44f74c0433011316572140283c69bf867b62c63b7f545a54ebe5660b2898258cd11d1c68688d4c37ee5713e8484bc009d860872cc14420e2f3abdc71d4481" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/eventstream-serde-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-blob-browser", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-blob-browser@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-blob-browser@3.0.0#packages/hash-blob-browser", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-blob-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-blob-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd66e9760f9bc09bd6ee5c51ff3a5601cd7fc7f62472a82eb85d9b033909aef5eb899bb5be6f2bf8f51d138b32895c1083b3cf476757a62dc22c16fda910da55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-blob-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader-native", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader-native@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader-native@3.0.0#packages/chunked-blob-reader-native", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader-native", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader-native", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5439290985bea5e4ae338cc98a9e560dfaaf836328fdef32c4ebf7545d66d75cbb07c28a30a545b666560dedfa16f93cac6b96acf6471d767bad1eee339c96ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader-native" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chunked-blob-reader", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/chunked-blob-reader@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/chunked-blob-reader@3.0.0#packages/chunked-blob-reader", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/chunked-blob-reader", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/chunked-blob-reader", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b1b9d4442c231748124e81a5b0188099dd654429929fbda7bbd6b17c9bb9948c7a4541201eee86c1331ba827614128b43ee99c9b9bc5c6c8bd5d65dbda64daa0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/chunked-blob-reader" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hash-stream-node", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/hash-stream-node@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/hash-stream-node@3.0.0#packages/hash-stream-node", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/hash-stream-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/hash-stream-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2748bb75ef848170c41884c3e1fc7398c5fc0b208d1134c84579718cc88d52fbeeefa5e7dc6277d70411f39ca794f936c08d65aa892700525a0f57e234395b20" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/hash-stream-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "md5-js", + "group": "@smithy", + "version": "3.0.0", + "bom-ref": "@smithy/md5-js@3.0.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40smithy/md5-js@3.0.0#packages/md5-js", + "externalReferences": [ + { + "url": "git+https://github.com/awslabs/smithy-typescript.git#packages/md5-js", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/md5-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e6d2faeb5738e50fee910904f1ec3dcbb39f12dc5507d590ad53530887fa9099a3a8d47f6530dd9ab3a0a291c13081ab6d9c0f5251149da09276ef131c11f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@smithy/md5-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "confirm", + "group": "@inquirer", + "version": "3.1.9", + "bom-ref": "@inquirer/confirm@3.1.9", + "author": "Simon Boudrias", + "description": "Inquirer confirm prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/confirm@3.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/confirm/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/confirm/-/confirm-3.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "505d3d69e8f10a2e17aa6e8dfe32408855c0ad77e2f5a979d8015a483fb6b881e78591ad77577a94819344c3e8b95489c5b1848be1e43964986a2118ffeb3353" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/confirm" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@inquirer", + "version": "8.2.2", + "bom-ref": "@inquirer/core@8.2.2", + "author": "Simon Boudrias", + "description": "Core Inquirer prompt API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/core@8.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/core/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/core/-/core-8.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2bc4ae357e398c41655f7101269bbd07e4b64c84b330f197648b89f4c13ddb84aa6dd5ba3ede9f2242af5e0ee638438a2785b1a50b318f45137dc2ff038df85b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "figures", + "group": "@inquirer", + "version": "1.0.3", + "bom-ref": "@inquirer/figures@1.0.3", + "author": "Simon Boudrias", + "description": "Vendored version of figures, for CJS compatibility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/figures@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/figures/-/figures-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "12b5d7cc434c1f9a49b79fecb175740df59466a972f271b37f451c055f714e73fe2b27df1369aacb120c06b67c8a341c9369d4d13426e34110079dd8adec961f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/figures" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type", + "group": "@inquirer", + "version": "1.3.3", + "bom-ref": "@inquirer/type@1.3.3", + "author": "Simon Boudrias", + "description": "Inquirer core TS types", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/type@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/type/-/type-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5352dd0dba5ca55f6effcccc74e1961aaff92bd6b69a8854d5bd0e5f7a58d0b22020766d163e3e12ef7ff27b47dbb2587ed7942b22e0ef7c25d37a4ee9318e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/type" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "group": "@types", + "version": "0.0.4", + "bom-ref": "@types/mute-stream@0.0.4", + "description": "TypeScript definitions for mute-stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/mute-stream@0.0.4#types/mute-stream", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/mute-stream", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/mute-stream", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/mute-stream/-/mute-stream-0.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "08f33d9f3ac23cf24740d03d91e1fd09591523e591e6431afbb5c4b398dc190d15a001a72efdb8db0f252158300047e6138a2e7c945a4dcf4f34b425d22a00a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "group": "@types", + "version": "3.0.0", + "bom-ref": "@types/wrap-ansi@3.0.0", + "description": "TypeScript definitions for wrap-ansi", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/wrap-ansi@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "96d229c7e90cee0fcc2d165f91b2fb12c0848dfcc271270ba64837ede5c4b71e649ab00a0644c9c1dd462008c348bf304e933a1f39f960ee2949bf75044c2ed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "input", + "group": "@inquirer", + "version": "2.1.9", + "bom-ref": "@inquirer/input@2.1.9", + "author": "Simon Boudrias", + "description": "Inquirer input text prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/input@2.1.9", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/input/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/input/-/input-2.1.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d714c21e621ee3cc7d086d7ef209401eb555747f907d887380151b832a15a69e4da2f9d78117234a7fd236e95ea717fd3a5f070eade0cf0dd908052bfa1d44ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/input" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "select", + "group": "@inquirer", + "version": "2.3.5", + "bom-ref": "@inquirer/select@2.3.5", + "author": "Simon Boudrias", + "description": "Inquirer select/list prompt", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40inquirer/select@2.3.5", + "externalReferences": [ + { + "url": "git+https://github.com/SBoudrias/Inquirer.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/blob/master/packages/select/README.md", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SBoudrias/Inquirer.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@inquirer/select/-/select-2.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "232063f2812d99d1761b1e052533ed1326b7ecc0fab342804cab07aa09a5b3494aec441b8584aaf46425705aba701b187bf720434160d9c0aa6183e2fddfdfc5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/select" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "plugin-not-found", + "group": "@oclif", + "version": "3.2.1", + "bom-ref": "@oclif/plugin-not-found@3.2.1", + "author": "Salesforce", + "description": "\"did you mean\" for oclif", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/plugin-not-found@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/plugin-not-found.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/plugin-not-found/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/plugin-not-found/-/plugin-not-found-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63617258b133893ae0750c1de0bb59718bf754e31e0e15b4a56ea16c4d2eddf25dc6cf1fdc92df38724f77c14fa2b56dda576c6a3e3371751603abcc40a78a6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "3.0.0", + "bom-ref": "fast-levenshtein@3.0.0", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84a28d6a39b8eae3664e58474b2664993a00739eae649c18abbcab722663a8ec6795f4301110d02661cf529ee6d66f70c7cbe039ef08682299e4abf69350dd09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7919c2b534ed199169402c2126250ebb13d05915d52980e7d1bd8f7877d72fafd98b9dd22c0cc01df5615562b602bc82fd61f4e6419fc611483ef4c5d125d0ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "async-retry", + "version": "1.3.3", + "bom-ref": "async-retry@1.3.3", + "description": "Retrying made simple, easy and async", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/async-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/async-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/async-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1faff8ecb70f71362ff4b5e307ad15bb76ccf72ede4046160d6767b0a5a76785a229e666c02e13803fe10076c0bbb7867ac2ab0356ff7e5ba826d4393d984cb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/async-retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.13.1", + "bom-ref": "retry@0.13.1", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.13.1", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d0050dc8f16d4281ed127a1fba8238f4dcb6e64455aea2cce02bda280a9c1822b861a0ef34a5fab8714914e439249f07ce7c5b5e470959e7a3d838663215676" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/retry" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "change-case", + "version": "4.1.2", + "bom-ref": "change-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform a string between `camelCase`, `PascalCase`, `Capital Case`, `snake_case`, `param-case`, `CONSTANT_CASE` and others", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/change-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/change-case/-/change-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d2c58db0b3d3adbe220b1b51226392bb34dc64aa0fc99d19c5c4bb4a43de896af8a22318bb76332b49dd04093f400be96db429666302b0e77056a4e31b968ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/change-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camel-case", + "version": "4.1.2", + "bom-ref": "camel-case@4.1.2", + "author": "Blake Embrey", + "description": "Transform into a string with the separator denoted by the next word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camel-case@4.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/camel-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83119606b4d3d49b8cc7a47ea393d35cc9949e19d5ccb43d48dbad0f862a2ad23a6a9f3deedded28409895aea0096124a655e794dc9b124660f46106c4a14283" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camel-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pascal-case", + "version": "3.1.2", + "bom-ref": "pascal-case@3.1.2", + "author": "Blake Embrey", + "description": "Transform into a string of capitalized words without separators", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascal-case@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/pascal-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b969464f76129caf71dc140968e75c670ae757a84fa5df23147d7fb9ca622d13e1ff6cc2549292d7d1381af607bda09c0029f77e85d9d1c2c1f56af1d4a19ee6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pascal-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "capital-case", + "version": "1.0.4", + "bom-ref": "capital-case@1.0.4", + "author": "Blake Embrey", + "description": "Transform into a space separated string with each word capitalized", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/capital-case@1.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/capital-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/capital-case/-/capital-case-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "76cdfb5bc0b2b478309e11864e2f3ca5c3f2475e6aa0d90ea58c2630c7e75aaa9680449aa4baaf0f1ea1b858d0e6fa964a7d99d3ad7bdd7340ecbb4c39e521d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/capital-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "no-case", + "version": "3.0.4", + "bom-ref": "no-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with spaces between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/no-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/no-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e000dde318087e468c541991d348e2c922a51cdb09a8070191e2d6e93402a69a8bc5a16ab439d4646f456495d45e3b66b68814ff384ba51bd5d251cd74af7ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/no-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case-first", + "version": "2.0.2", + "bom-ref": "upper-case-first@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string with the first character in upper cased", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case-first@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case-first#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case-first/-/upper-case-first-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e75e29a581c168ac1f2512bfa4d0ba73f3b17c66b4a1b4a7025d74eaef7b11dd08eb6e4d8a7f7a2808edb5917a64bdded572eda61c67aab3a2f625a09bebbe6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case-first" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "constant-case", + "version": "3.0.4", + "bom-ref": "constant-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into upper case string with an underscore between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constant-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/constant-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/constant-case/-/constant-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "236852062ed5becec112e243af97431dfcdbfd1ba3dc5caf17287b28b8a5023350c3705efb182a5010365bab1c54470bd212f57703d1b48a843d55022a44acc9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/constant-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "upper-case", + "version": "2.0.2", + "bom-ref": "upper-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to upper case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/upper-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/upper-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/upper-case/-/upper-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a07600c626dd93a6ec015088e01ba973c36196151096f5091f922bf40f1a871cb6091e6b6675420a71977cac78054a3a29553970ea08330a6d5bf0c150c2292" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/upper-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "dot-case", + "version": "3.0.4", + "bom-ref": "dot-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with a period between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dot-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/dot-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2afe672a587ac91addac6bf1789d9ee72d9e454a64528b085b8036012dfccf04b3dbbceeeee7c3c103e2e4986cdd702518d7ad9776e69c6850b0cb642899e3df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/dot-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "header-case", + "version": "2.0.4", + "bom-ref": "header-case@2.0.4", + "author": "Blake Embrey", + "description": "Transform into a dash separated string of capitalized words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/header-case@2.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/header-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/header-case/-/header-case-2.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1ffbee9394c4115670ad1d25a76cde77d382a35b8020b325c742443200b6eabcf2249dcdd6fe979301c75c941d4767684a37063cce8e28f6282607f4a65275d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/header-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lower-case", + "version": "2.0.2", + "bom-ref": "lower-case@2.0.2", + "author": "Blake Embrey", + "description": "Transforms the string to lower case", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lower-case@2.0.2", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/lower-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edf9b797734017d59f37a5b724e99fe5daf0a55a97efc26da0627703a5b46ba66795d338d70d9f5790f8f74a6c2854e931db3c4c9b1efde1cb145b0d1c78c782" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lower-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "param-case", + "version": "3.0.4", + "bom-ref": "param-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower cased string with dashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/param-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/param-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "457963ef3098a2445ea96a4e3c7f68622bd4ccb619e6f00f21f1260933558a8b02efc17c1741fdcbb4fb806d8cdfdca682eb7117981c144b326504a987d069dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/param-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-case", + "version": "3.0.4", + "bom-ref": "path-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with slashes between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/path-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-case/-/path-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a8ee2a0858d7a954eb71b3edfe141f85343e56116ca8d28e3edcad80d2a42b14a8129dd73d443c39b16e78fca5388a24e608e7ebdaf2f178942f10b0a2ddd67e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sentence-case", + "version": "3.0.4", + "bom-ref": "sentence-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case with spaces between words, then capitalize the string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sentence-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/sentence-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sentence-case/-/sentence-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0b4b42489da40c091a10ed8532b40a3fc54bb95b65e74315761c8ffab8ce94ec22134b546a3c496bdf457ab88ab230a33d949191545cb9ff80aecdc8b13584a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sentence-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "snake-case", + "version": "3.0.4", + "bom-ref": "snake-case@3.0.4", + "author": "Blake Embrey", + "description": "Transform into a lower case string with underscores between words", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snake-case@3.0.4", + "externalReferences": [ + { + "url": "git://github.com/blakeembrey/change-case.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/tree/master/packages/snake-case#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blakeembrey/change-case/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c03a1e33f3d6c642f97da457cd17c575e3a8bba3bfc2a853dbab36203fec98cc3203792f4768d16d5c005a9915be010cc454e0dcbc4efd96327ef1af5849d32" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/snake-case" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-yarn-workspace-root", + "version": "2.0.0", + "bom-ref": "find-yarn-workspace-root@2.0.0", + "author": "Square, Inc.", + "description": "Algorithm for finding the root of a yarn workspace, extracted from yarnpkg.com", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/find-yarn-workspace-root@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/square/find-yarn-workspace-root.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/square/find-yarn-workspace-root/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-yarn-workspace-root/-/find-yarn-workspace-root-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d483276e3b782b3b107e7867ccd77cc141205d9e3823365a6669cb631ec3e45665687b76816db40ab8bc43e13fb79b488f8f9ea5306e6fed99c6efef3482f3a9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/find-yarn-workspace-root" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "github-slugger", + "version": "2.0.0", + "bom-ref": "github-slugger@2.0.0", + "author": "Dan Flettre", + "description": "Generate a slug just like GitHub does for markdown headings.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/github-slugger@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/Flet/github-slugger.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Flet/github-slugger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Flet/github-slugger/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/github-slugger/-/github-slugger-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21a390f69b98b63ae4abb63462097d283667adffda89425852955ff3dcbc9326b16d11bb6354ab5ff8daba6aeff35bdceb5fa488c7a6a6e8ec337630ef0e6a73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/github-slugger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "got", + "version": "13.0.0", + "bom-ref": "got@13.0.0", + "description": "Human-friendly and powerful HTTP request library for Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@13.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/got.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/got/-/got-13.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5df064d42c4e39270370cafd3b5c8a90d690cb2f3ae4d6d8b3e17b76be07d0b64c5600a3d8b7b9f64e8fa9b347a0be53a1e684414621e9ceb231f55c73a489c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/got" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is", + "group": "@sindresorhus", + "version": "5.6.0", + "bom-ref": "@sindresorhus/is@5.6.0", + "author": "Sindre Sorhus", + "description": "Type check values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@5.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4d5eedf062986895ac9f4d2d143a81c3cf94aa6afc0347d1535b6f4d08726731afd2c24219140bdc918c237b9cb8aa375c865d50ff8bc7bfe0876b7795ec32ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sindresorhus/is" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-timer", + "group": "@szmarczak", + "version": "5.0.1", + "bom-ref": "@szmarczak/http-timer@5.0.1", + "author": "Szymon Marczak", + "description": "Timings for HTTP requests", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40szmarczak/http-timer@5.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http-timer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http-timer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http-timer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f9905f43e20183cc79561edb7ecb24062f38c616d63dab1f96113b24b76f8093549ba6df81df46f2af033a331c0406d139c735d51f63d9c2794c9102cfff73" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@szmarczak/http-timer" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "defer-to-connect", + "version": "2.0.1", + "bom-ref": "defer-to-connect@2.0.1", + "author": "Szymon Marczak", + "description": "The safe way to handle the `connect` socket event", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/defer-to-connect@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/defer-to-connect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/defer-to-connect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2dbedb5ea571b555a606ad189b93913025dd6de2e76e9d239531d2d200bea621dd62c78dfca0fc0f64c00b638d450a28ee90ed4bd2dc0d706b1dcd2edd1e00e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/defer-to-connect" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-lookup", + "version": "7.0.0", + "bom-ref": "cacheable-lookup@7.0.0", + "author": "Szymon Marczak", + "description": "A cacheable dns.lookup(…) that respects TTL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-lookup@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/cacheable-lookup.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/cacheable-lookup/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "faa272c78c622ab6bc999adcc218cc44c5210f9351d51f1eb0f933218c57f7a26279c168c405c5bb3fc6a51dfe7afe0f13559a9878a9efcc15d2f7263d0b69f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-lookup" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacheable-request", + "version": "10.2.14", + "bom-ref": "cacheable-request@10.2.14", + "author": "Jared Wray", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@10.2.14", + "externalReferences": [ + { + "url": "git+https://github.com/jaredwray/cacheable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jaredwray/cacheable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jaredwray/cacheable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ce40d3e56005e21492a148327e0e6d148c73f1740afb6e56fd32d5a2325330a05ac5ebcb041b4bc60aa0b80b95401f0f556efd1558c7714f8627db556c367d99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cacheable-request" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "group": "@types", + "version": "4.0.4", + "bom-ref": "@types/http-cache-semantics@4.0.4", + "description": "TypeScript definitions for http-cache-semantics", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/http-cache-semantics@4.0.4#types/http-cache-semantics", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/http-cache-semantics", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/http-cache-semantics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d66d1b20555cede256caf7bd4b4467b9181c42a17f5dde50b1464065e405af5437fe9f495a841012a995cbe0cf4cda465f086021eb40a1817c252737deadbd40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7abdbde4328f56c57cda3e64c351a3b7e00303f5d81ec6a397cd9c18d406d9eca83e4be05215fe9c32327a5ce12166dbb173f7f441dc23a979b58b36158a985d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "4.0.0", + "bom-ref": "mimic-response@4.0.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b92121fdc4c614d03ceb4fe8e5f2adb37bd0fa79606da3e23c08da5ef9523e2b627f17f9373dd91d4ddcf8c2f1951f8353a68f8d4584d522e31010c31cb0baa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-url", + "version": "8.0.1", + "bom-ref": "normalize-url@8.0.1", + "author": "Sindre Sorhus", + "description": "Normalize a URL", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@8.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/normalize-url.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20ef50be350c5b13d0421b3ad283aed740919160a26734949336d718657da6f8989757d761cbe4cd0e6357dcfc63aba7f0046855197812d0babfa8cda9b689ff" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-url" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "responselike", + "version": "3.0.0", + "bom-ref": "responselike@3.0.0", + "author": "Luke Childs", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/responselike.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/responselike#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/responselike/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e34c87c5b35c976fabcd7bd9b9592b62885ab61b122653135caaf21b9cbcb9c887bf5fb10cb1d0a608c6eb82543bd9eb12ada318b1fa219f01719cb0df0af07a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/responselike" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "decompress-response", + "version": "6.0.0", + "bom-ref": "decompress-response@6.0.0", + "author": "Sindre Sorhus", + "description": "Decompress a HTTP response if needed", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/decompress-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "696df9c9933a05bff8a099599dc307d8b0a866d2574d1c444b5eef137868462a305369161da24a1644810e70d1f9c9bd27ef5085799113221fbf4a638bd7a309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "form-data-encoder", + "version": "2.1.4", + "bom-ref": "form-data-encoder@2.1.4", + "author": "Nick K.", + "description": "Encode FormData content into the multipart/form-data format", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data-encoder@2.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/octet-stream/form-data-encoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/octet-stream/form-data-encoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c8361280d32b6aabe7c621173b8862f3cf986716870ba40acdbe4df388910930de44eed900ba62aff95599ffee5d4867c14af63b81d4f2cfe7eb1fb23634241f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/form-data-encoder" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http2-wrapper", + "version": "2.2.1", + "bom-ref": "http2-wrapper@2.2.1", + "author": "Szymon Marczak", + "description": "HTTP2 client, just with the familiar `https` API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http2-wrapper@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/http2-wrapper.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/http2-wrapper/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5799d5c353c03a07c8dcb99e6a3d84c667a0edf7a78e1454833d653d27b3cb50ae84f61b810b5b423e2365f10010c95a2febeea6cbe18ea0b28f3a1bd32c6c99" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/http2-wrapper" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "resolve-alpn", + "version": "1.2.1", + "bom-ref": "resolve-alpn@1.2.1", + "author": "Szymon Marczak", + "description": "Detects the ALPN protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-alpn@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/szmarczak/resolve-alpn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/szmarczak/resolve-alpn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d1ad45e25ef7fd915939a9099d0dc5be4276fa0493416cffaf6284e4e7436344f13e6e61e0692a91659f338ed3ec7b1b9ceb5c255105e1ea42572eaeed0dcafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-alpn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lowercase-keys", + "version": "3.0.0", + "bom-ref": "lowercase-keys@3.0.0", + "author": "Sindre Sorhus", + "description": "Lowercase the keys of an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a33082ea0750fa0957390b2f78a0f462c0f2f034901630d3cf8cf2cc41cd579f893f90fad8b99f0d9ea8d5cc9c171f68b86f78d0ce5d13c0bc0937b0763d9859" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lowercase-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-cancelable", + "version": "3.0.0", + "bom-ref": "p-cancelable@3.0.0", + "author": "Sindre Sorhus", + "description": "Create a promise that can be canceled", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-cancelable.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a55604773c6bb3968d0c993764e1c5ea5d69704032e738d4c083ab26eb65e430912247137718bdd27df918beac289db90905cac8ed4befe5987dca3be7da253" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/p-cancelable" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eabbc27de456f8e1196a0001e2530b48db933586562d5b4a71c2bbf554937ffff24d8e5538281ca47f343be6d92bc35ea6cee95277791be425320d7257fda265" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "90df5d25bbe7c921d42c896e0c7cb7d961d152edce83b07db1b63bb6c14b72d42422a9cc877844ad881d3234d8baa99c5d7fa52b94f596752ddc6ef336cc2664" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.17.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b21f0f59cfdfb4ca8001d16206ee85cba2543988ea0c9049bc88697c33321ebaf445ba7996266a7784e3b50fd181f2e328565bf8b331e61a66979a8e5b2d2abe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e2538dabfb13b851b512d5bba8dcb3c992394eef8df45e7e5254085da73cec3c7b236d855f9679c57404e069b9cbb9d7be0aabb6e69e8dfa0da5c3f3c5b1ae3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-package-json", + "version": "2.10.0", + "bom-ref": "sort-package-json@2.10.0", + "author": "Keith Cirkel", + "description": "Sort an Object or package.json based on the well-known package.json keys", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-package-json@2.10.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-package-json/-/sort-package-json-2.10.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31879c7ef39b3302638c9b2487161fb8e003917a7564c3270850bcca1a7ef470ec93b1e1477dfa85dede881b3dea54d77e2aa650d23e59009e08c441865db9d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-indent", + "version": "7.0.1", + "bom-ref": "detect-indent@7.0.1", + "author": "Sindre Sorhus", + "description": "Detect the indentation of code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-indent@7.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-indent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-indent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-indent/-/detect-indent-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "31ced0850f2cf9c2eb9d47d4fc98bde2f1bfafc336ea6f1ffbebf2adeb38668a236910e9675792221fc4a732cdc255aebf3499dd46c316ca6316f4c35dee9efe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/detect-indent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "get-stdin", + "version": "9.0.0", + "bom-ref": "get-stdin@9.0.0", + "author": "Sindre Sorhus", + "description": "Get stdin as a string or buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stdin@9.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/get-stdin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/get-stdin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7552818df5a2b0b02271aac8d927fe26e044fc382157853334055ef7284426ecde44477726139313d7146894de49aefb7ec6d050ade970ea497cce7df9529968" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/get-stdin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git-hooks-list", + "version": "3.1.0", + "bom-ref": "git-hooks-list@3.1.0", + "author": "fisker Cheung", + "description": "List of Git hooks", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/git-hooks-list@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/fisker/git-hooks-list.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fisker/git-hooks-list/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/git-hooks-list/-/git-hooks-list-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2c5f15787791eeffb001b5ea7e04654d25ffd41251f50d6f10c47c240cf570483a197d3bfb3ca3dec01d0ef6238ffc679487d5b86823e2a05e8b52b784a1fe3c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/git-hooks-list" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sort-object-keys", + "version": "1.1.3", + "bom-ref": "sort-object-keys@1.1.3", + "author": "Keith Cirkel", + "description": "Sort an object's keys, including an optional key list", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-object-keys@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/keithamus/sort-object-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/keithamus/sort-object-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39e69bcaf95914ecf68a60f73e2639e6b781337a3407ca1845df7ab7d6a1bcc7b99a0f391e1610004e174261acb5d422123bea803308ce04ff9f3d97b420fca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-object-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-jsonc", + "version": "1.0.1", + "bom-ref": "tiny-jsonc@1.0.1", + "description": "An absurdly small JSONC parser.", + "purl": "pkg:npm/tiny-jsonc@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/fabiospampinato/jsonc-simple-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fabiospampinato/jsonc-simple-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tiny-jsonc/-/tiny-jsonc-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a4e810b1cef6bd0e88847c35ff962d0bd9c58a3cf10d62f8b1529ac5765dd83e2e1b6595210e7348f5852469caeffae206f74767c51e6636a6a80fa5210fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tiny-jsonc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "open", + "version": "10.1.0", + "bom-ref": "open@10.1.0", + "author": "Sindre Sorhus", + "description": "Open stuff like URLs, files, executables. Cross-platform.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/open@10.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/open.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/open#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/open/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/open/-/open-10.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9a791e435a8fe547b6c1df9a8af4c3dcd1ddfe567de8bbb48e07f4a7092d2cfb71e9c4d9887eedc9e191447b34cd7d2b6eb6a15cf9d79549db797c9a041b886b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open" + } + ] + }, + { + "type": "library", + "name": "default-browser", + "version": "5.2.1", + "bom-ref": "default-browser@5.2.1", + "author": "Sindre Sorhus", + "description": "Get the default browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser@5.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "598ff74d4304d31dca3d875147110926f5d11d5e0fc8fa14b31b596bbf25c08b7045044785dd94f713ac71a4ff6137fcb825c8023789385055121ffb16d0fc5e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser" + } + ] + }, + { + "type": "library", + "name": "bundle-name", + "version": "4.1.0", + "bom-ref": "bundle-name@4.1.0", + "author": "Sindre Sorhus", + "description": "Get bundle name from a bundle identifier (macOS): `com.apple.Safari` → `Safari`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bundle-name@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/bundle-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/bundle-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b63c0ce5ec4c83a046448fa43664e7b4db2f7594b55fc045612ead9c9da1747d2457133afde559db1cbe16a4ad496bd89ad7c53032c8c6eae8ac7c0329f0f3e5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-name" + } + ] + }, + { + "type": "library", + "name": "run-applescript", + "version": "7.0.0", + "bom-ref": "run-applescript@7.0.0", + "author": "Sindre Sorhus", + "description": "Run AppleScript and get the result", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/run-applescript@7.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/run-applescript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/run-applescript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f5bcb8223f7d254aff3021415240ca2d62b71bd1d55e669b2b3f54e4c948008bafbb39223a271162cf1724bc57fb16a10fe98b8a20980ea17d74a020b7328fd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/run-applescript" + } + ] + }, + { + "type": "library", + "name": "default-browser-id", + "version": "5.0.0", + "bom-ref": "default-browser-id@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the bundle identifier of the default browser (macOS). Example: com.apple.Safari", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/default-browser-id@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/default-browser-id.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/default-browser-id/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03aa7fa6effa7f205c0354d1cff1aa5983d58a996b7ed716da0642f6aefd9e0342280791fd7de070475740797828d5d5fb7c20209d423e4250dc81ccea572cc8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/default-browser-id" + } + ] + }, + { + "type": "library", + "name": "define-lazy-prop", + "version": "3.0.0", + "bom-ref": "define-lazy-prop@3.0.0", + "author": "Sindre Sorhus", + "description": "Define a lazily evaluated property on an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-lazy-prop@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/define-lazy-prop.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/define-lazy-prop/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "37e31e5d8a2aaf7a4e827f317f244f44437b8076a42d88e1b07856193ddf58088be08900b74883c35e108a2126d9b137d1ce575f9ab416d000dc22b97fdfc152" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/define-lazy-prop" + } + ] + }, + { + "type": "library", + "name": "is-inside-container", + "version": "1.0.0", + "bom-ref": "is-inside-container@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a container (Docker/Podman)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-inside-container@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-inside-container.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-inside-container/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28860b08226085f1d9c6a8d8044eeb132d0e06e4dde710874bbb47560bc22e4c7b4ad2286b1c0d5b784200b80452315f79193e306fd0c66a7fbed113105ded44" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container" + } + ] + }, + { + "type": "library", + "name": "prompt-sync", + "version": "4.2.0", + "bom-ref": "prompt-sync@4.2.0", + "description": "a synchronous prompt for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prompt-sync@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/heapwolf/prompt-sync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heapwolf/prompt-sync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/prompt-sync/-/prompt-sync-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "06e133cdce73a6d3f92ec815e4c6444e30da29259f72197953d2ee8aef122a9ee26560f9b596a53b1bcd719470bfe776a61345afcc656f198535c44a7c93b327" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync" + } + ] + }, + { + "type": "library", + "name": "lodash.truncate", + "version": "4.4.2", + "bom-ref": "lodash.truncate@4.4.2", + "author": "John-David Dalton", + "description": "The lodash method `_.truncate` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.truncate@4.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8edb6645eedb46c7b9d8eb1620c0cb697c56a91026b4851c70043781aaef882a898da7d739f34c3b4c8c7cda5d0facdb19a4d4d0fe4dcfb7bb8004fa70a98947" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lodash.truncate" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.2.3", + "bom-ref": "tmp@0.2.3", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.2.3", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d90fb9bd8823c2e60d2962671ac688182a08127cbb1dc65f287f743fa086ea0aa2cb20ef48005d065a35f5cfd3594473e25eff167b1e320c2699b20130d18f3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tmp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "29.1.4", + "bom-ref": "ts-jest@29.1.4", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@29.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6221f00e14af0a222da0082c2ada0b142b9a903cc3b09d432c39d2a2e4da4e674e70ec08912cdb2d776e690e8ce4345586e642fcd61a699fe6b476d632ffd2e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "remapping", + "group": "@ampproject", + "version": "2.3.0", + "bom-ref": "@ampproject/remapping@2.3.0", + "author": "Justin Ridgewell", + "description": "Remap sequential sourcemaps through transformations to point at the original source code", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40ampproject/remapping@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/ampproject/remapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ampproject/remapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ampproject/remapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df4899b403e0cfe2d3218a1e8afa98a3ce777f4da305849de6e1a71a9905574337c4eb7d68def77ab920600999538df1e157ea7272f15bd2a98374792c2e1863" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@ampproject/remapping" + } + ] + }, + { + "type": "library", + "name": "js-tokens", + "version": "4.0.0", + "bom-ref": "js-tokens@4.0.0", + "author": "Simon Lydell", + "description": "A regex that tokenizes JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/lydell/js-tokens.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-tokens" + } + ] + }, + { + "type": "library", + "name": "helper-compilation-targets", + "group": "@babel", + "version": "7.23.6", + "bom-ref": "@babel/helper-compilation-targets@7.23.6", + "author": "The Babel Team", + "description": "Helper functions on Babel compilation targets", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-compilation-targets@7.23.6#packages/babel-helper-compilation-targets", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-compilation-targets", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f49079e3c199a10566ceb160a7ca3b2b17609131a6eb1b3d0d6d28fcf8a6ef65038f3af939b510e99cd83ea03e83d3934b66c142872d2c9ae4cb444308059181" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets" + } + ] + }, + { + "type": "library", + "name": "compat-data", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/compat-data@7.24.4", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/compat-data@7.24.4#packages/babel-compat-data", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-compat-data", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be0f068a1d8c2cafa43a41c9a788011089326888b4d23816a2dd83f503a699f2c2f2320d48ece608bb5ae81bf3fc94810aa9de815d0bf348e1c64a25e4658d7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/compat-data" + } + ] + }, + { + "type": "library", + "name": "helper-validator-option", + "group": "@babel", + "version": "7.23.5", + "bom-ref": "@babel/helper-validator-option@7.23.5", + "author": "The Babel Team", + "description": "Validate plugin/preset options", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-validator-option@7.23.5#packages/babel-helper-validator-option", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-validator-option", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/babel/babel#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f39b6d00e30bb2be775605e44db931f2803a6137d3e2aeff1f35d22c46268dc49324f30f42dbead410fbf41c9ea79c4c5186c64731290ec8d47f7772a79e082b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-validator-option" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "5.1.1", + "bom-ref": "lru-cache@5.1.1", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@5.1.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2a9340450037230bfe8d3034bad51555bae1f8996baf516fd1ee7a186cc014e5cdedd93f16f89a0d6f0b1e62b9d8395c1f858fda7ea023cbcdd5a7ac045828f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "3.1.1", + "bom-ref": "yallist@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6b850641a58f1f9f663975189c01b67b09dc412e22e05e374efdc9a0033eb365430264bd36c2bc1a90cc2eb0873e4b054fb8772ba4cea14367da96fb4685f1e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yallist" + } + ] + }, + { + "type": "library", + "name": "helper-module-transforms", + "group": "@babel", + "version": "7.23.3", + "bom-ref": "@babel/helper-module-transforms@7.23.3", + "author": "The Babel Team", + "description": "Babel helper functions for implementing ES6 module transformations", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-transforms@7.23.3#packages/babel-helper-module-transforms", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-transforms", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-transforms", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "edb06ce040fd3a6b3075f0f3a73e0ca56812ad5ec55e5737cc86a0bcb1634b91fe324ed29ebdb5bd0e90c2bb2808631f342e1ee0b40f76850b12de32933d1245" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-transforms" + } + ] + }, + { + "type": "library", + "name": "helper-environment-visitor", + "group": "@babel", + "version": "7.22.20", + "bom-ref": "@babel/helper-environment-visitor@7.22.20", + "author": "The Babel Team", + "description": "Helper visitor to only visit nodes in the current 'this' context", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-environment-visitor@7.22.20#packages/babel-helper-environment-visitor", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-environment-visitor", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-environment-visitor", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cdf79d488cc585ab7f8058567c7b605af95e7349ea07d604215ae9bb08ebb8b9577d44a703c7090749a21cac2a0e743b777d9a2a8db1b7cf3fc59a6dc316df84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-environment-visitor" + } + ] + }, + { + "type": "library", + "name": "helper-module-imports", + "group": "@babel", + "version": "7.24.3", + "bom-ref": "@babel/helper-module-imports@7.24.3", + "author": "The Babel Team", + "description": "Babel helper functions for inserting module loads", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-module-imports@7.24.3#packages/babel-helper-module-imports", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-module-imports", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-module-imports", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "be229bd05f5fdacd01092db6412177d3ccfffb5616295ffbea6c2deb5341cd2e62ccccc33f076ad694ebcdff8b8b79e90565fd29d41b91e0add6348033b959aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-module-imports" + } + ] + }, + { + "type": "library", + "name": "helper-simple-access", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-simple-access@7.22.5", + "author": "The Babel Team", + "description": "Babel helper for ensuring that access to a given value is performed through simple accesses", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-simple-access@7.22.5#packages/babel-helper-simple-access", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-simple-access", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-simple-access", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f41fdf44fcaf818a46b7fbe58d2f5ecf3afa38aca599ee5644a7543e7d2b556d48bc9f13d01013a54e608ec56ff426c4b9e9228a43ea2301eda91ca247377e7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-simple-access" + } + ] + }, + { + "type": "library", + "name": "helper-split-export-declaration", + "group": "@babel", + "version": "7.22.6", + "bom-ref": "@babel/helper-split-export-declaration@7.22.6", + "author": "The Babel Team", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.22.6#packages/babel-helper-split-export-declaration", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-split-export-declaration", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-split-export-declaration", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "02c527c6e2e1458b22b0589a270be9d5017e2372a30f914ec6eb75e2afc6ce8bd47baa2b1cb7ac5b60bb77be789119b9de1e60aabcfab0597ab31738055b44fe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-split-export-declaration" + } + ] + }, + { + "type": "library", + "name": "helpers", + "group": "@babel", + "version": "7.24.4", + "bom-ref": "@babel/helpers@7.24.4", + "author": "The Babel Team", + "description": "Collection of helper functions used by Babel transforms.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helpers@7.24.4#packages/babel-helpers", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helpers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helpers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15ec1d9596d28b06951a5813d433c0343b821da0cc88ea3e0ff2036111588c73aebfaeb131227b7d0c30383c113403e400320eff3d44a05fe5d810969560010f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helpers" + } + ] + }, + { + "type": "library", + "name": "helper-function-name", + "group": "@babel", + "version": "7.23.0", + "bom-ref": "@babel/helper-function-name@7.23.0", + "author": "The Babel Team", + "description": "Helper function to change the property 'name' of every function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-function-name@7.23.0#packages/babel-helper-function-name", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-function-name", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-function-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "384ac4aacaf18d94c97226783a8f9ea19a9e5bd50888e72e60a449038640815f66c80fa93978619a97cd08a8c41ff6ae55f11854527acb54dce2bd1e200a6a8b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-function-name" + } + ] + }, + { + "type": "library", + "name": "helper-hoist-variables", + "group": "@babel", + "version": "7.22.5", + "bom-ref": "@babel/helper-hoist-variables@7.22.5", + "author": "The Babel Team", + "description": "Helper function to hoist variables", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-hoist-variables@7.22.5#packages/babel-helper-hoist-variables", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-hoist-variables", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-hoist-variables", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c068e4f50655cef92703ac8a2145116fccd8de0ad709c399b7effb59ccbc3b6b9cb7186996650f90e76582836199d55e7b673dd895db7f5c6932d54d6dfa3147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-hoist-variables" + } + ] + }, + { + "type": "library", + "name": "helper-string-parser", + "group": "@babel", + "version": "7.24.1", + "bom-ref": "@babel/helper-string-parser@7.24.1", + "author": "The Babel Team", + "description": "A utility package to parse strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/helper-string-parser@7.24.1#packages/babel-helper-string-parser", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-helper-string-parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babel.dev/docs/en/next/babel-helper-string-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "da87d10a39e703dcbec24f1bf4801112ba1e50fd36287a78df53769a12a78b2db22880caa5bac7bfd797c26f1c05e59061c266cefe6a282bbae4fe3b78217b09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-string-parser" + } + ] + }, + { + "type": "library", + "name": "to-fast-properties", + "version": "2.0.0", + "bom-ref": "to-fast-properties@2.0.0", + "author": "Sindre Sorhus", + "description": "Force V8 to use fast properties for an object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fce68a2b4c58aecdc39b1458a8bff20dcf85c455156210e55cc8519afdf3f75e70d87175b67375a26077e788fc55418efe16d1cf20fa637b00eefec64bf71ea2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/to-fast-properties" + } + ] + }, + { + "type": "library", + "name": "gensync", + "version": "1.0.0-beta.2", + "bom-ref": "gensync@1.0.0-beta.2", + "author": "Logan Smyth", + "description": "Allows users to use generators in order to write common functions that can be both sync or async.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/gensync@1.0.0-beta.2", + "externalReferences": [ + { + "url": "git+https://github.com/loganfsmyth/gensync.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/loganfsmyth/gensync/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de137b35ab2462f3032d0639e609d6dcd43e99eb0401ea53aa583e5446e3ef3cea10c055361cdc19861ea85a3f4e5633e9e42215ca751dcb0264efa71a04bcce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/gensync" + } + ] + }, + { + "type": "library", + "name": "resolve-uri", + "group": "@jridgewell", + "version": "3.1.2", + "bom-ref": "@jridgewell/resolve-uri@3.1.2", + "author": "Justin Ridgewell", + "description": "Resolve a URI relative to an optional base URI", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/resolve-uri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/resolve-uri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6d12128022233f6d3fb5b5923d63048b9e1054f45913192e0fd9492fe508c542adc15240f305b54eb6f58ccb354455e8d42053359ff98690bd42f98a59da292b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jridgewell/resolve-uri" + } + ] + }, + { + "type": "library", + "name": "load-nyc-config", + "group": "@istanbuljs", + "version": "1.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0", + "description": "Utility function to load nyc configuration", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/load-nyc-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/load-nyc-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5637874a5233a6ffcdc83dcdd18b877d738f0c88b1700d6ad9957df30b0ca9c6253e6bf69f761bda560ff5730496768555783903b60b4de2eee95f38b900e399" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "5.3.1", + "bom-ref": "camelcase@5.3.1", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "test-exclude", + "version": "6.0.0", + "bom-ref": "test-exclude@6.0.0", + "author": "Ben Coe", + "description": "test for inclusion or exclusion of paths using globs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/test-exclude@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/istanbuljs/test-exclude.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/test-exclude/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7001963c8c8e1d4eb396683cf23c26ed54725e730dee257af0e1806d80e4fcc87fc42fe9cd53e542d63a9e0a081ffe7fb5c8ae8467ef11253c1ab1eb7310f9eb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude" + } + ] + }, + { + "type": "library", + "name": "babel__generator", + "group": "@types", + "version": "7.6.8", + "bom-ref": "@types/babel__generator@7.6.8", + "description": "TypeScript definitions for @babel/generator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__generator@7.6.8#types/babel__generator", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__generator", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__generator", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012b23fada440ec12216bd5aad6ae537a57799d7e344c66de8bb4afd5a7f92b7852e7af9407e7e0e1bc3e6720d6195f3c09bd7786abed398945dc03356ba96b7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__generator" + } + ] + }, + { + "type": "library", + "name": "babel__template", + "group": "@types", + "version": "7.4.4", + "bom-ref": "@types/babel__template@7.4.4", + "description": "TypeScript definitions for @babel/template", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel__template@7.4.4#types/babel__template", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git#types/babel__template", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/babel__template", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "87f354692c86e44cb1048a7c611c68e1131edbfa9082fca8c11c1533385884108e35b5bc3d4b20e2590532b86066151ee73dcbdcc88b0eebf227f09a3dad80f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/babel__template" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "29.6.3", + "bom-ref": "babel-preset-jest@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@29.6.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d01ddb87147ab27597259b51fd19621d30cf4609f5b0d1ce474c95b6afc8890172b8e563152fb0ba2a3f478812364c9898a989078c0666fd8d65a9e62a64e734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "29.6.3", + "bom-ref": "babel-plugin-jest-hoist@29.6.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@29.6.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/jestjs/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/jestjs/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jestjs/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "11201cfd126f193144cd1c0e4d3e3e94d0e4fc634732429b373b2f4f4a8a45f0f2c984ec931079ae75369e3203615c570811c7108d5cd18c07a1bdd6698ba33a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "ts-mocha", + "version": "10.0.0", + "bom-ref": "ts-mocha@10.0.0", + "author": "Piotr Witek", + "description": "Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-mocha@10.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/piotrwitek/ts-mocha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/piotrwitek/ts-mocha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-mocha/-/ts-mocha-10.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5517e00cefa28ae24594d075f2dcce7f2a49db5c67db16ee6720ef26faa94db5a0900803d7b38d1abf2df9397cadc06d3817635e9e5efd193e777f5fed704747" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "buffer-from", + "version": "1.1.2", + "bom-ref": "buffer-from@1.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/LinusU/buffer-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "13e5d0091c126da6a20a1b6fea4e83c2073e6f1f81b3abee2891c7979928c7f05a29b8625f3a903b02b870edb6c84946a763829a3c15853dc79b18323c69c97d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-from" + } + ] + }, + { + "type": "library", + "name": "tsconfig-paths", + "version": "3.15.0", + "bom-ref": "tsconfig-paths@3.15.0", + "author": "Jonas Kello", + "description": "Load node modules according to tsconfig paths, in run-time or via API.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tsconfig-paths@3.15.0", + "externalReferences": [ + { + "url": "git+https://github.com/dividab/tsconfig-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dividab/tsconfig-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.15.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d80736460cc37bf727e3c1af39edccfa8f36a4415ec03dd43dbca85071dd29ab07c092a376ce1f2d759ffd4c799004c128ddb4a1a146bbe8db125a75a68b349a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "group": "@types", + "version": "0.0.29", + "bom-ref": "@types/json5@0.0.29", + "author": "Jason Swearingen", + "description": "TypeScript definitions for JSON5", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/json5@0.0.29", + "externalReferences": [ + { + "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7512e30961d8838a1a03bedcc4eeb8a0efbb2700b09c8ce464f76bac2ef58d0990b6584ce79ea9c0aa396d4ceabd99dd9156de14b2088bef530b8d09345e6135" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@types/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "source-map-support", + "group": "@cspotcode", + "version": "0.8.1", + "bom-ref": "@cspotcode/source-map-support@0.8.1", + "description": "Fixes stack traces for files with source maps", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40cspotcode/source-map-support@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/node-source-map-support.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/node-source-map-support/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "21c84d7fa74de2d1e8305227ffb384f0b599d7d63aabfebb0667fabe719112ff1149b0556fd2cf27111c9f0adcc17ea2c52bda886a2898052fbb8612c57ad583" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support" + } + ] + }, + { + "type": "library", + "name": "node10", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node10@1.0.11", + "description": "A base TSConfig for working with Node 10.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node10@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0dc4630c2ba32bf90293f7147bc5f3f194a99bc992de634da6d6be8c6080e944840df92d94dbe6d7e22e67d7937036cd938d411f0a471de5be37594a0b3e333b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node10" + } + ] + }, + { + "type": "library", + "name": "node12", + "group": "@tsconfig", + "version": "1.0.11", + "bom-ref": "@tsconfig/node12@1.0.11", + "description": "A base TSConfig for working with Node 12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node12@1.0.11#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "72a79fb91b21d76a56c86b08a0128903d96e16ede6471080f8e459bc0e24b4b4b322e094b56571188b978a01303b9ff2c1614c67640418a5af9191b5cc33136a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node12" + } + ] + }, + { + "type": "library", + "name": "node14", + "group": "@tsconfig", + "version": "1.0.3", + "bom-ref": "@tsconfig/node14@1.0.3", + "description": "A base TSConfig for working with Node 14.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node14@1.0.3#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cac4fc9a1762c562ba1f0de2d55d80791a99e567d78351b8de6aa86253369dceb7f3c16ae63717cabe6646ca9588bc7f18961da0bd1b7d70fc9e617e667fc8a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node14" + } + ] + }, + { + "type": "library", + "name": "node16", + "group": "@tsconfig", + "version": "1.0.4", + "bom-ref": "@tsconfig/node16@1.0.4", + "description": "A base TSConfig for working with Node 16.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tsconfig/node16@1.0.4#bases", + "externalReferences": [ + { + "url": "git+https://github.com/tsconfig/bases.git#bases", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/tsconfig/bases#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tsconfig/bases/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf1854cb827c9727b28a71fb033975a5d778dc6261647fed3f6c1e37c4e7b506e5398f80d176d3f03264d7fa023ee38eca0fc96bbe7bac6d028077160bc39f30" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@tsconfig/node16" + } + ] + }, + { + "type": "library", + "name": "acorn-walk", + "version": "8.3.2", + "bom-ref": "acorn-walk@8.3.2", + "description": "ECMAScript (ESTree) AST walker", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@8.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "723932bf83ad34221eaa11eb7d2f354165e80813c4c51fc9eb6a3212a7a9570f16690792aa95b6ba1b8b3e1d66f5e5a10ee3a8fe35175539627ef7ac396a7fe0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/acorn-walk" + } + ] + }, + { + "type": "library", + "name": "create-require", + "version": "1.1.1", + "bom-ref": "create-require@1.1.1", + "description": "Polyfill for Node.js module.createRequire (<= v12.2.0)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/create-require@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/nuxt-contrib/create-require.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nuxt-contrib/create-require/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "75c2855f78e7d0ca486978e2b2846f7b12095442b36aaef3dab64ac5ff8c4abf5391d9879ac5389b695c2e88eb8ff14797c9a4e55c4c99803e7ed4643ffde829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/create-require" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "4.0.2", + "bom-ref": "diff@4.0.2", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@4.0.2", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c966c4a480e013722f3f871cc53394e129834f4557e7afe9931edef262860771ce073067c5681043e600b0991bd2e6a9f56834c30aa6db48613546eae0d8ec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "v8-compile-cache-lib", + "version": "3.0.1", + "bom-ref": "v8-compile-cache-lib@3.0.1", + "author": "Andrew Bradley", + "description": "Require hook for automatic V8 compile cache persistence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8-compile-cache-lib@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/cspotcode/v8-compile-cache-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/v8-compile-cache-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c1aed88f25067cd667808fefb4ad141c037e9600c2c413c2ca55571a9d33bb9f45cf96a21ad3576aadc3848a2fd3adcca2b07e55fb9f2e1dc9945d8a7532b7c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/v8-compile-cache-lib" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "3.1.1", + "bom-ref": "yn@3.1.1", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "531e328065acbb673b8ac1567bc62ed5896e266a95871a8ad9c2d735003901c0b741f6c636933b7eed18f1bff3d7aa572e7171658bd685dddf84163d0cb982e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yn" + } + ] + }, + { + "type": "library", + "name": "tsimportlib", + "version": "0.0.5", + "bom-ref": "tsimportlib@0.0.5", + "author": "Andrew Bradley", + "purl": "pkg:npm/tsimportlib@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/cspotcode/tsimportlib", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cspotcode/tsimportlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tsimportlib/-/tsimportlib-0.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9642ffc2dd80783f08fbed9d8794e45fcb912c58771262deba55094c334c5988a5f0b687b54b17e9ce61d7eb6b1d260cd4e9eb2b046b72448971e8ed8e14fad" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsimportlib" + } + ] + }, + { + "type": "library", + "name": "colors", + "group": "@colors", + "version": "1.6.0", + "bom-ref": "@colors/colors@1.6.0", + "author": "DABH", + "description": "get colors in your node.js console", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40colors/colors@1.6.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/DABH/colors.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/DABH/colors.js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/DABH/colors.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "22bf803a26eaceb22c2fa6a3b77473dcbb2407b3a23151ea96d666b296d6fd326e4d5bb238c8ab56a0248df63a2484a22c783236a89c002f00c871c6ccd77f74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@colors/colors" + } + ] + }, + { + "type": "library", + "name": "diagnostics", + "group": "@dabh", + "version": "2.0.3", + "bom-ref": "@dabh/diagnostics@2.0.3", + "author": "Arnout Kazemier", + "description": "Tools for debugging your node.js modules and event loop", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.3", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "86b9503888bb8407f3b0caa519217256e72bc77f0efa3eb088639ffff1f679cbc812a60de000c1492da22cc879505c83ba708d9e25083e4feadeb885bf8e7144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@dabh/diagnostics" + } + ] + }, + { + "type": "library", + "name": "colorspace", + "version": "1.1.4", + "bom-ref": "colorspace@1.1.4", + "author": "Arnout Kazemier", + "description": "Generate HEX colors for a given namespace.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/colorspace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/colorspace/-/colorspace-1.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "060bca262b95bb58a00541769048d10995e897ac228866d8e62a4bfe854fc26d012fdb08a4c23333c20aeefc2ec48233397315dc4cb9c3ebf1866d2b47f4cdf3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace" + } + ] + }, + { + "type": "library", + "name": "text-hex", + "version": "1.0.0", + "bom-ref": "text-hex@1.0.0", + "author": "Arnout Kazemier", + "description": "Generate a hex color from the given text", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/text-hex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bae546356ce0278ca145a3528ae6cf63b3a3212c38b30e04e54bf4c1b8e9f8ecdc6e6554febb13f2e8e07172619fdca9cec82be6f973a4fa8ff8c04129c1af6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/text-hex" + } + ] + }, + { + "type": "library", + "name": "enabled", + "version": "2.0.0", + "bom-ref": "enabled@2.0.0", + "author": "Arnout Kazemier", + "description": "Check if a certain debug flag is enabled.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00aacdf7c92ec0eccc21d022cd7188f3a505068a36e822f6d5433beb7cb587f18c489e3f38753d936625b26069c92705a3fc1b2f35902413025b8f883b7ffe39" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/enabled" + } + ] + }, + { + "type": "library", + "name": "kuler", + "version": "2.0.0", + "bom-ref": "kuler@2.0.0", + "author": "Arnout Kazemier", + "description": "Color your terminal using CSS/hex color codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/kuler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eaf671fb2a559999702da1d5c30d113bbece8353581353ccd80c70e258b4a2a78e44830ab7a652c7ccf9f6ecd82fccbdabd4b30f0b5bddaa1f7cb10c6daa3e0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/kuler" + } + ] + }, + { + "type": "library", + "name": "logform", + "version": "2.6.0", + "bom-ref": "logform@2.6.0", + "author": "Charlie Robbins", + "description": "An mutable object-based log format designed for chaining & objectMode streams.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/logform.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d6e94778d3e9ea4fcb0fc1fdd68ed56050678398b504313b1e82b155b66218589d4b5463eb9a9ccb02f15fea557c03e840912345dbca72eb0ac0eba91c254e55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/logform" + } + ] + }, + { + "type": "library", + "name": "fecha", + "version": "4.2.3", + "bom-ref": "fecha@4.2.3", + "author": "Taylor Hakes", + "description": "Date formatting and parsing", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.3", + "externalReferences": [ + { + "url": "git+https://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "38fd88514e877982898b78b4cf8035f641cc4282d5b381dcf833eaab123687f0cf6474e6fef8ec7c2e8fd1be2308ccb5e178b32c1aaf9dd43e522943efbd3b27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fecha" + } + ] + }, + { + "type": "library", + "name": "safe-stable-stringify", + "version": "2.4.3", + "bom-ref": "safe-stable-stringify@2.4.3", + "author": "Ruben Bridgewater", + "description": "Deterministic and safely JSON.stringify to quickly serialize JavaScript objects", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-stable-stringify@2.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/BridgeAR/safe-stable-stringify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/BridgeAR/safe-stable-stringify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7b66c30365894f4c31b1e55de25b033f8fb738d5fa1e931741ad5984543b494f868ef3910a64a16c2325b6bb480df9188551eb39c3ed8fe2a198305d3dd643d6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/safe-stable-stringify" + } + ] + }, + { + "type": "library", + "name": "triple-beam", + "version": "1.4.1", + "bom-ref": "triple-beam@1.4.1", + "author": "Charlie Robbins", + "description": "Definitions of levels for logging purposes & shareable Symbol constants.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/winstonjs/triple-beam.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6996e056266b83540d706f8b50b6bb9e16692536522e6fe65e71d79db01b8e63796926b4cbb57ec2fbfafb859a06da48489cd384acbe3c83f173536ad4427d9a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/triple-beam" + } + ] + }, + { + "type": "library", + "name": "one-time", + "version": "1.0.0", + "bom-ref": "one-time@1.0.0", + "author": "Arnout Kazemier", + "description": "Run the supplied function exactly one time (once)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/one-time.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e435ce8912b0b9211c43f974906085e90de37000c5bf9b52991689724fceaa454570eceeb41d77e0a4527c5d310eb2f7f4c367ab16c705b51472364885381bda" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/one-time" + } + ] + }, + { + "type": "library", + "name": "fn.name", + "version": "1.1.0", + "bom-ref": "fn.name@1.1.0", + "author": "Arnout Kazemier", + "description": "Extract names from functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/3rd-Eden/fn.name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1919e607980fc89a4085341d4994d2a7db9a3d2be5d3d2a861c310b6c07dad0a0e9b3b3d747e9f7de71c1fe67e72fe8febc1eee5b0ba263461e0087f98748d47" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fn.name" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.3.0", + "bom-ref": "string_decoder@1.3.0", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "stack-trace", + "version": "0.0.10", + "bom-ref": "stack-trace@0.0.10", + "author": "Felix Geisendörfer", + "description": "Get v8 stack traces as an array of CallSite objects.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "286cda85cee9b942a4cf232df88a807a9f9354d6ca3fe9362e6c21b9bdfd9b502c4d291a0eeb71e7a6830a8f872c3cdffc3dba0481d32563624c6d4a0098900a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-trace" + } + ] + }, + { + "type": "library", + "name": "winston-transport", + "version": "4.7.0", + "bom-ref": "winston-transport@4.7.0", + "author": "Charlie Robbins", + "description": "Base stream implementations for winston@3 and up.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.7.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a3063eb92b923b75e9f37abd88616ebed9b34856a2c60c7a83c373b0f0e861faf756fabbf8319e9e883bc7a0a85f2456766aec8df1bc9789e0c327de9588e36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/winston-transport" + } + ] + }, + { + "type": "library", + "name": "xlsx-populate", + "version": "1.21.0", + "bom-ref": "xlsx-populate@1.21.0", + "author": "Dave T. Johnson", + "description": "Excel XLSX parser/generator written in JavaScript with Node.js and browser support, jQuery/d3-style method chaining, and a focus on keeping existing workbook features and styles in tact.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xlsx-populate@1.21.0", + "externalReferences": [ + { + "url": "git+https://github.com/dtjohnson/xlsx-populate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dtjohnson/xlsx-populate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xlsx-populate/-/xlsx-populate-1.21.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2fd869bc05e857a3a2d4eca4fcd364285d33e4618d522a4e55f20fd4b98667341dc9cd7aae77f3fdf4fc6bdb25de2b2b7eb0a9426ad9a2773ea340d89ed6147" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate" + } + ] + }, + { + "type": "library", + "name": "cfb", + "version": "1.2.2", + "bom-ref": "cfb@1.2.2", + "author": "sheetjs", + "description": "Compound File Binary File Format extractor", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/cfb@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-cfb.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-cfb/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cfb/-/cfb-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "29f75466c48ec35f7f39b1166acbc13ff01ce2b799bc019ab9986ce92fe0a8d857848edc2b0be51fbba58fe74e1189dc6b86e6e121a8f02d5b4c042f9d38e040" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/cfb" + } + ] + }, + { + "type": "library", + "name": "adler-32", + "version": "1.3.1", + "bom-ref": "adler-32@1.3.1", + "author": "sheetjs", + "description": "Pure-JS ADLER-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/adler-32@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-adler32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://sheetjs.com/opensource", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-adler32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/adler-32/-/adler-32-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca7678c3f9d452fe6baec47c5141a87b5542f61663e95e6153d430d4794c0c9184270e52ed37d312b5938cccace8ceefaf461670faacdea02be2cb349c37cff8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/adler-32" + } + ] + }, + { + "type": "library", + "name": "crc-32", + "version": "1.2.2", + "bom-ref": "crc-32@1.2.2", + "author": "sheetjs", + "description": "Pure-JS CRC-32", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/crc-32@1.2.2", + "externalReferences": [ + { + "url": "git://github.com/SheetJS/js-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://sheetjs.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/SheetJS/js-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "44e9b308aad39cec326cf709029000e960568a3db71d57c654d2aaaab669bb264e1ea2b60b01d2be91aecadfd434dbda22311df17e48146a78321f887b520725" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/crc-32" + } + ] + }, + { + "type": "library", + "name": "jszip", + "version": "3.10.1", + "bom-ref": "jszip@3.10.1", + "author": "Stuart Knightley", + "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip", + "licenses": [ + { + "expression": "(MIT OR GPL-3.0-or-later)" + } + ], + "purl": "pkg:npm/jszip@3.10.1", + "externalReferences": [ + { + "url": "git+https://github.com/Stuk/jszip.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Stuk/jszip#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Stuk/jszip/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c570ef79cc93a462eba85aef92b512a31c5f248e401fb53ccf1c6d55c969b14b4c0aae09436f742d8f005b973b1a09ebfd8fe82be6d031ba8adaa9ad937a4de2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip" + } + ] + }, + { + "type": "library", + "name": "lie", + "version": "3.3.0", + "bom-ref": "lie@3.3.0", + "description": "A basic but performant promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lie@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/lie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/lie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/lie" + } + ] + }, + { + "type": "library", + "name": "immediate", + "version": "3.0.6", + "bom-ref": "immediate@3.0.6", + "description": "A cross browser microtask library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/immediate@3.0.6", + "externalReferences": [ + { + "url": "git://github.com/calvinmetcalf/immediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/immediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5d7385b72a838cd0c043155f631b85ee0f4897f21b5a69a5420d8c60a387f04c484f5aa0eb1738cf24b71da10401382cd5bb5fcf1ab5e5c894898ee08d25d119" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/immediate" + } + ] + }, + { + "type": "library", + "name": "pako", + "version": "1.0.11", + "bom-ref": "pako@1.0.11", + "description": "zlib port to javascript - fast, modularized, with browser support", + "licenses": [ + { + "expression": "(MIT AND Zlib)" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/pako.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/pako", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pako" + } + ] + }, + { + "type": "library", + "name": "core-util-is", + "version": "1.0.3", + "bom-ref": "core-util-is@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "The `util.is*` functions introduced in Node v0.12.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "externalReferences": [ + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "65006f8b50dca49e060ea6a78ee719d878f7c043b9a590d2f3d0566e472bbddc64b09a2bc140c365a997f65745929f5ac369660432e090e6c40380d6349f4561" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/core-util-is" + } + ] + }, + { + "type": "library", + "name": "isarray", + "version": "1.0.0", + "bom-ref": "isarray@1.0.0", + "author": "Julian Gruber", + "description": "Array#isArray for older browsers", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/isarray", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54b82121634ce842d0ce8ef3c26720d0d99357258a623bc878cf37ca3a74c110d39949eb33aefc7d06dc281a3a9f6089105d2cce81bfff2b60f932a56bcf402d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/isarray" + } + ] + }, + { + "type": "library", + "name": "process-nextick-args", + "version": "2.0.1", + "bom-ref": "process-nextick-args@2.0.1", + "description": "process.nextTick but always with args", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/process-nextick-args" + } + ] + }, + { + "type": "library", + "name": "setimmediate", + "version": "1.0.5", + "bom-ref": "setimmediate@1.0.5", + "author": "YuzuJS", + "description": "A shim for the setImmediate efficient script yielding API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/YuzuJS/setImmediate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3004c9759a7cb0ba8397febc2df4266cff3328f2d0355e81219a0882bb1c14343e46cbcafc1c5e0d03a0cb128aa21d32ffc87706a5459c2a90fe077eade8885c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/setimmediate" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.2.1", + "bom-ref": "sax@1.2.1", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d9adcba2f1d33a99bb355e723b23bc207aa056c7cae3e52ec92ad753c617912457ee4ea1095f5bdc7ae4282af79cca608fed1b9a871a2495a9be9d6873b64" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "xmlbuilder", + "version": "11.0.1", + "bom-ref": "xmlbuilder@11.0.1", + "author": "Ozgur Ozcitak", + "description": "An XML builder for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xmlbuilder@11.0.1", + "externalReferences": [ + { + "url": "git://github.com/oozcitak/xmlbuilder-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/oozcitak/xmlbuilder-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7c396c23f905131ee02ef6de71cd3fa212c6e747ee810a7caf21f3313b96f6f49ad462745d858a9e1b14c7ba227b71bdf3eaf9e9a4d0214078921b78d91dc9bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xmlbuilder" + } + ] + }, + { + "type": "library", + "name": "zip-lib", + "version": "1.0.4", + "bom-ref": "zip-lib@1.0.4", + "author": "fpsqdb", + "description": "zip and unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-lib@1.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/fpsqdb/zip-lib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fpsqdb/zip-lib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/zip-lib/-/zip-lib-1.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b5cc0c2d4b13fddc60110330c685add0148fdd054af6f57faf0ece46452f1ba4045bc1a06550d3873844f050de44e0f4beb306f500c52eb789f5e4ce61ce7a4f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/zip-lib" + } + ] + }, + { + "type": "library", + "name": "yauzl", + "version": "3.1.3", + "bom-ref": "yauzl@3.1.3", + "author": "Josh Wolfe", + "description": "yet another unzip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@3.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yauzl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yauzl/-/yauzl-3.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "24209d9a52495afecbd2afcaca539e93245a52b744a14c5691655c828ae8b1344e0855a24bda7634d3c4f586fdd5a93b6f53794b1019125896a6ca5b65c722bf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yauzl" + } + ] + }, + { + "type": "library", + "name": "buffer-crc32", + "version": "0.2.13", + "bom-ref": "buffer-crc32@0.2.13", + "author": "Brian J. Brennan", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/brianloveswords/buffer-crc32/raw/master/LICENSE" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54ef47b7ffa9dd237b48a5aa72b804ce319b4522584f1f90d694d00b4c2b5aa1f1d2fa49ada43a1ad1f1f2dbdc835ae52b56f2854e6071cc603a08fb0744c391" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/buffer-crc32" + } + ] + }, + { + "type": "library", + "name": "pend", + "version": "1.2.0", + "bom-ref": "pend@1.2.0", + "author": "Andrew Kelley", + "description": "dead-simple optimistic async helper", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1776acbf8d94b97721773b7ec57a9f5b538695505efa6c5ada6a88d29839c801d93ef16663763a76b49ffc643503ce9681610df4ace1fd6ae029aea219c1d72e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pend" + } + ] + }, + { + "type": "library", + "name": "yazl", + "version": "2.5.1", + "bom-ref": "yazl@2.5.1", + "author": "Josh Wolfe", + "description": "yet another zip library for node", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yazl@2.5.1", + "externalReferences": [ + { + "url": "git+https://github.com/thejoshwolfe/yazl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thejoshwolfe/yazl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yazl/-/yazl-2.5.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6110d8b63cb8879c76fa401568b7e7499da019d31a2c8fba777d697ece7223043967308d8fb19089677d3a04f4c539a1dfe6a743108f31e6a16b48e04de6faf" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yazl" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-config-service/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-browser/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/ie11-detection/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha256-js/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/supports-web-crypto/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/util@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/util/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.590.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df208b3e3aba5857c3a5d5092a4fe04b3e1e00f0d38d59275dabde30f8b64285410ac86778e9c9b15d7ab8d2a5a551757eb4c7aeb0d17ca6266da561ea7141bd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso-oidc" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.590.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7f8475bf52d29f8b8b619e6a8f80f22fa829ecf5d7cc9789b26dac7a17a2257fb9dcb485e4bed74839d056d5f5a7d4debefd21a766145944e0e906302154ae1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sts" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.588.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.588.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.588.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5736fbd71ee3a67e8a289df96de20b522f3db7c8a397aff42062e7819d341f52688f3fdfe7fc30972ec740fa73db68085d00acc7abb0dfe0a7c7a4e7b7bdb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/core" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.590.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2dfc98d1685e86c6ac3435d4fddd5357beab59d127b79997c975e4a529bd909efe13ae75bc508bf7a942b09acc3fe04585767d3c9ccdd2e5673079659f0385" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-node" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.587.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4b20e898df883abca02ee733886eff9ce1e48d45c44b9a07e53ee9f006e83bca1a90c409767b9d35789859389c4163b9d91e7553a091dbbadc30f4c678c79d60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/middleware-user-agent" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.587.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f7723b20f66dba5650a112be3b6d082786b5b325b060fce83b681cdeffbf18d65f9593d5dd0257b956c89b4a7106cbb49ff9b328650aa9238b3c868dd3df0771" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/region-config-resolver" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.587.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d471ba126f30416a8a7115ba9b7e7c9aa79b4553692fc5ebac4a13e089fbc6a90a92662d1d135560fea5726890879a59fdcfc55eef1d49c86e1485b212da9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-endpoints" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.587.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e797e0d47bf6ef9db1040c73f789526b3ad1371db14904f82c0fabc9fa697ff88624d44ab8f63106f841d974d4cfcf74831b491ba76fbbbb8d4c29824747f89" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/util-user-agent-node" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.587.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f283fe4a144088936939a3cc275448a7895f3ac959219f99332135327663460a45dd0451cc1d1c7a865790d5bab02476c1b24caef276d86a6cdcc329a61b09b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-env" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.587.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4aed524565510ae4757b7da8c57dc2d55e1ce61a4f376d1661c45f75caf6c17c07a92bf2b390eb9e6b820be2681274bfceddda7542613e5893aa97ca81274cac" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-http" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.590.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63970572200adfc548bd181978d0fb1ef14d477dad846b506fc5e8a7a70c9f7dc50bbf2ec1c448bbd1dcf7af7d5d3725099ab3e3e5e5d5653e759fab9c59f600" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-ini" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.587.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "578c53de20aa905f2e2fa402e20a81260ff66ac77f75a9acc0fd61f4709fa9396598f5b32264bef160f75638132f0e5bd0a6d3cbe65d52129cd300e7cb3933c6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-process" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.590.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bfed23fc8fa37bda247f05ec8262e9a66c0813e4ee329e56a8bcfbafb3c7cfd2a3ccbc8a68a4c3bdf965143fbca0fa41aa798e5a227da9318f92b7e107b6bf7d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-sso" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.587.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5ea231fc8d8f1bb932bb0dd68c03fdc0a971cbc22f149c01f1ab0e153d713c5a157d960a2288231bda0b3f962246d7ef0e4588ced1e683932556fdc77490c647" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/credential-provider-web-identity" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.590.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.590.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.590.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "eb16c2ea841524a0514f25f24770b5e64b14b0f3b25b8a7eb828fb76529858626f878bc64d5f0a859292e77a0f1bcb787f5f8e3095a3af9c0ab97468685b2685" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/client-sso" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.587.0", + "bom-ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.587.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.587.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "50baa16e72f2d6198935172e9003415899ae9b705b8d79eeacb3d2157a06755d259576251b9e52cc895ad9562a76f7901048e6b01b9365d16f5c0b4da664b966" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-securityhub/node_modules/@aws-sdk/token-providers" + } + ] + }, + { + "type": "library", + "name": "axios", + "version": "0.21.4", + "bom-ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "author": "Matt Zabriskie", + "description": "Promise based HTTP client for the browser and node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/axios@0.21.4", + "externalReferences": [ + { + "url": "git+https://github.com/axios/axios.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://axios-http.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/axios/axios/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/axios/-/axios-0.21.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bade6f7b0922bbc8e318176aa4ce385f18ee0a3abd2c029e1d59a855f1d5cf2f1e1e0c71abc49b01540da2f0c0f26562d3990fd046bf9ff5337121dc4c941f36" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/emass_client/node_modules/axios" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "1.1.3", + "bom-ref": "log-symbols@1.0.2|chalk@1.1.3", + "description": "Terminal string styling done right. Much color.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "53795154b31296c09f8ea60f6cbc95bf5d4cf423d6e08ef6f1de9308a300389b9e11e07dffca3e792b0c9f13c90fe43e2bdd3db1d11283b0beb489281faa27d4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "2.2.1", + "bom-ref": "log-symbols@1.0.2|ansi-styles@2.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "92609ebc582146258cec7079cd33d42e5e2bf5b5454968f3eb6321aa2cc3194aead8d5ae34c432bafe2d1c7a0a247b3af4cfcc17ae2511c1dd608a1cadd59060" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "561ba64926c1a834cff29d992ca8f8d148c1095e3ebfc6d4484a546f82a34605a4f696ea185e111058fa2846a089d6f67ff33a0330b41261720cd19ac3d382ce" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "log-symbols@1.0.2|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "2.0.0", + "bom-ref": "log-symbols@1.0.2|supports-color@2.0.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "28a355b5dea909880f20a538729dbbdf71d6602a6995085d7592c152bc9a007a2eef6df1f854734390dff36e058fe232cae8904d1a2e6f84a72057c872ba7bd2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/log-symbols/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "2.1.1", + "bom-ref": "has-ansi@2.0.0|ansi-regex@2.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c81a74e9768f84dfea42c8096e66fb440f9a79c02a8b75ecc2ca13d9cca3dcc6f169944b788be5bb38e3422a0799153dfecb935965f38e4bf05d71a9e6d4c60" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/has-ansi/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "chokidar@3.5.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chokidar/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/fast-glob/node_modules/glob-parent" + } + ] + }, + { + "type": "library", + "name": "lilconfig", + "version": "3.1.1", + "bom-ref": "postcss-load-config@4.0.2|lilconfig@3.1.1", + "author": "antonk52", + "description": "A zero-dependency alternative to cosmiconfig", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lilconfig@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/antonk52/lilconfig.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/antonk52/lilconfig#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/antonk52/lilconfig/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3b5f297fb9f2bc74dc92e9cf5825755d4357535a62bb4d72d9bec04c9d29a6452493ca1ca95581ad88c9042c070e30ff65671fcab0343f880a8735868b910835" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/postcss-load-config/node_modules/lilconfig" + } + ] + }, + { + "type": "library", + "name": "arg", + "version": "4.1.3", + "bom-ref": "ts-node@10.9.2|arg@4.1.3", + "author": "Josh Junon", + "description": "Another simple argument parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arg@4.1.3", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/arg#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e7c4bd403a86d17c76ed8c0f4adf5f2718af8d8978df6602c1f0cc7d9fbbd5102a52b65e7fb2eb2906772c72cec024b814b341a653f9df7671f3de5278e087bc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-node/node_modules/arg" + } + ] + }, + { + "type": "library", + "name": "commander", + "version": "4.1.1", + "bom-ref": "sucrase@3.35.0|commander@4.1.1", + "author": "TJ Holowaychuk", + "description": "the complete solution for node.js command-line programs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/tj/commander.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34e2a6f31864cc08f3171f01dafe4e0074febb9a5141cd9409ad95abd8d82ffdf5a36c22f66c4103b2c816cdec5795520b8f73ea91217db3142ef4a12a3dba58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/commander" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "sucrase@3.35.0|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "sucrase@3.35.0|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sucrase/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "foreground-child@3.1.1|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/foreground-child/node_modules/signal-exit" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1e72ce091def8dc63c6dea0d2ed723679fe7c67d9a7e6304ea586b0eb79ba24a8c6a9f976de5bc9fd4d7a4f0cea9d18ae6a708de84f418a4d6eb00bb10c895a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2f5f03689b17494936fb8da9bfc98bb398c94f686a164144e23db5c0e9a06d4aac67684bef636c514efce60f515e0a37b3464d815978d93887a7766d3affd5ca" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/emoji-regex" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8aae9e55523ae274104d162ad8ab44836776b94ecb125853270b07e18cc81d9b21c658199acff021ce15a03413946fc8bd522b04a1b4e82ad99e9d2abfb86471" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9f933ce797ca6f64ac7cc222145a15ac0047242f10b47c15c7e98758fdd0704a811d889e9e3e5d1d28236f1b42d161195d8b78c1c0faceb4049433e116e6607c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b22ed0588eb350cab9e9b11216f6a0b66ccc7463ada317d1f927b3d753286df73bb66f9591472493d6d6d9479f7d319551b3a4b31992c34000da0b3c83bd4d09" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6cdefdf2015f417faf8b0dd1ef2ac6591aa7acdda84641245238e5e09367e04f06c716e3b46dc56eb108218de5f3f86bc14c0878266f8b842e3933f8304ad5ba" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@isaacs/cliui/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.0", + "bom-ref": "path-scurry@1.10.2|lru-cache@10.2.0", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d9b20cf31f9501fe894f86ca0258d2d6a51680cb2a6513c6252e8549a84830f56f72d70d872569ec026eeeabb1396f63c24af205178a658e6d639258bf69ffed" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "path-scurry@1.10.2|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/path-scurry/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "tailwindcss", + "version": "3.3.0", + "bom-ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "description": "A utility-first CSS framework for rapidly building custom user interfaces.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tailwindcss@3.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/tailwindlabs/tailwindcss.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://tailwindcss.com", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tailwindlabs/tailwindcss/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "84e5e5171f98724949f245e20807e4fc5332af83e6f5c938efb1b49bfbacdb7e3856e8f7e79229a040c1e5498602c4a94c19abfb86618f35b4e09b855e46ff7f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/tailwindcss" + } + ] + }, + { + "type": "library", + "name": "postcss-import", + "version": "14.1.0", + "bom-ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "author": "Maxime Thirouin", + "description": "PostCSS plugin to import CSS files", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-import@14.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-import.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-import#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-import/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-import/-/postcss-import-14.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7e5c08f95826e1212539b1553e94c84fb494ed1dea9362fb3f276e31ca2489a54ab96bfd77f53e1a6fd001df0d0cbbb291359391cae339e0f63e9d6b31e0531b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-import" + } + ] + }, + { + "type": "library", + "name": "postcss-load-config", + "version": "3.1.4", + "bom-ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "author": "Michael Ciniawky", + "description": "Autoload Config for PostCSS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-load-config@3.1.4", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-load-config.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-load-config/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e8388ce04eefe1ca13138bb303c53ffd686d3f0ca18a29b77b28c43050a7529cdbae42bdc091e02834f6991f876ed4ab77f36e6d56984cea52a63525f0d41e46" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-load-config" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "tw-elements@1.1.0|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "postcss-nested", + "version": "6.0.0", + "bom-ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "author": "Andrey Sitnik", + "description": "PostCSS plugin to unwrap nested rules like how Sass does it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-nested@6.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-nested.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-nested#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-nested/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d0391a9aaacf7269010ec2e7faf40322bb6449b364bf9003fccdf6db24a8f64a85902218925ca6db11265a4c28f98dffa99a37e2dcc43cd530e32ef230276fe7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tw-elements/node_modules/postcss-nested" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "express@4.19.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "express@4.19.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/express/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "3.21.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "author": "Amit Gupta", + "description": "Validate XML or Parse XML to JS/JSON very fast without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@3.21.1", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-3.21.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1531558d8a013994c97a4894b1ac06b12615f502f403ecc3602463ef2df820ee8983ed8831812d41af9b6e272da5da55f1d1f15f2c2a53b0b48110c4385b4116" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/fast-xml-parser" + } + ] + }, + { + "type": "library", + "name": "htmlparser2", + "version": "7.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "author": "Felix Boehm", + "description": "Fast & forgiving HTML/XML parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/htmlparser2@7.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1fb308980e0c4ba730ee76f2511b4b3ced539acec2e47eb4d8b4444eff79cf53313bfec23fbac355139e85461e60151810e37de0d5d70c43e666eabe857e2ca2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/htmlparser2" + } + ] + }, + { + "type": "library", + "name": "domhandler", + "version": "4.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "author": "Felix Boehm", + "description": "Handler for htmlparser2 that turns pages into a dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domhandler@4.3.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1abc28c5837eb969733bcba1517465d0ffa41c4e06b553df63354b714c4f2fb28d7472a3ebabef9618b07881ea6185d6970f93f222cca78d8b9baee0870e1631" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domhandler" + } + ] + }, + { + "type": "library", + "name": "domutils", + "version": "2.8.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "author": "Felix Boehm", + "description": "Utilities for working with htmlparser2's dom", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domutils@2.8.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/domutils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/domutils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/domutils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de828e87e9ef63392088698e0a1b06299811fa0f8f1d55c740525fd3f7d1605d656d9620a5344f505dd24cf678d67d8a48ca8076c4c8ac7c041e87d4bde1dc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/domutils" + } + ] + }, + { + "type": "library", + "name": "dom-serializer", + "version": "1.4.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "author": "Felix Boehm", + "description": "render domhandler DOM nodes to a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dom-serializer@1.4.1", + "externalReferences": [ + { + "url": "git://github.com/cheeriojs/dom-renderer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/cheeriojs/dom-renderer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "547c01dca7eb70e3a47a5106d9939fc6a2d975f92297c3ed262e0ff0dd8c317b9c66adb22e9ef90a5562525395c32a071038d8538df702afb9cd63fad7e4466a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "3.0.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@3.0.1", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5a2c81aa8a26af031d146d5ed24aaf01261f9e56f4969f0ce68e45c36385ab584d671c5c364f089345e6ecbc73061ba2767641fd4b41a950a0533de404e3f9d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest@28.1.3#packages/jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest/-/jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "378193e689fc5246601f43b92d46af3115751031213532f42847d198321e647495ee9d9780ba18f6df550d480bea8fb27dd8181d5c6ecfcd46f2807d546e6ec8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/core@28.1.3#packages/jest-core", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/core/-/core-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "088281ae568a3b303b606d7d044a82c3748b22c1308d991e2737f96dda285675b86c7e5c92da9edc95fe1b6615d5a2b9bcff0df676b5206585cd8693a7a93a34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/core" + } + ] + }, + { + "type": "library", + "name": "console", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/console@28.1.3#packages/jest-console", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-console", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/console/-/console-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "40f0243f913029d2bf6f122be82d48e15b34ae6da71e200dce3fd9e57d89424ad9a3a22abc2e25759f4af79b45d0776276103c068e9e8314b35053d829c1172f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/console" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/types@28.1.3#packages/jest-types", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/types/-/types-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4728e2c8c519acacff73ece53053b5a66ef40dc225493f007964e4a147597af7b0e38c1c359407b0454e88256d8159e51450fcd853da5f2732b39f1c7f69ae55" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/types" + } + ] + }, + { + "type": "library", + "name": "jest-message-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-message-util@28.1.3#packages/jest-message-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-message-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3c5767f487b06ede7be7328f7f5dbce87b7d10fa099984fb3f4918f9189b7986765ed3abe77a432c41684d65db7758782621a25a94c10bce1f73cc4c5d031bee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-message-util" + } + ] + }, + { + "type": "library", + "name": "jest-util", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-util@28.1.3#packages/jest-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-util/-/jest-util-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5dda9fa47c29712464a3f0b7e6e2d814cd9e991025b4820a66227d7809a18ec8f40aa64c6b4a7589bd11e5f588a86867d5ad74dc379b4dba6a21a3f5a8243ab5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-util" + } + ] + }, + { + "type": "library", + "name": "reporters", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "description": "Jest's reporters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/reporters@28.1.3#packages/jest-reporters", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-reporters", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/reporters/-/reporters-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "26e032ef093141954d53f57a83dc4acc2182e4b557c7d14370004ab125e9e4c88a3c4136d78e1afef5d3103a32ce352964a7d5c29d3c5aa83903859f4cc0338e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/reporters" + } + ] + }, + { + "type": "library", + "name": "test-result", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-result@28.1.3#packages/jest-test-result", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-result", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-result/-/test-result-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "919024c67484f85a84f188d6f2036ea159240bd23b4b5aa67a797cb0670338bae8a4048ff8191c18ac215e8caa42e18e19e618d32fe2c63addfe2111a445c736" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-result" + } + ] + }, + { + "type": "library", + "name": "transform", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/transform@28.1.3#packages/jest-transform", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-transform", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/transform/-/transform-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bb9753e5d8bea0523a85f70b38719301f994c4546b8cafaf9da3f4924568c3d31dfcced5fccc6a40c3b3fd5576e5464ef29cde03d3e37d3a4ebba043bb048f40" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/transform" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "jest-worker", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-worker@28.1.3#packages/jest-worker", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-worker", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-worker/-/jest-worker-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0aa440db6d1857fea30a8f155af02dd4a2b1e9e7a4d5520730f78b11ba5c7d27e411e5b204da69ca733fa3aabe5a6c3eb0e868b369a5df8c196d25f71b5dfffe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-worker" + } + ] + }, + { + "type": "library", + "name": "convert-source-map", + "version": "1.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "author": "Thorsten Lorenz", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.9.0", + "externalReferences": [ + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "012141ba9d0ccf5bb28888c035a9f58f32d06a68bdcf53e86126428a2616d857333db7a75dce3915974164bcce4feafafa2722b8432876d982b62fa18da024d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/convert-source-map" + } + ] + }, + { + "type": "library", + "name": "jest-haste-map", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-haste-map@28.1.3#packages/jest-haste-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-haste-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dd2f914160d771c5c32925a79076bf74fc2dfb6ab003c089cd1eb5c37168602be8a373e7f2dbc6732b26305d018f4117e5162f008d8422f0b9ece9a8b5f76d28" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-haste-map" + } + ] + }, + { + "type": "library", + "name": "jest-regex-util", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-regex-util@28.0.2#packages/jest-regex-util", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-regex-util", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e2cd08832348cb4cbd14af9c8e8558a316a64fb65ea3b321cea446c7b6036266909f5c2e718f6ba2d886901cf370c5d3b63ac200ffdfedff84d05efe7f13cd77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-regex-util" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "jest-changed-files", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-changed-files@28.1.3#packages/jest-changed-files", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-changed-files", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ac68e7d45895e4da77d9b7d48fc82f2003590d7dd28b9105b2cec325aaaf26b184a534a7e66717d18199f809de0c195505fbbbfa741b347794ce00a6bb88888" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-changed-files" + } + ] + }, + { + "type": "library", + "name": "jest-config", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-config@28.1.3#packages/jest-config", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-config/-/jest-config-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "306dc836307227427802c3419bb4f786cbb1290a85222468fc052a6f5abd2d1288e5453a01aafd2476ebf48be7d535707d40fd2a2ad1a0cfd3eaef1795c40f1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-config" + } + ] + }, + { + "type": "library", + "name": "test-sequencer", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/test-sequencer@28.1.3#packages/jest-test-sequencer", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-test-sequencer", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "34830f12aa9ae7d3169c38b592f5d7a586eab1f426489b086e777ce667551a48837d0f564104d738bb2f21251fa279a7053fb0f395848277828a01047470c5c7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/test-sequencer" + } + ] + }, + { + "type": "library", + "name": "babel-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "description": "Jest plugin to use babel for transformation.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-jest@28.1.3#packages/babel-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-jest/-/babel-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a951a3ce116324ddc597d0cfec3ef0871c27bd7cc1406bff615c480a3fc9c57cd97f8e51a413db9cabd36a9191972c376e089612d14bd294f5300b44beac7e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-jest" + } + ] + }, + { + "type": "library", + "name": "jest-circus", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-circus@28.1.3#packages/jest-circus", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-circus", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-circus/-/jest-circus-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "719f9e4b9cdcefd301c2df88850862129d0e78175da5cd67f0c068d67301f00ee83cc2843be4ab7bec0768b25ec50523f586bff0d3816344444948188c1e9fa3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-circus" + } + ] + }, + { + "type": "library", + "name": "environment", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/environment@28.1.3#packages/jest-environment", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/environment/-/environment-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d5b7f8d1c3054c490ac847f9f3947d233d566b20e31e81eabedb345c5604ab228cddc1560e978ca2a28a4c017d2d261032874f52587c14aa6da0cd9870c5805c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/environment" + } + ] + }, + { + "type": "library", + "name": "expect", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect@28.1.3#packages/jest-expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "97373c0a951b4a813876a4f453e835a8e0d08c14473e908f5e2b2c5c3e264bdfac5907669a9789f73487d6b4b51c492bb0c3747dbee72ab27d822011d5ddf007" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect" + } + ] + }, + { + "type": "library", + "name": "expect", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expect@28.1.3#packages/expect", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/expect/-/expect-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "784874c67f0796cb8e07116022cb3eda65fce55012e10cb739292357bae5056963b40e28587dfb825546c8e65266f12b0d3ff2072c1974f1b0097b93bd21bce6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/expect" + } + ] + }, + { + "type": "library", + "name": "jest-snapshot", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-snapshot@28.1.3#packages/jest-snapshot", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-snapshot", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e25ccc82d88d95cdc353ff2565f9aac4ddc0603e8618b6e5fbbdab741a57bdc57ec215fb983ad113390f769d919e67c8896060d586ee15291776e17625c69f26" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-snapshot" + } + ] + }, + { + "type": "library", + "name": "dedent", + "version": "0.7.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "author": "Desmond Brand", + "description": "An ES6 string tag that strips indentation from multi-line strings", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dedent@0.7.0", + "externalReferences": [ + { + "url": "git://github.com/dmnd/dedent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dmnd/dedent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dmnd/dedent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/dedent/-/dedent-0.7.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "43a7ca50faa7007032862520154ec15332e2bf491df2c687f5a97bb67bb943fa248fa767ba9c724e01480635732404dd7c8026f4d02cbd73738da29af9bc55c8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dedent" + } + ] + }, + { + "type": "library", + "name": "jest-each", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "author": "Matt Phillips", + "description": "Parameterised tests for Jest", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-each@28.1.3#packages/jest-each", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-each", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-each/-/jest-each-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6ab4f5cf8b20db2001539ba880e6d53ef4a548c4250c0e3ca30c74ec10cf0226ac5b4c98a581d83a8e071cbcfdab4055cc3554e2120b163cc9c344a8f5a08bfe" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-each" + } + ] + }, + { + "type": "library", + "name": "jest-get-type", + "version": "28.0.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "description": "A utility function to get the type of a value", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-get-type@28.0.2#packages/jest-get-type", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-get-type", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-28.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8a88f6c3dfc3c526077ce9b994928275c0263c9cd05e66ccfd4ae5deb865821acfbd3dedb7eedaffea1773d6b390a98bbe88978ed57cddb116aa2fafb399e53c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-get-type" + } + ] + }, + { + "type": "library", + "name": "pretty-format", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "author": "James Kyle", + "description": "Stringify any JavaScript value.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-format@28.1.3#packages/pretty-format", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/pretty-format", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/pretty-format/-/pretty-format-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f2015bfd3a343a6c4747df994dbd780dfdaf371746097f20d71586513a94c394e266f7107f9b0728e6dde5470fc8b2f2a303700c03131775d6386d41ea6c65d5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/pretty-format" + } + ] + }, + { + "type": "library", + "name": "jest-matcher-utils", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "description": "A set of utility functions for expect and related packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-matcher-utils@28.1.3#packages/jest-matcher-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-matcher-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "910789eea1de98a7dbccaa068c71eb44a1fa6ad831324f049e493688f4375f03baa04fca603f253183b388291e481f46e1a74f3389d1d4313c4dfe497961fa07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-matcher-utils" + } + ] + }, + { + "type": "library", + "name": "jest-runtime", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runtime@28.1.3#packages/jest-runtime", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runtime", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "354fbcf3549c05040b7352471b9789194ed48b790b2ab9b008f3ed62c26d072922c6b3363a15509693261562633320df7641a004c3635c2181fde6f3b2034643" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runtime" + } + ] + }, + { + "type": "library", + "name": "jest-environment-node", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-environment-node@28.1.3#packages/jest-environment-node", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-environment-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba03fa5ce844a6300484662fa795e3f7cf67b39701d4ae99763058b92df4ba64f80901044dac5288f719fc4d64164b57e0692b70ce2abb4ec82250d85f5829f8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-environment-node" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/fake-timers@28.1.3#packages/jest-fake-timers", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-fake-timers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ffc0e90bd8f387bf9da1fa89393a3ff580e1bd1d2cb07683ed16c44252694220b5cd9f97885a67277770c88969499e91af42d99a8ea04ff79122d048a6c5f2f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/fake-timers" + } + ] + }, + { + "type": "library", + "name": "jest-mock", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-mock@28.1.3#packages/jest-mock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-mock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-mock/-/jest-mock-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a372768ebe9d30c598547e0b87f34a9835dda2caec2608b802f892f285cbba3723a423016f514cb1b9439ce5ca64a7d28872f162e6f5792d081ee457b22a3d78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-mock" + } + ] + }, + { + "type": "library", + "name": "jest-resolve", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve@28.1.3#packages/jest-resolve", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6755b7b538c4e9068d23dd2aa3f049a5f9efa71b5a153170e420e0c29c84fcacfc53fd3a3751e37f889af6ab94842877f6a206585d59bb1162062250c1211829" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve" + } + ] + }, + { + "type": "library", + "name": "jest-runner", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-runner@28.1.3#packages/jest-runner", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-runner", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-runner/-/jest-runner-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a4330e03ff451277ad8e54ed281208e7db74ccf9825ad94d96bb9cf3f71b1007533158a0ce96b9f290fc6732c374b6726595f2cf8a71d391aeb5bb44216b104" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-runner" + } + ] + }, + { + "type": "library", + "name": "jest-validate", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-validate@28.1.3#packages/jest-validate", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-validate", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-validate/-/jest-validate-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4996ce181584b1a4f104608ea6c45695796f364bd3918d17c517e1ef3626bddf2e2f9433ca0d021c05e25ca44e7e587cd35aae03afbf0ec4f83830ed84e0bf38" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-validate" + } + ] + }, + { + "type": "library", + "name": "jest-resolve-dependencies", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-resolve-dependencies@28.1.3#packages/jest-resolve-dependencies", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-resolve-dependencies", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9ad103b64345f342834fa2e31b09cec1bedb1e9bc7908153cd9309fd2e74be4769fc0da5433cbfd4d609e00b42d39754585c9534b896b604c0b60db4df16b1c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-resolve-dependencies" + } + ] + }, + { + "type": "library", + "name": "resolve.exports", + "version": "1.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "author": "Luke Edwards", + "description": "A tiny (813b), correct, general-purpose, and configurable \"exports\" resolver without file-system reliance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve.exports@1.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/lukeed/resolve.exports.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/lukeed/resolve.exports/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fcdb691cd0cdee35a101a43d06f054619e984d7b110607ea58558fec16416a83093bf2371b9385cef4ee58d9590b768f8e29ecd45f9336b2cab066c7e2b7ec45" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/resolve.exports" + } + ] + }, + { + "type": "library", + "name": "emittery", + "version": "0.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "author": "Sindre Sorhus", + "description": "Simple and modern async event emitter", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emittery@0.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/emittery.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/emittery#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/emittery/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/emittery/-/emittery-0.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6884ea3b09cb6a7a472cd5d924435b3a08d405e1e8703fb1b1226636b8e8bca056e476d2a56dddd69125b3b18540f5165e2c06f7ed0fe06b477c4a82ff833423" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/emittery" + } + ] + }, + { + "type": "library", + "name": "jest-docblock", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-docblock@28.1.1#packages/jest-docblock", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-docblock", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "df06b2055362398c7473001b97daf09b990a14ff321c7dddfdf90468bd3634f4e40e88cfb6178607b1d9485638c335fe0f1cabbe15f3d0a482564b260a49c2b8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-docblock" + } + ] + }, + { + "type": "library", + "name": "jest-leak-detector", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-leak-detector@28.1.3#packages/jest-leak-detector", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-leak-detector", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58554986742c88ab43128e651b698cd2fe344169c133eccc7471f226cf00599ec9d106494b9f4cb3229e2475a1a416411f7d92e3c14e56f1b23854f58740e5a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-leak-detector" + } + ] + }, + { + "type": "library", + "name": "jest-watcher", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-watcher@28.1.3#packages/jest-watcher", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-watcher", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b78a9caa3f61cdefa3be214f50ddd802d0047859ebfdacc84d740430045fe5c330298d923014670904d72e2c53976d0e47a98b87d28b32b8152602484b29bed6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-watcher" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "9.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@9.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "04f4b8ca7256fe8f763d4478c20ae2cf651de60a524f9bf3e8641f322c440cad19f19094bf633b4a404bca41f9e93fbe5ecfbc967f734c66cebcd1887b4dbf8f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/fake-timers" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "1.8.6", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@1.8.6", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2b2f9790092a3d94a6dcd2c17949e0efb101425ddc99e2612136861dd607f248d507e6ae9f74b85c146d8b6cedd7b9adb7498850388dc587a8266e9dad5bc125" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinonjs/commons" + } + ] + }, + { + "type": "library", + "name": "globals", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/globals@28.1.3#packages/jest-globals", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-globals", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/globals/-/globals-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5c55383f8a61cabc825eed696dca8c3b419241c61ed48b1a958083cd137285eb727b2c4c708c5ad75a8f343a5534b7ab7ad22d36a126618427d54633ff9c7534" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/globals" + } + ] + }, + { + "type": "library", + "name": "source-map", + "group": "@jest", + "version": "28.1.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/source-map@28.1.2#packages/jest-source-map", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-source-map", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/source-map/-/source-map-28.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "715f0bc7705e4ad25bf22a4f1e7a95c3f20cd9508c58eddcad6673628752224c579d1717262a42771d4908ad0ae4cb09268b994131fbde6cdfe2f83145a1fdc3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/source-map" + } + ] + }, + { + "type": "library", + "name": "expect-utils", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/expect-utils@28.1.3#packages/expect-utils", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/expect-utils", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c2f6e2f4b52b1c92e7dcd9435bac05da1bc832d77825497640d56b8eaf880521e2ae07eb477a3d46756dc7374418eda7f49c885b01e72df6f2e4acea04683660" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/expect-utils" + } + ] + }, + { + "type": "library", + "name": "jest-diff", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-diff@28.1.3#packages/jest-diff", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-diff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-diff/-/jest-diff-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f11a8fd41fce5f38e34d692a317ebb8aa830055251802c8a0f72fd9eafba66a24c76f8c4f1180792da99ea336b91d313f9d26e60d237ae1429c5acfb76b2477f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-diff" + } + ] + }, + { + "type": "library", + "name": "diff-sequences", + "version": "28.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "description": "Compare items in two sequences to find a longest common subsequence", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/diff-sequences@28.1.1#packages/diff-sequences", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/diff-sequences", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-28.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "154d2215a1ff136ddaf9aef5f25f106bfd7d6c5f69d3a9201342a2a4c38c69dc1add28e768494accf6940b4be789bb3afc1ffd9e2f7bb3ad6671e8e4f16d5f43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/diff-sequences" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "schemas", + "group": "@jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jest/schemas@28.1.3#packages/jest-schemas", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-schemas", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jest/schemas/-/schemas-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fe5fd55ac76dfda057823b212d6385c85b77215758ca9bb9cb65a7dab38ed6e9fa9e4a889fc48b5f38083185c5c98b11583c85e44b6198a24c21d26f934f20ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@jest/schemas" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "typebox", + "group": "@sinclair", + "version": "0.24.51", + "bom-ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51", + "author": "sinclairzx81", + "description": "JSONSchema Type Builder with Static Type Resolution for TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sinclair/typebox@0.24.51", + "externalReferences": [ + { + "url": "git+https://github.com/sinclairzx81/typebox.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinclairzx81/typebox/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.24.51.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d4fd4e44e9bfaddb9b3f96850d265020b534beb2c22787ef1ede84a2a1c433ed83fc6e4c2b76c86b299428b8adf09b3d81b9ece54c899e43ff4d944e2f0e2d50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/@sinclair/typebox" + } + ] + }, + { + "type": "library", + "name": "jest-cli", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "description": "Delightful JavaScript Testing.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jest-cli@28.1.3#packages/jest-cli", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/jest-cli", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://jestjs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jest-cli/-/jest-cli-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae863792faefe7b0339f5c8f81d4de6cf017bdd476c5f7b368a298cd5c59e88b7fe4d0b1cc9ca6ead508e4fd7391d5a17d4624c4423db9959c41d6852e8f2625" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/jest-cli" + } + ] + }, + { + "type": "library", + "name": "ts-jest", + "version": "28.0.8", + "bom-ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "author": "Kulshekhar Kabra", + "description": "A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-jest@28.0.8", + "externalReferences": [ + { + "url": "git+https://github.com/kulshekhar/ts-jest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://kulshekhar.github.io/ts-jest", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kulshekhar/ts-jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-jest/-/ts-jest-28.0.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e45686d255e644fcc0a62c7ca051bc44a8c0cf87a1b66f3230a393cb91d7ddf63a5bc926bceae6718d212831255b9d85268bfe7258546eb280aa87e78f89974e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/ts-jest" + } + ] + }, + { + "type": "library", + "name": "babel-preset-jest", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-preset-jest@28.1.3#packages/babel-preset-jest", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-preset-jest", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2fe7eea49be55801db41f9fbe1ca0d5f7cdfeb42d7309b1eccdbefc7c78887b88e47596e275a68c5881093517c3d8b4dabfe903830c70aab129d3152582e3dd4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-preset-jest" + } + ] + }, + { + "type": "library", + "name": "babel-plugin-jest-hoist", + "version": "28.1.3", + "bom-ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-plugin-jest-hoist@28.1.3#packages/babel-plugin-jest-hoist", + "externalReferences": [ + { + "url": "git+https://github.com/facebook/jest.git#packages/babel-plugin-jest-hoist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/facebook/jest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/facebook/jest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-28.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "62cded50a0267e79115293dda5af7c798ac04749d5fac4855196441ae43611b15dd72e1238bb43e500cd1c0abe6dbf5af9b6d7bd8402e1bf880ff4c720c714e9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/babel-plugin-jest-hoist" + } + ] + }, + { + "type": "library", + "name": "typescript", + "version": "4.9.5", + "bom-ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "author": "Microsoft Corp.", + "description": "TypeScript is a language for application scale JavaScript development", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/typescript@4.9.5", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/TypeScript.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/typescript/-/typescript-4.9.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d455e4f44d879be433650ef3f8c7098872f8356d45d84cccbbd36af62df301a1aa89b69fa98c02554e96c9602ec90451cce971a2ef31652c972c437ca0a8f6e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/typescript" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yaml", + "version": "1.10.2", + "bom-ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2", + "author": "Eemeli Aro", + "description": "JavaScript parser and stringifier for YAML", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yaml@1.10.2", + "externalReferences": [ + { + "url": "git+https://github.com/eemeli/yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eemeli.org/yaml/v1/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eemeli/yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "af7bd7c84ad109827bc20dbccaf058e554a8005f19be5716f7f07053312d52c8ef5ff0cab36e1d224bb08edba9af02491ec6f251b2c0a5ea584d1d41378b87ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/yaml" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "chalk@4.1.2|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/chalk/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "glob@7.2.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "glob@7.2.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/glob/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/core@7.24.4|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/core/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/istanbul-lib-report/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/supports-hyperlinks/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "istanbul-lib-instrument", + "version": "5.2.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "author": "Krishnan Anantheswaran", + "description": "Core istanbul API for JS code coverage", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/istanbul-lib-instrument@5.2.1#packages/istanbul-lib-instrument", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git#packages/istanbul-lib-instrument", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://istanbul.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/istanbuljs/istanbuljs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a73aada77d672effd714ecd71aebe109bf2a863993568e6f8d5935f571380919525b3d0aa1e2776f0f57b00ee73a9f5805fe2a1e3c01c640f329c304fc9dbd62" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/babel-plugin-istanbul/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "2.0.0", + "bom-ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "529cdc2c25e895459c36ee47b5530761d5c98c0ae3b05f42d1a367aae658638b96fd5bb49a2cb96285af6d5df8e476ae56f700527a51ba130c72a4dc18e636fb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/stack-utils/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "2.5.2", + "bom-ref": "@babel/generator@7.24.4|jsesc@2.5.2", + "author": "Mathias Bynens", + "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsesc@2.5.2", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/generator/node_modules/jsesc" + } + ] + }, + { + "type": "library", + "name": "globals", + "version": "11.12.0", + "bom-ref": "@babel/traverse@7.24.1|globals@11.12.0", + "author": "Sindre Sorhus", + "description": "Global identifiers from different JavaScript environments", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globals@11.12.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globals.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globals#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globals/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/traverse/node_modules/globals" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "yargs@17.7.2|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.12", + "bom-ref": "js-beautify@1.15.1|glob@10.3.12", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.12", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-10.3.12.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4c236ff2f27ec73e108aa4e97ce240ec7bd8bfeb4d2111ca7d45b0feafafda376037879bcfe298f6d1b1e49e2b1cfd28f3898d3fe0291fae87457f2eb372a1aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/glob" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.0.4", + "bom-ref": "js-beautify@1.15.1|minipass@7.0.4", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d8a1f2cce436a6f76efdadd916cea1e8cd4a38c9b8dd6660ac0c778fcb957f3db05c54c892651f7b826032e396aa8bc08ad651b6102777e7a154f3a6af7f051" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/js-beautify/node_modules/minipass" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.1", + "bom-ref": "editorconfig@1.0.4|minimatch@9.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d235a12690ff31d84f5f03ee8919026df61f48aa76aa79f678e736efda88edffa8b25fe5fa9aca4abbe1835e7bcd262fc7fd679a09f636a753ea4d99ef3487f7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/editorconfig/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/core@3.26.9|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/core@3.26.9|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@oclif/core@3.26.9|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@oclif/core@3.26.9|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/core/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.3.2", + "bom-ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "79546a0af56565bbb0dc6acceb7a2f352340780d4ad7a91a47f2d163ff76c34cf1439ff5633c1b9545fae768b85ecf51c001a35bd77dcba5fcf2df0e68025f59" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/simple-swizzle/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "jake@10.8.7|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "jake@10.8.7|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jake/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.1.6", + "bom-ref": "filelist@1.0.4|minimatch@5.1.6", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.1.6", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "94ac15ff56eba46ea6054147b5becd526b400426f65996669b6c0d88e0398406fc55d092e01dddb4c5b2bdca1589c730016fc23844635cbb74ccfd735d4376ea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/filelist/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.13", + "bom-ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.13", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.13.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ba0f02654089a6181eb5265581de07420c9ec256151861b52c87855c6c63818b2367f7f92379d20a3ef1a403040ea8d50ff970992ba3b55c1aeedbc480b1880b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-9.4.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54bfa536b128217c30d5ca0b3ce9a21262bfd2c1a2824a3908ec48d3d2b31dcd9525726c437ed4690fbcaaebb18c3780efe2a72c64d647239748b2d1d966f88f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-help/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-11.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "206374200c26843270cb5dd673c93ee0f11b4cf86926732d7d1e7765b3b28e4be611c2d2e270b0a7a9af3168d2e6c5237a25b79a9c7a7079ae84a12ef5799c43" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-package-arg" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83cf8e9d4fcbdaffb0ca254af83e5f037e09ec41fc8d9f030e5bf085108cc66323ed4081bf188ed6619e37edfa25720a178cdebd4e2444177c955806f6f2de94" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/proc-log" + } + ] + }, + { + "type": "library", + "name": "npm-run-path", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "author": "Sindre Sorhus", + "description": "Get your PATH prepended with locally installed binaries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-run-path@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/npm-run-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/npm-run-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a69c13b62259ab43bf6a2d33ef27ee76d069588a3133cc84ea71e2d57e3b785476116391a9f6eee829cf94db2378debcdde4f4a86e87fcfc9ff5f09cbe39e79d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path" + } + ] + }, + { + "type": "library", + "name": "object-treeify", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "author": "Lukas Siemon", + "description": "Stringify Object as tree structure", + "licenses": [ + { + "license": { + "id": "MIT" + } + }, + { + "license": { + "id": "MIT", + "url": "https://github.com/blackflux/object-treeify/blob/master/LICENSE" + } + } + ], + "purl": "pkg:npm/object-treeify@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/blackflux/object-treeify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/blackflux/object-treeify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/blackflux/object-treeify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/object-treeify/-/object-treeify-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "63ab60e6b1dfb1e7d291f2ae8efd92c07ba522744ecbfac22f9178c3440e5b1badf009f16317f46263614e1f7965fcb1a6cb9da3aeaeaa4bb1d000859f231281" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/object-treeify" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a5698c846f4ec33f16022a12b3a65096049b6fc5971932b2fee1492b4d22471cfc99538998613bf7a9a39eefb1fb10e0cb492a2901414073a5bc538caabec72" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2e907fe7807eff627986a43b8a66477dd537d4e96042ac7b6627159649bd93383dff0f0628b11c15f265fedec30840ee78ec81003eb3082c133ba173b3436811" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/isexe" + } + ] + }, + { + "type": "library", + "name": "yarn", + "version": "1.22.22", + "bom-ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22", + "description": "📦🐈 Fast, reliable, and secure dependency management.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/yarn@1.22.22", + "externalReferences": [ + { + "url": "git+https://github.com/yarnpkg/yarn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yarnpkg/yarn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yarnpkg/yarn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/yarn" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "hosted-git-info@7.0.2|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f61a77569dbf845414888c0aa3c5c2785567ae0f0f9374d834f211eed2400ca8b961f705eef11a2bb6af1474e54b2de438a61a25069a95f128e98b9775c78139" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/hosted-git-info/node_modules/lru-cache" + } + ] + }, + { + "type": "library", + "name": "string-locale-compare", + "group": "@isaacs", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "author": "Isaac Z. Schlueter", + "description": "Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/string-locale-compare@1.1.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/string-locale-compare.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/string-locale-compare.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/string-locale-compare/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/string-locale-compare" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arborist", + "group": "@npmcli", + "version": "7.5.2", + "bom-ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "author": "GitHub Inc.", + "description": "Manage node_modules trees", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/arborist@7.5.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/arborist", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/arborist", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/arborist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs", + "group": "@npmcli", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "author": "GitHub Inc.", + "description": "filesystem utilities for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/fs@3.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "installed-package-contents", + "group": "@npmcli", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "author": "GitHub Inc.", + "description": "Get the list of files installed in a package in node_modules, including bundled dependencies", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/installed-package-contents@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/installed-package-contents.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/installed-package-contents.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/installed-package-contents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/installed-package-contents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/installed-package-contents" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-bundled", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-bundled@3.0.1", + "author": "GitHub Inc.", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-bundled.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-bundled.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-bundled" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-normalize-package-bin", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "author": "GitHub Inc.", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-normalize-package-bin.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-normalize-package-bin" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "map-workspaces", + "group": "@npmcli", + "version": "3.0.6", + "bom-ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "author": "GitHub Inc.", + "description": "Retrieves a name:pathname Map for a given workspaces config", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/map-workspaces@3.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/map-workspaces.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/map-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/map-workspaces#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/map-workspaces/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/map-workspaces" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "metavuln-calculator", + "group": "@npmcli", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "author": "GitHub Inc.", + "description": "Calculate meta-vulnerabilities from package security advisories", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/metavuln-calculator@7.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/metavuln-calculator.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/metavuln-calculator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/metavuln-calculator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/metavuln-calculator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cacache", + "version": "18.0.3", + "bom-ref": "npm@10.8.0|cacache@18.0.3", + "author": "GitHub Inc.", + "description": "Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cacache@18.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cacache.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cacache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cacache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cacache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cacache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-parse-even-better-errors", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "author": "GitHub Inc.", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-even-better-errors@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/json-parse-even-better-errors.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/json-parse-even-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/json-parse-even-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-parse-even-better-errors" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "pacote", + "version": "18.0.6", + "bom-ref": "npm@10.8.0|pacote@18.0.6", + "author": "GitHub Inc.", + "description": "JavaScript package downloader", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/pacote@18.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/pacote.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/pacote.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/pacote#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/pacote/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/pacote" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|proc-log@4.2.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@4.2.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "7.6.2", + "bom-ref": "npm@10.8.0|semver@7.6.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.6.2?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/semver" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "name-from-folder", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "author": "GitHub Inc.", + "description": "Get the package name from a folder path", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/name-from-folder@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/name-from-folder.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/name-from-folder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/name-from-folder#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/name-from-folder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/name-from-folder" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "group": "@npmcli", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "author": "GitHub Inc.", + "description": "Tools for dealing with node-gyp packages", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/node-gyp@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-gyp.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "package-json", + "group": "@npmcli", + "version": "5.1.0", + "bom-ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "author": "GitHub Inc.", + "description": "Programmatic API to update package.json", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/package-json@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "query", + "group": "@npmcli", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|@npmcli/query@3.1.0", + "author": "GitHub Inc.", + "description": "npm query parser and tools", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/query@3.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/query.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/query.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/query#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/query/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/query" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "postcss-selector-parser", + "version": "6.0.16", + "bom-ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.0.16?vcs_url=git%2Bhttps%3A//github.com/postcss/postcss-selector-parser.git", + "externalReferences": [ + { + "url": "git+https://github.com/postcss/postcss-selector-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/postcss/postcss-selector-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/postcss-selector-parser" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cssesc", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|cssesc@3.0.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cssesc@3.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/cssesc.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/cssesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/cssesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/cssesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cssesc" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-deprecate", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|util-deprecate@1.0.2", + "author": "Nathan Rajlich", + "description": "The Node.js `util.deprecate()` function with browser support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2?vcs_url=git%3A//github.com/TooTallNate/util-deprecate.git", + "externalReferences": [ + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/util-deprecate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "redact", + "group": "@npmcli", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@npmcli/redact@2.0.0", + "author": "GitHub Inc.", + "description": "Redact sensitive npm information from output", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/redact@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/redact.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/redact.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/redact#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/redact/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/redact" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "run-script", + "group": "@npmcli", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "author": "GitHub Inc.", + "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/run-script@8.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/run-script.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/run-script.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/run-script#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/run-script/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/run-script" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bin-links", + "version": "4.0.4", + "bom-ref": "npm@10.8.0|bin-links@4.0.4", + "author": "GitHub Inc.", + "description": "JavaScript package binary linker", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/bin-links@4.0.4?vcs_url=git%2Bhttps%3A//github.com/npm/bin-links.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/bin-links.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/bin-links#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/bin-links/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/bin-links" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cmd-shim", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|cmd-shim@6.0.3", + "author": "GitHub Inc.", + "description": "Used in npm for command line application support", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cmd-shim@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-cmd-shim", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|read-cmd-shim@4.0.0", + "author": "GitHub Inc.", + "description": "Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-cmd-shim@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/read-cmd-shim.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-cmd-shim.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-cmd-shim/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-cmd-shim" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "write-file-atomic", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|write-file-atomic@5.0.1", + "author": "GitHub Inc.", + "description": "Write files in an atomic fashion w/configurable ownership", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/write-file-atomic@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/write-file-atomic.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/write-file-atomic.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/write-file-atomic", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/write-file-atomic/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/write-file-atomic" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "common-ancestor-path", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|common-ancestor-path@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Find the common ancestor of 2 or more paths on Windows or Unix", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/common-ancestor-path@1.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/common-ancestor-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/common-ancestor-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/common-ancestor-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/common-ancestor-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|hosted-git-info@7.0.2", + "author": "GitHub Inc.", + "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-stringify-nice", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|json-stringify-nice@1.1.4", + "author": "Isaac Z. Schlueter", + "description": "Stringify an object sorting scalars before objects, and defaulting to 2-space indent", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-nice@1.1.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/json-stringify-nice.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/json-stringify-nice.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/json-stringify-nice/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/json-stringify-nice" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "lru-cache", + "version": "10.2.2", + "bom-ref": "npm@10.8.0|lru-cache@10.2.2", + "author": "Isaac Z. Schlueter", + "description": "A cache object that deletes the least-recently-used items.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/lru-cache@10.2.2?vcs_url=git%3A//github.com/isaacs/node-lru-cache.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-lru-cache.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-lru-cache/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/lru-cache" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "9.0.4", + "bom-ref": "npm@10.8.0|minimatch@9.0.4", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@9.0.4?vcs_url=git%3A//github.com/isaacs/minimatch.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "nopt", + "version": "7.2.1", + "bom-ref": "npm@10.8.0|nopt@7.2.1", + "author": "GitHub Inc.", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@7.2.1?vcs_url=git%2Bhttps%3A//github.com/npm/nopt.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/nopt.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/nopt#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/nopt" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-install-checks", + "version": "6.3.0", + "bom-ref": "npm@10.8.0|npm-install-checks@6.3.0", + "author": "GitHub Inc.", + "description": "Check the engines and platform fields in package.json", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-install-checks@6.3.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-install-checks.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-install-checks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-install-checks#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-install-checks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-install-checks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-package-arg", + "version": "11.0.2", + "bom-ref": "npm@10.8.0|npm-package-arg@11.0.2", + "author": "GitHub Inc.", + "description": "Parse the things that can be arguments to `npm install`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-package-arg@11.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-package-arg.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-package-arg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-package-arg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-package-arg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-package-arg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-pick-manifest", + "version": "9.0.1", + "bom-ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "author": "GitHub Inc.", + "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-pick-manifest@9.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-pick-manifest.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-pick-manifest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-pick-manifest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-pick-manifest" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-registry-fetch", + "version": "17.0.1", + "bom-ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "author": "GitHub Inc.", + "description": "Fetch-based http client for use with npm registry APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-registry-fetch@17.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-registry-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-registry-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-registry-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-registry-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-conflict-json", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "author": "GitHub Inc.", + "description": "Parse a JSON string that has git merge conflicts, resolving if possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/parse-conflict-json@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/parse-conflict-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/parse-conflict-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/parse-conflict-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/parse-conflict-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proggy", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|proggy@2.0.0", + "author": "GitHub Inc.", + "description": "Progress bar updates at a distance", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proggy@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proggy.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proggy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proggy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proggy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/proggy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-all-reject-late", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-all-reject-late@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like Promise.all, but save rejections until all promises are resolved", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-all-reject-late@1.0.1", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-all-reject-late" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-call-limit", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|promise-call-limit@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-call-limit@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/promise-call-limit.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/promise-call-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/promise-call-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-call-limit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read-package-json-fast", + "version": "3.0.2", + "bom-ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "author": "GitHub Inc.", + "description": "Like read-package-json, but faster", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read-package-json-fast@3.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/read-package-json-fast.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read-package-json-fast.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read-package-json-fast/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read-package-json-fast" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ssri", + "version": "10.0.6", + "bom-ref": "npm@10.8.0|ssri@10.0.6", + "author": "GitHub Inc.", + "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ssri@10.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/ssri.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ssri.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ssri#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ssri/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ssri" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "treeverse", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|treeverse@3.0.0", + "author": "GitHub Inc.", + "description": "Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/treeverse@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/treeverse.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/treeverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/treeverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/treeverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/treeverse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "walk-up-path", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|walk-up-path@3.0.1", + "author": "Isaac Z. Schlueter", + "description": "Given a path string, return a generator that walks up the path, emitting each dirname.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/walk-up-path@3.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/walk-up-path.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/walk-up-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/walk-up-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/walk-up-path" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config", + "group": "@npmcli", + "version": "8.3.2", + "bom-ref": "npm@10.8.0|@npmcli/config@8.3.2", + "author": "GitHub Inc.", + "description": "Configuration management for the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/config@8.3.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/config", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/config", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/config" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|ci-info@4.0.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@4.0.0?vcs_url=git%2Bhttps%3A//github.com/watson/ci-info.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ini", + "version": "4.1.2", + "bom-ref": "npm@10.8.0|ini@4.1.2", + "author": "GitHub Inc.", + "description": "An ini encoder/decoder for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@4.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/ini.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ini.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ini#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ini/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ini" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "10.3.15", + "bom-ref": "npm@10.8.0|glob@10.3.15", + "author": "Isaac Z. Schlueter", + "description": "the most correct and second fastest glob implementation in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@10.3.15?vcs_url=git%3A//github.com/isaacs/node-glob.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/glob" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "git", + "group": "@npmcli", + "version": "5.0.7", + "bom-ref": "npm@10.8.0|@npmcli/git@5.0.7", + "author": "GitHub Inc.", + "description": "a util for spawning git from npm CLI contexts", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/git@5.0.7?vcs_url=git%2Bhttps%3A//github.com/npm/git.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/git.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/git#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/git/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/git" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-spawn", + "group": "@npmcli", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "author": "GitHub Inc.", + "description": "spawn processes the way the npm cli likes to do", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/promise-spawn@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promise-spawn.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promise-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promise-spawn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promise-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/promise-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-inflight", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|promise-inflight@1.0.1", + "author": "Rebecca Turner", + "description": "One promise for multiple requests in flight to avoid async duplication", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promise-inflight@1.0.1?vcs_url=git%2Bhttps%3A//github.com/iarna/promise-inflight.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/promise-inflight.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/promise-inflight#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/promise-inflight/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-inflight" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promise-retry", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|promise-retry@2.0.1", + "author": "IndigoUnited", + "description": "Retries a function that returns a promise, leveraging the power of the retry module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise-retry@2.0.1?vcs_url=git%3A//github.com/IndigoUnited/node-promise-retry.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/node-promise-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/node-promise-retry/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promise-retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|which@4.0.0", + "author": "GitHub Inc.", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-which.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|normalize-package-data@6.0.1", + "author": "GitHub Inc.", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@6.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "node-gyp", + "version": "10.1.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0", + "author": "Nathan Rajlich", + "description": "Node.js native addon build tool", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-gyp@10.1.0?vcs_url=git%3A//github.com/nodejs/node-gyp.git", + "externalReferences": [ + { + "url": "git://github.com/nodejs/node-gyp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/node-gyp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/node-gyp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf", + "group": "@sigstore", + "version": "2.3.3", + "bom-ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "author": "bdehamer@github.com", + "description": "Client for the Sigstore TUF repository", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/tuf@2.3.3?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/tuf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/tuf" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "protobuf-specs", + "group": "@sigstore", + "version": "0.3.2", + "bom-ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/protobuf-specs@0.3.2?vcs_url=git%2Bhttps%3A//github.com/sigstore/protobuf-specs.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/protobuf-specs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/protobuf-specs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/protobuf-specs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tuf-js", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|tuf-js@2.2.1", + "author": "bdehamer@github.com", + "description": "JavaScript implementation of The Update Framework (TUF)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tuf-js@2.2.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tuf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "models", + "group": "@tufjs", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|@tufjs/models@2.0.1", + "author": "bdehamer@github.com", + "description": "TUF metadata models", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/models@2.0.1?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/models" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "canonical-json", + "group": "@tufjs", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "author": "bdehamer@github.com", + "description": "OLPC JSON canonicalization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40tufjs/canonical-json@2.0.0?vcs_url=git%2Bhttps%3A//github.com/theupdateframework/tuf-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/theupdateframework/tuf-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/tree/main/packages/canonical-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/theupdateframework/tuf-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@tufjs/canonical-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.4", + "bom-ref": "npm@10.8.0|debug@4.3.4", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.4?vcs_url=git%3A//github.com/debug-js/debug.git", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "make-fetch-happen", + "version": "13.0.1", + "bom-ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "author": "GitHub Inc.", + "description": "Opinionated, caching, retrying fetch client", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-fetch-happen@13.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/make-fetch-happen.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/make-fetch-happen.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/make-fetch-happen/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/make-fetch-happen" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "abbrev", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|abbrev@2.0.0", + "author": "GitHub Inc.", + "description": "Like ruby's abbrev module, but in js", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@2.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/abbrev-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/abbrev-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/abbrev-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/abbrev-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/abbrev" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "archy", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|archy@1.0.0", + "author": "James Halliday", + "description": "render nested hierarchies `npm ls` style with unicode pipes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archy@1.0.0?vcs_url=git%2Bssh%3A//git%40github.com/substack/node-archy.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/substack/node-archy.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-archy#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-archy/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/archy" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "3.0.3", + "bom-ref": "npm@10.8.0|fs-minipass@3.0.3", + "author": "GitHub Inc.", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@3.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-collect", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|minipass-collect@2.0.1", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that collects all the data into a single chunk", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-collect@2.0.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-collect.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-collect.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-collect/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-collect" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|minipass@7.1.1", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@7.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-flush", + "version": "1.0.5", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that calls a flush function before emitting 'end'", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-flush@1.0.5?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-flush.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-flush.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-flush/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yallist", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|yallist@4.0.0", + "author": "Isaac Z. Schlueter", + "description": "Yet Another Linked List", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@4.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/yallist.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/yallist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/yallist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-pipeline", + "version": "1.2.4", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "author": "Isaac Z. Schlueter", + "description": "create a pipeline of streams using Minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-pipeline@1.2.4", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-map", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|p-map@4.0.0", + "author": "Sindre Sorhus", + "description": "Map over promises concurrently", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-map@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/p-map.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-map.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-map#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-map/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/p-map" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tar", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|tar@6.2.1", + "author": "GitHub Inc.", + "description": "tar for node", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@6.2.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-tar.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-tar.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-tar#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-tar/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-filename", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|unique-filename@3.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique filename for use in temporary directories or caches.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-filename@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-filename.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/unique-filename", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/unique-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-filename" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "unique-slug", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|unique-slug@4.0.0", + "author": "GitHub Inc.", + "description": "Generate a unique character string suitible for use in files and URLs.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/unique-slug@4.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/unique-slug.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/unique-slug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/unique-slug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/unique-slug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/unique-slug" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "imurmurhash", + "version": "0.1.4", + "bom-ref": "npm@10.8.0|imurmurhash@0.1.4", + "author": "Jens Taylor", + "description": "An incremental implementation of MurmurHash3", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/imurmurhash@0.1.4?vcs_url=git%2Bhttps%3A//github.com/jensyt/imurmurhash-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jensyt/imurmurhash-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jensyt/imurmurhash-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/imurmurhash" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "5.3.0", + "bom-ref": "npm@10.8.0|chalk@5.3.0", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@5.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/chalk.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chalk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-columns", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|cli-columns@4.0.0", + "author": "Shannon Moeller", + "description": "Columnated lists for the CLI.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cli-columns@4.0.0?vcs_url=git%2Bhttps%3A//github.com/shannonmoeller/cli-columns.git", + "externalReferences": [ + { + "url": "git+https://github.com/shannonmoeller/cli-columns.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/shannonmoeller/cli-columns/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cli-columns" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "npm@10.8.0|string-width@4.2.3", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "8.0.0", + "bom-ref": "npm@10.8.0|emoji-regex@8.0.0", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-fullwidth-code-point" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|strip-ansi@6.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|ansi-regex@5.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fastest-levenshtein", + "version": "1.0.16", + "bom-ref": "npm@10.8.0|fastest-levenshtein@1.0.16", + "author": "Kasper U. Weihe", + "description": "Fastest Levenshtein distance implementation in JS.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fastest-levenshtein@1.0.16?vcs_url=git%2Bhttps%3A//github.com/ka-weihe/fastest-levenshtein.git", + "externalReferences": [ + { + "url": "git+https://github.com/ka-weihe/fastest-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein#README", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ka-weihe/fastest-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/fastest-levenshtein" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "foreground-child", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|foreground-child@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Run a child as if it's the foreground process. Give it stdio. Exit when it exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/foreground-child@3.1.1?vcs_url=git%2Bhttps%3A//github.com/tapjs/foreground-child.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/foreground-child.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/foreground-child#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/foreground-child/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/foreground-child" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cross-spawn", + "version": "7.0.3", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3", + "author": "André Cruz", + "description": "Cross platform child_process#spawn and child_process#spawnSync", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cross-spawn@7.0.3?vcs_url=git%2Bssh%3A//git%40github.com/moxystudio/node-cross-spawn.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/moxystudio/node-cross-spawn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|path-key@3.1.1", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@3.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-key.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-key" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-command", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|shebang-command@2.0.0", + "author": "Kevin Mårtensson", + "description": "Get the command from a shebang", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-command@2.0.0?vcs_url=git%2Bhttps%3A//github.com/kevva/shebang-command.git", + "externalReferences": [ + { + "url": "git+https://github.com/kevva/shebang-command.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kevva/shebang-command#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kevva/shebang-command/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-command" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "shebang-regex", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|shebang-regex@3.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching a shebang line", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/shebang-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/shebang-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/shebang-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/shebang-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|isexe@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "npm@10.8.0|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0?vcs_url=git%2Bhttps%3A//github.com/tapjs/signal-exit.git", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jackspeak", + "version": "2.3.6", + "bom-ref": "npm@10.8.0|jackspeak@2.3.6", + "author": "Isaac Z. Schlueter", + "description": "A very strict and proper argument parser.", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/jackspeak@2.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/jackspeak.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/jackspeak.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/jackspeak#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/jackspeak/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jackspeak" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "group": "@isaacs", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2?vcs_url=git%2Bhttps%3A//github.com/yargs/cliui.git", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "4.2.3", + "bom-ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.3?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/string-width-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eastasianwidth", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|eastasianwidth@0.2.0", + "author": "Masaki Komagata", + "description": "Get East Asian Width from a character.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0?vcs_url=git%3A//github.com/komagata/eastasianwidth.git", + "externalReferences": [ + { + "url": "git://github.com/komagata/eastasianwidth.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/komagata/eastasianwidth/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/eastasianwidth" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "6.0.1", + "bom-ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/strip-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "7.0.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|color-convert@2.0.1", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1?vcs_url=git%2Bhttps%3A//github.com/Qix-/color-convert.git", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-convert" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.4", + "bom-ref": "npm@10.8.0|color-name@1.1.4", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4?vcs_url=git%2Bssh%3A//git%40github.com/colorjs/color-name.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/colorjs/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/colorjs/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/color-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "8.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "6.2.1", + "bom-ref": "npm@10.8.0|ansi-styles@6.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@6.2.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parseargs", + "group": "@pkgjs", + "version": "0.11.0", + "bom-ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0", + "description": "Polyfill of future proposal for `util.parseArgs()`", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0?vcs_url=git%2Bssh%3A//git%40github.com/pkgjs/parseargs.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/pkgjs/parseargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pkgjs/parseargs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pkgjs/parseargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@pkgjs/parseargs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-scurry", + "version": "1.11.1", + "bom-ref": "npm@10.8.0|path-scurry@1.11.1", + "author": "Isaac Z. Schlueter", + "description": "walk paths fast and efficiently", + "licenses": [ + { + "license": { + "id": "BlueOak-1.0.0" + } + } + ], + "purl": "pkg:npm/path-scurry@1.11.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/path-scurry.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/path-scurry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/path-scurry#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/path-scurry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/path-scurry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.2.11", + "bom-ref": "npm@10.8.0|graceful-fs@4.2.11", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/graceful-fs" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "init-package-json", + "version": "6.0.3", + "bom-ref": "npm@10.8.0|init-package-json@6.0.3", + "author": "GitHub Inc.", + "description": "A node module to get your node module started", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/init-package-json@6.0.3?vcs_url=git%2Bhttps%3A//github.com/npm/init-package-json.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/init-package-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/init-package-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/init-package-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/init-package-json" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "promzard", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|promzard@1.0.2", + "author": "GitHub Inc.", + "description": "prompting wizardly", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/promzard@1.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/promzard.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/promzard.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/promzard#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/promzard/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/promzard" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "read", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|read@3.0.1", + "author": "GitHub Inc.", + "description": "read(1) for node programs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/read@3.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/read.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/read.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/read#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/read/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/read" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.4", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "3.2.0", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0", + "description": "correct invalid SPDX expressions", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.2.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-correct.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "2.5.0", + "bom-ref": "npm@10.8.0|spdx-exceptions@2.5.0", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.5.0?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-exceptions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "3.0.17", + "bom-ref": "npm@10.8.0|spdx-license-ids@3.0.17", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.17?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-license-ids.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-license-ids" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-name", + "version": "5.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-name@5.0.1", + "author": "GitHub Inc.", + "description": "Give me a string and I'll tell you if it's a valid npm package name", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/validate-npm-package-name@5.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/validate-npm-package-name.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/validate-npm-package-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/validate-npm-package-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-name" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-cidr", + "version": "5.0.5", + "bom-ref": "npm@10.8.0|is-cidr@5.0.5", + "author": "silverwind", + "description": "Check if a string is an IP address in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/is-cidr@5.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/is-cidr.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/is-cidr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/is-cidr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/is-cidr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-cidr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cidr-regex", + "version": "4.0.5", + "bom-ref": "npm@10.8.0|cidr-regex@4.0.5", + "author": "silverwind", + "description": "Regular expression for matching IP addresses in CIDR notation", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cidr-regex@4.0.5?vcs_url=git%2Bhttps%3A//github.com/silverwind/cidr-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/silverwind/cidr-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/silverwind/cidr-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cidr-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-regex", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|ip-regex@5.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching IP addresses (IPv4 & IPv6)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-regex@5.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ip-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/ip-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/ip-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmaccess", + "version": "8.0.6", + "bom-ref": "npm@10.8.0|libnpmaccess@8.0.6", + "author": "GitHub Inc.", + "description": "programmatic library for `npm access` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmaccess@8.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmaccess", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmaccess", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmaccess", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmaccess/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmaccess" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmdiff", + "version": "6.1.2", + "bom-ref": "npm@10.8.0|libnpmdiff@6.1.2", + "author": "GitHub Inc.", + "description": "The registry diff", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmdiff@6.1.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmdiff", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmdiff", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmdiff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "binary-extensions", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|binary-extensions@2.3.0", + "author": "Sindre Sorhus", + "description": "List of binary file extensions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/binary-extensions.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/binary-extensions.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/binary-extensions/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/binary-extensions" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "npm@10.8.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0?vcs_url=git%3A//github.com/kpdecker/jsdiff.git", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmexec", + "version": "8.1.1", + "bom-ref": "npm@10.8.0|libnpmexec@8.1.1", + "author": "GitHub Inc.", + "description": "npm exec (npx) programmatic API", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmexec@8.1.1?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmexec", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmexec", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmexec" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmfund", + "version": "5.0.10", + "bom-ref": "npm@10.8.0|libnpmfund@5.0.10", + "author": "GitHub Inc.", + "description": "Programmatic API for npm fund", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmfund@5.0.10?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmfund", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmfund", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmfund" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmhook", + "version": "10.0.5", + "bom-ref": "npm@10.8.0|libnpmhook@10.0.5", + "author": "GitHub Inc.", + "description": "programmatic API for managing npm registry hooks", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmhook@10.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmhook", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmhook", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmhook" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aproba", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|aproba@2.0.0", + "author": "Rebecca Turner", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@2.0.0?vcs_url=git%2Bhttps%3A//github.com/iarna/aproba.git", + "externalReferences": [ + { + "url": "git+https://github.com/iarna/aproba.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/iarna/aproba", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aproba" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmorg", + "version": "6.0.6", + "bom-ref": "npm@10.8.0|libnpmorg@6.0.6", + "author": "GitHub Inc.", + "description": "Programmatic api for `npm org` commands", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmorg@6.0.6?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmorg", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmorg", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmorg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmorg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmorg" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpack", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|libnpmpack@7.0.2", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm pack", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpack@7.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpack", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpack", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpack", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmpack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmpublish", + "version": "9.0.8", + "bom-ref": "npm@10.8.0|libnpmpublish@9.0.8", + "author": "GitHub Inc.", + "description": "Programmatic API for the bits behind npm publish and unpublish", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmpublish@9.0.8?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmpublish", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmpublish", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmpublish", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmpublish" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sigstore", + "version": "2.3.0", + "bom-ref": "npm@10.8.0|sigstore@2.3.0", + "author": "bdehamer@github.com", + "description": "code-signing for npm packages", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/sigstore@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/client#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sigstore" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "bundle", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore bundle type", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/bundle@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/bundle#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/bundle" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@sigstore", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|@sigstore/core@1.1.0", + "author": "bdehamer@github.com", + "description": "Base library for Sigstore", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/core@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/core" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sign", + "group": "@sigstore", + "version": "2.3.1", + "bom-ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "author": "bdehamer@github.com", + "description": "Sigstore signing library", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/sign@2.3.1?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/sign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/sign" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "verify", + "group": "@sigstore", + "version": "1.2.0", + "bom-ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "author": "bdehamer@github.com", + "description": "Verification of Sigstore signatures", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40sigstore/verify@1.2.0?vcs_url=git%2Bhttps%3A//github.com/sigstore/sigstore-js.git", + "externalReferences": [ + { + "url": "git+https://github.com/sigstore/sigstore-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sigstore/sigstore-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@sigstore/verify" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmsearch", + "version": "7.0.5", + "bom-ref": "npm@10.8.0|libnpmsearch@7.0.5", + "author": "GitHub Inc.", + "description": "Programmatic API for searching in npm and compatible registries.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmsearch@7.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmsearch", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmsearch", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmsearch", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/libnpmsearch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmsearch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmteam", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|libnpmteam@6.0.5", + "author": "GitHub Inc.", + "description": "npm Team management APIs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmteam@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmteam", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmteam", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://npmjs.com/package/libnpmteam", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmteam" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "libnpmversion", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|libnpmversion@6.0.2", + "author": "GitHub Inc.", + "description": "library to do the things that 'npm version' does", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/libnpmversion@6.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/cli.git#workspaces/libnpmversion", + "externalReferences": [ + { + "url": "git+https://github.com/npm/cli.git#workspaces/libnpmversion", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/npm/cli#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/cli/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/libnpmversion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent", + "group": "@npmcli", + "version": "2.2.2", + "bom-ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "author": "GitHub Inc.", + "description": "the http/https agent used by the npm cli", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/%40npmcli/agent@2.2.2?vcs_url=git%2Bhttps%3A//github.com/npm/agent.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@npmcli/agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "agent-base", + "version": "7.1.1", + "bom-ref": "npm@10.8.0|agent-base@7.1.1", + "author": "Nathan Rajlich", + "description": "Turn a function into an `http.Agent` instance", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/agent-base@7.1.1?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/agent-base", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/agent-base" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-proxy-agent", + "version": "7.0.2", + "bom-ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-proxy-agent@7.0.2?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/http-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "https-proxy-agent", + "version": "7.0.4", + "bom-ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "author": "Nathan Rajlich", + "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.4?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/https-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/https-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks-proxy-agent", + "version": "8.0.3", + "bom-ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "author": "Nathan Rajlich", + "description": "A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks-proxy-agent@8.0.3?vcs_url=git%2Bhttps%3A//github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "externalReferences": [ + { + "url": "git+https://github.com/TooTallNate/proxy-agents.git#packages/socks-proxy-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TooTallNate/proxy-agents/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks-proxy-agent" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "socks", + "version": "2.8.3", + "bom-ref": "npm@10.8.0|socks@2.8.3", + "author": "Josh Glazebrook", + "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socks@2.8.3?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/socks.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/socks.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/socks/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/socks" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ip-address", + "version": "9.0.5", + "bom-ref": "npm@10.8.0|ip-address@9.0.5", + "author": "Beau Gunderson", + "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ip-address@9.0.5?vcs_url=git%3A//github.com/beaugunderson/ip-address.git", + "externalReferences": [ + { + "url": "git://github.com/beaugunderson/ip-address.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/beaugunderson/ip-address/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ip-address" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsbn", + "version": "1.1.0", + "bom-ref": "npm@10.8.0|jsbn@1.1.0", + "author": "Tom Wu", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@1.1.0?vcs_url=git%2Bhttps%3A//github.com/andyperlitch/jsbn.git", + "externalReferences": [ + { + "url": "git+https://github.com/andyperlitch/jsbn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsbn" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.1.3", + "bom-ref": "npm@10.8.0|sprintf-js@1.1.3", + "author": "Alexandru Mărășteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.3?vcs_url=git%2Bhttps%3A//github.com/alexei/sprintf.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "smart-buffer", + "version": "4.2.0", + "bom-ref": "npm@10.8.0|smart-buffer@4.2.0", + "author": "Josh Glazebrook", + "description": "smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/smart-buffer@4.2.0?vcs_url=git%2Bhttps%3A//github.com/JoshGlazebrook/smart-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/JoshGlazebrook/smart-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/JoshGlazebrook/smart-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/smart-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "http-cache-semantics", + "version": "4.1.1", + "bom-ref": "npm@10.8.0|http-cache-semantics@4.1.1", + "author": "Kornel Lesiński", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@4.1.1?vcs_url=git%2Bhttps%3A//github.com/kornelski/http-cache-semantics.git", + "externalReferences": [ + { + "url": "git+https://github.com/kornelski/http-cache-semantics.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kornelski/http-cache-semantics/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/http-cache-semantics" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-lambda", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|is-lambda@1.0.1", + "author": "Thomas Watson Steen", + "description": "Detect if your code is running on an AWS Lambda server", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-lambda@1.0.1?vcs_url=git%2Bhttps%3A//github.com/watson/is-lambda.git", + "externalReferences": [ + { + "url": "git+https://github.com/watson/is-lambda.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/is-lambda", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/is-lambda/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-lambda" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-fetch", + "version": "3.0.5", + "bom-ref": "npm@10.8.0|minipass-fetch@3.0.5", + "author": "GitHub Inc.", + "description": "An implementation of window.fetch in Node.js using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-fetch@3.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-fetch.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-fetch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-fetch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-fetch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-fetch" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "encoding", + "version": "0.1.13", + "bom-ref": "npm@10.8.0|encoding@0.1.13", + "author": "Andris Reinman", + "description": "Convert encodings, uses iconv-lite", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encoding@0.1.13?vcs_url=git%2Bhttps%3A//github.com/andris9/encoding.git", + "externalReferences": [ + { + "url": "git+https://github.com/andris9/encoding.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/andris9/encoding#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/andris9/encoding/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/encoding" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "iconv-lite", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|iconv-lite@0.6.3", + "author": "Alexander Shtuchkin", + "description": "Convert character encodings in pure javascript.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.6.3?vcs_url=git%3A//github.com/ashtuchkin/iconv-lite.git", + "externalReferences": [ + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/iconv-lite" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "safer-buffer", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|safer-buffer@2.1.2", + "author": "Nikita Skovoroda", + "description": "Modern Buffer API polyfill without footguns", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2?vcs_url=git%2Bhttps%3A//github.com/ChALkeR/safer-buffer.git", + "externalReferences": [ + { + "url": "git+https://github.com/ChALkeR/safer-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/safer-buffer" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-sized", + "version": "1.0.3", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3", + "author": "Isaac Z. Schlueter", + "description": "A Minipass stream that raises an error if you get a different number of bytes than expected", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass-sized@1.0.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass-sized.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass-sized.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass-sized/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minizlib", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|minizlib@2.1.2", + "author": "Isaac Z. Schlueter", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@2.1.2?vcs_url=git%2Bhttps%3A//github.com/isaacs/minizlib.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minizlib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "negotiator", + "version": "0.6.3", + "bom-ref": "npm@10.8.0|negotiator@0.6.3", + "description": "HTTP content negotiation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.3?vcs_url=git%2Bhttps%3A//github.com/jshttp/negotiator.git", + "externalReferences": [ + { + "url": "git+https://github.com/jshttp/negotiator.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/negotiator" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "err-code", + "version": "2.0.3", + "bom-ref": "npm@10.8.0|err-code@2.0.3", + "author": "IndigoUnited", + "description": "Create an error with a code", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/err-code@2.0.3?vcs_url=git%3A//github.com/IndigoUnited/js-err-code.git", + "externalReferences": [ + { + "url": "git://github.com/IndigoUnited/js-err-code.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/IndigoUnited/js-err-code/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/err-code" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "retry", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|retry@0.12.0", + "author": "Tim Koschützki", + "description": "Abstraction for exponential and custom retry strategies for failed operations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry@0.12.0?vcs_url=git%3A//github.com/tim-kos/node-retry.git", + "externalReferences": [ + { + "url": "git://github.com/tim-kos/node-retry.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tim-kos/node-retry", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tim-kos/node-retry/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/retry" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|brace-expansion@2.0.1", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@2.0.1?vcs_url=git%3A//github.com/juliangruber/brace-expansion.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "balanced-match", + "version": "1.0.2", + "bom-ref": "npm@10.8.0|balanced-match@1.0.2", + "author": "Julian Gruber", + "description": "Match balanced character pairs, like \"{\" and \"}\"", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.2?vcs_url=git%3A//github.com/juliangruber/balanced-match.git", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/balanced-match" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.3", + "bom-ref": "npm@10.8.0|ms@2.1.3", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.3?vcs_url=git%2Bhttps%3A//github.com/vercel/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/vercel/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/vercel/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/vercel/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "env-paths", + "version": "2.2.1", + "bom-ref": "npm@10.8.0|env-paths@2.2.1", + "author": "Sindre Sorhus", + "description": "Get paths for storing things like data, config, cache, etc", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/env-paths@2.2.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/env-paths.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/env-paths.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/env-paths/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/env-paths" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "exponential-backoff", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|exponential-backoff@3.1.1", + "author": "Sami Sayegh", + "description": "A utility that allows retrying a function with an exponential delay between attempts.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/exponential-backoff@3.1.1?vcs_url=git%2Bhttps%3A//github.com/coveo/exponential-backoff.git", + "externalReferences": [ + { + "url": "git+https://github.com/coveo/exponential-backoff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/coveo/exponential-backoff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/exponential-backoff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-core-module", + "version": "2.13.1", + "bom-ref": "npm@10.8.0|is-core-module@2.13.1", + "author": "Jordan Harband", + "description": "Is this specifier a node.js core module?", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-core-module@2.13.1?vcs_url=git%2Bhttps%3A//github.com/inspect-js/is-core-module.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/is-core-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/is-core-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/is-core-module" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hasown", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|hasown@2.0.2", + "author": "Jordan Harband", + "description": "A robust, ES3 compatible, \"has own property\" predicate.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hasown@2.0.2?vcs_url=git%2Bhttps%3A//github.com/inspect-js/hasOwn.git", + "externalReferences": [ + { + "url": "git+https://github.com/inspect-js/hasOwn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/inspect-js/hasOwn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/hasown" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "function-bind", + "version": "1.1.2", + "bom-ref": "npm@10.8.0|function-bind@1.1.2", + "author": "Raynos", + "description": "Implementation of Function.prototype.bind", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.2?vcs_url=git%2Bhttps%3A//github.com/Raynos/function-bind.git", + "externalReferences": [ + { + "url": "git+https://github.com/Raynos/function-bind.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Raynos/function-bind", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/function-bind" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-audit-report", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|npm-audit-report@5.0.0", + "author": "GitHub Inc.", + "description": "Given a response from the npm security api, render it into a variety of security reports", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-audit-report@5.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-audit-report.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-audit-report.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-audit-report#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-audit-report/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-audit-report" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-profile", + "version": "10.0.0", + "bom-ref": "npm@10.8.0|npm-profile@10.0.0", + "author": "GitHub Inc.", + "description": "Library for updating an npmjs.com profile", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-profile@10.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/npm-profile.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-profile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-profile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-profile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-profile" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass-json-stream", + "version": "1.0.1", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "author": "Isaac Z. Schlueter", + "description": "Like JSONStream, but using Minipass streams", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minipass-json-stream@1.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/minipass-json-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/minipass-json-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/minipass-json-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonparse", + "version": "1.3.1", + "bom-ref": "npm@10.8.0|jsonparse@1.3.1", + "author": "Tim Caswell", + "description": "This is a pure-js JSON streaming parser for node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonparse@1.3.1?vcs_url=git%2Bssh%3A//git%40github.com/creationix/jsonparse.git", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/creationix/jsonparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/creationix/jsonparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/creationix/jsonparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/jsonparse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-user-validate", + "version": "2.0.1", + "bom-ref": "npm@10.8.0|npm-user-validate@2.0.1", + "author": "GitHub Inc.", + "description": "User validations for npm", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/npm-user-validate@2.0.1?vcs_url=git%2Bhttps%3A//github.com/npm/npm-user-validate.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-user-validate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-user-validate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-user-validate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-user-validate" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "aggregate-error", + "version": "3.1.0", + "bom-ref": "npm@10.8.0|aggregate-error@3.1.0", + "author": "Sindre Sorhus", + "description": "Create an error from multiple errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aggregate-error@3.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/aggregate-error.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/aggregate-error.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/aggregate-error/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/aggregate-error" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "clean-stack", + "version": "2.2.0", + "bom-ref": "npm@10.8.0|clean-stack@2.2.0", + "author": "Sindre Sorhus", + "description": "Clean up error stack traces", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-stack@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/clean-stack.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/clean-stack.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/clean-stack/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/clean-stack" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "indent-string", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|indent-string@4.0.0", + "author": "Sindre Sorhus", + "description": "Indent each line in a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/indent-string@4.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/indent-string.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/indent-string.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/indent-string/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/indent-string" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "npm-packlist", + "version": "8.0.2", + "bom-ref": "npm@10.8.0|npm-packlist@8.0.2", + "author": "GitHub Inc.", + "description": "Get a list of the files to add from a folder into an npm package", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@8.0.2?vcs_url=git%2Bhttps%3A//github.com/npm/npm-packlist.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/npm-packlist.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/npm-packlist#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/npm-packlist" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore-walk", + "version": "6.0.5", + "bom-ref": "npm@10.8.0|ignore-walk@6.0.5", + "author": "GitHub Inc.", + "description": "Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@6.0.5?vcs_url=git%2Bhttps%3A//github.com/npm/ignore-walk.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/ignore-walk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/ignore-walk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/ignore-walk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/ignore-walk" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff-apply", + "version": "5.5.0", + "bom-ref": "npm@10.8.0|just-diff-apply@5.5.0", + "author": "Angus Croll", + "description": "Apply a diff to an object. Optionally supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff-apply@5.5.0?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff-apply" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "just-diff", + "version": "6.0.2", + "bom-ref": "npm@10.8.0|just-diff@6.0.2", + "author": "Angus Croll", + "description": "Return an object representing the diffs between two objects. Supports jsonPatch protocol", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/just-diff@6.0.2?vcs_url=git%2Bhttps%3A//github.com/angus-c/just.git", + "externalReferences": [ + { + "url": "git+https://github.com/angus-c/just.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/angus-c/just#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/angus-c/just/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/just-diff" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "qrcode-terminal", + "version": "0.12.0", + "bom-ref": "npm@10.8.0|qrcode-terminal@0.12.0", + "description": "QRCodes, in the terminal", + "licenses": [ + { + "license": { + "name": "Apache 2.0" + } + } + ], + "purl": "pkg:npm/qrcode-terminal@0.12.0?vcs_url=git%2Bhttps%3A//github.com/gtanner/qrcode-terminal.git", + "externalReferences": [ + { + "url": "git+https://github.com/gtanner/qrcode-terminal.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gtanner/qrcode-terminal/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/qrcode-terminal" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "npm@10.8.0|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/mute-stream.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "4.0.0", + "bom-ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@4.0.0?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "9.4.0", + "bom-ref": "npm@10.8.0|supports-color@9.4.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@9.4.0?vcs_url=git%2Bhttps%3A//github.com/chalk/supports-color.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chownr", + "version": "2.0.0", + "bom-ref": "npm@10.8.0|chownr@2.0.0", + "author": "Isaac Z. Schlueter", + "description": "like `chown -R`", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@2.0.0?vcs_url=git%3A//github.com/isaacs/chownr.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/chownr" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "1.0.4", + "bom-ref": "npm@10.8.0|mkdirp@1.0.4", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-mkdirp.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "text-table", + "version": "0.2.0", + "bom-ref": "npm@10.8.0|text-table@0.2.0", + "author": "James Halliday", + "description": "borderless text tables with alignment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-table@0.2.0?vcs_url=git%3A//github.com/substack/text-table.git", + "externalReferences": [ + { + "url": "git://github.com/substack/text-table.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/text-table", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/text-table/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/text-table" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tiny-relative-date", + "version": "1.3.0", + "bom-ref": "npm@10.8.0|tiny-relative-date@1.3.0", + "author": "Joseph Wynn", + "description": "Tiny function that provides relative, human-readable dates.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-relative-date@1.3.0?vcs_url=git%2Bhttps%3A//github.com/wildlyinaccurate/relative-date.git", + "externalReferences": [ + { + "url": "git+https://github.com/wildlyinaccurate/relative-date.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/wildlyinaccurate/relative-date/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tiny-relative-date" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-version@2.2.2|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-version/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/core" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "http-call", + "version": "5.3.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "author": "Jeff Dickey @jdxcode", + "description": "make http requests", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/http-call@5.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/heroku/http-call.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/heroku/http-call", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/heroku/http-call/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/http-call/-/http-call-5.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6a1c229ac0b6dc8084e243e5f714c18ca0788a76d169e2f265e46e9c2ff5272fd9e97f2dbf6d8c1008caf8a04e31254b6aa5cf4d399df3adfcc1a54828b1b1db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call" + } + ] + }, + { + "type": "library", + "name": "is-retry-allowed", + "version": "1.1.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "author": "Vsevolod Strukchinsky", + "description": "My prime module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "11a060568b67339444033d0125a61a20d564fb34" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/is-retry-allowed" + } + ] + }, + { + "type": "library", + "name": "json-parse-better-errors", + "version": "1.0.2", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2", + "author": "Kat Marchán", + "description": "JSON.parse with context information on error", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/zkat/json-parse-better-errors.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/json-parse-better-errors" + } + ] + }, + { + "type": "library", + "name": "tunnel-agent", + "version": "0.6.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "author": "Mikeal Rogers", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/mikeal/tunnel-agent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/tunnel-agent" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "sinon@16.1.3|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "7.2.0", + "bom-ref": "sinon@16.1.3|supports-color@7.2.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@7.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "aa9080bd197db2db8e1ef78ab27ec79dc251befe74d6a21a70acd094effe2f0c5cf7ed2adb02f2bf80dfbedf34fc33e7da9a8e06c25d0e2a205c647df8ebf047" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sinon/node_modules/supports-color" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "commons", + "group": "@sinonjs", + "version": "2.0.0", + "bom-ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "description": "Simple functions shared among the sinon end user libraries", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/commons@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/commons.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/commons#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/commons/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b8b6b48fce7d98cae0dac97041874efc092b39f987f97e8b4d598d4d2f42a9ec6e13622f54e448912a492ea78f01b127289efb68c982c2bd4d519e7bd76d1772" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@sinonjs/samsam/node_modules/@sinonjs/commons" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fake-timers", + "group": "@sinonjs", + "version": "11.2.2", + "bom-ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "author": "Christian Johansen", + "description": "Fake JavaScript timers", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40sinonjs/fake-timers@11.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sinonjs/fake-timers.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sinonjs/fake-timers/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b6a62092c50ee858ec701920321477cf22cc9e2465d8b5cea615b9c503e9115e48849d397c73ff23ba5d92df6f621419c323d1c6a1e596019beebce91971c83" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/@sinonjs/fake-timers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "path-to-regexp", + "version": "6.2.2", + "bom-ref": "nise@5.1.9|path-to-regexp@6.2.2", + "description": "Express style path to RegExp utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@6.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/pillarjs/path-to-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/pillarjs/path-to-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1905f749232892781bdfafb085da515c4fb77fd57c533c80a2b958bce1b1f3bb9f1877a13539f9942c6b2ad2f2678625ff010a9cd9ebf7c6733b0c03655e6883" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/nise/node_modules/path-to-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "5.2.0", + "bom-ref": "pretty-format@29.7.0|ansi-styles@5.2.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0b1c29b7649f4f34ed5dc7ce97318479ef0ef9cf8c994806acd8817179ee5b1b852477ba6b91f3eeac21c1ee4e81a498234209be42ea597d40486f9c24e90488" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pretty-format/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-util@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-util/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint@8.57.0|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint@8.57.0|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint@8.57.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint@8.57.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@7.12.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/scope-manager", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8ad175a539cde85dee9cf6a4fa4bad1fdada2242f79611f56113c682ded040e878dc340a5495e65a4a5bfafa5cfd38831ece9149df424db0ec73f63e620abb92" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@7.12.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a3ed137ba796a76a69298de62c253e600f69549c61509135e4557b931b83f638302006bec3fc9c18904cad80d3a5519433fb60a5af5278c3ae81269b585abb6e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@7.12.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b9993b0debeb40b2f7bd29df165e5b8f8b0bef9a82f43e847637a621d6ed92e526221796a6e8a2ca5498d35271244efecc6ace58366ba755b13ae0e7b6f2ab1d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "7.12.0", + "bom-ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@7.12.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://typescript-eslint.io/packages/typescript-estree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.12.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e5bc2a2ec58150bbf587aa67edc316e5d5d7fd8d9a991a8b68aaac0125706c11cc6529c7a84fc7378bd3e1f134685b22c3162fafdf24a8e5a1d5af192976a509" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "description": "TypeScript plugin for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/eslint-plugin@4.33.0#packages/eslint-plugin", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/eslint-plugin", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68836203119574e975789c958da5a7fd871502ae068bf628df9a871829ea6d6573eb5837f43d21db7bde63f300d2b14519fc4aed3c92836bb00de36ff89815a6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/eslint-plugin" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parser", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "description": "An ESLint custom parser which leverages TypeScript ESTree", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/parser@4.33.0#packages/parser", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/parser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66885db1b5da76318148ad3fafe77ced7d120662b33aae3f4b99f32ba481809b29168f7f0940c9ee18dacaecdef892bb09940b0ccae8ab2b69ee939c14a4f164" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint", + "version": "7.32.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "author": "Nicholas C. Zakas", + "description": "An AST-based pattern checker for JavaScript.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint@7.32.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://eslint.org", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint/issues/", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint/-/eslint-7.32.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "54767c817f840dfcfef7b8c6720c860b24626bf74f39de9787dc8fbfc065d7e4a8688c03f9afef96b3a6191532398bbb33052173b0b1a9e683654d774b8f84a4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "code-frame", + "group": "@babel", + "version": "7.12.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "author": "Sebastian McKenzie", + "description": "Generate errors that contain a code frame that point to source locations.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40babel/code-frame@7.12.11#packages/babel-code-frame", + "externalReferences": [ + { + "url": "git+https://github.com/babel/babel.git#packages/babel-code-frame", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://babeljs.io/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/babel/babel/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66dd72a1d071d5473289e3cc4a45a753884faa1c2aee11a2da714bd4b780dc4525faad8b431d7a3084a0274fb3edd9e682f3fd42d2257ae11318e88e1f545c23" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@babel/code-frame" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslintrc", + "group": "@eslint", + "version": "0.4.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "author": "Nicholas C. Zakas", + "description": "The legacy ESLintRC config file format for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40eslint/eslintrc@0.4.3", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslintrc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslintrc#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslintrc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.4.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27a285173e50098509ab7a5fd268c47022551116f3bfbd4f5080dccee87d264c0613371e77a08ee400cb1c1d6b6dfffea0f06da0f7cc60d3a9183cc200d95b5f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "espree", + "version": "7.3.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "author": "Nicholas C. Zakas", + "description": "An Esprima-compatible JavaScript parser built on Acorn", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/espree@7.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/espree.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/espree", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/eslint/espree.git", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/espree/-/espree-7.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bf724234213ae2e9a41699a4146ab354ab0e4f4b4dd59afeb9ea8b65fa55d4e6fc7be08480f59af8ec42a061f7b6786298c2886819b89bfbda46927f92b473da" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/js-yaml" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "config-array", + "group": "@humanwhocodes", + "version": "0.5.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "author": "Nicholas C. Zakas", + "description": "Glob-based configuration matching.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/config-array@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/config-array.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/config-array/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "15a82d285cfbe17ad397bcba1c2cd0a700df5cfd328717bd9472c3d546718ef64871bc91cfccd3145ff260d7d27f3538d78783c19d52aced10bedc9ffb014c42" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/config-array" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "object-schema", + "group": "@humanwhocodes", + "version": "1.2.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "author": "Nicholas C. Zakas", + "description": "An object schema merger/validator", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/%40humanwhocodes/object-schema@1.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/humanwhocodes/object-schema.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/humanwhocodes/object-schema/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "66740c9cb5787bb843954bf0f07f94f0048bd36492d869fafbd01cdf01862c87bbfa37b601e00ec4f63e8b320f2437c50dbede0e37afd14b3c30ed6215137c84" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@humanwhocodes/object-schema" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "acorn", + "version": "7.4.1", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "description": "ECMAScript parser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/acornjs/acorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/acornjs/acorn", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9d0ca9d28d7f98d75b4ced4f3ba9079304ab9a0674313fe3082a4d8b06d48c6a11378765061a89b6842e0a710e2b3813570834656882a10cba4b131e6d0561f0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/acorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob-parent", + "version": "5.1.2", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "author": "Gulp Team", + "description": "Extract the non-magic parent path from a glob string.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/gulpjs/glob-parent.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/gulpjs/glob-parent/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "00e22049009ea62258c0fdc04671b1fb95674eed870587736c63f8e5e2f0d6faf7cc1def64b7b279dd6c0bd8676dc39cf7f4ab33233944f42b906cf8692f59a3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/glob-parent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/argparse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/sprintf-js" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo-space", + "version": "0.29.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO with 2-space indent", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo-space@0.29.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo-space.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo-space/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo-space/-/eslint-config-xo-space-0.29.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a65195478e6ce5dc8d5a3b633fda0129a9afc61d74e5ecb17fbd07805f85be990214fb6932a98f7b16432749cd89f0eb28abebc2497098fc78c552614817f02" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo-space" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-config-xo", + "version": "0.38.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "author": "Sindre Sorhus", + "description": "ESLint shareable config for XO", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-config-xo@0.38.0", + "externalReferences": [ + { + "url": "git+https://github.com/xojs/eslint-config-xo.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/xojs/eslint-config-xo/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-config-xo/-/eslint-config-xo-0.38.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1b68cbf95c9f91c656f06a139aa2ec131beb5acb0179d4a8690435d6fca17e50de4f772c31d055a743a7f805628eb46ebe09a459e0f0c142f9463d2a0d11caea" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-config-xo" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "scope-manager", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "description": "TypeScript scope analyser for ESLint", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/scope-manager@4.33.0#packages/scope-manager", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/scope-manager", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e487c91e9813b1366e38d29b38372d2f890ab908defdbcc1464c0713c50e6787fcf5979d760f84199b3c3c3f0d70de0b74cdf2807598077ba43c0623be5fea6d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/scope-manager" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "description": "Types for the TypeScript-ESTree AST spec", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/types@4.33.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ccaa7b0a34332d02265c4a4bb76054c35b6f38c3df3684c07dbf25e757af8586ce104cdd5b240d98759618f47a8702890c08bed555d20669e12fd9325534ceb9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "visitor-keys", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "description": "Visitor keys used to help traverse the TypeScript-ESTree AST", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/visitor-keys@4.33.0#packages/visitor-keys", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/visitor-keys", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "baa8bfd9a4b3f60d9fb5c1d67fcb8b3c903bd2b52feb2b8c5b9068870f9bc1cbb36b14081da285642286a065c8adcf6f913277fb4b7133bdcad07ab7779c2022" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "typescript-estree", + "group": "@typescript-eslint", + "version": "4.33.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "description": "A parser that converts TypeScript source code into an ESTree compatible form", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/%40typescript-eslint/typescript-estree@4.33.0#packages/typescript-estree", + "externalReferences": [ + { + "url": "git+https://github.com/typescript-eslint/typescript-eslint.git#packages/typescript-estree", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/typescript-eslint/typescript-eslint/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.33.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae459163530f1738f09c4547b3119e983ceaa9d770d906d32652023c3f69f48f4b7ec3bc7dd99f40f397dee29f51a1910c525b7ebb66fec5e155737813e6f308" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/@typescript-eslint/typescript-estree" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@typescript-eslint/experimental-utils/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "tsutils@3.21.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsutils/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "@babel/highlight@7.24.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "@babel/highlight@7.24.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/highlight/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.20.2", + "bom-ref": "globals@13.24.0|type-fest@0.20.2", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.20.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "35ef9e138af4fe25a7a40c43f39db3dc0f8dd01b7944dfff36327045dd95147126af2c317f9bec66587847a962c65e81fb0cfff1dfa669348090dd452242372d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/globals/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-levenshtein", + "version": "2.0.6", + "bom-ref": "optionator@0.9.3|fast-levenshtein@2.0.6", + "author": "Ramesh Nair", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "git+https://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0c25eee887e1a9c92ced364a6371f1a77cbaaa9858e522599ab58c0eb29c11148e5d641d32153d220fcf62bcf2c3fba5f63388ca1d0de0cd2d6c2e61a1d83c77" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/optionator/node_modules/fast-levenshtein" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "eslint-plugin-node@11.1.0|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-node/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-utils", + "version": "2.1.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "author": "Toru Nagashima", + "description": "Utilities for ESLint plugins.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-utils@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/mysticatea/eslint-utils.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mysticatea/eslint-utils/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c3de1d418a1abb2be50dce375e7181f2553766def5def342860b78116c215c03f65e406f9dd7f117402022a28e39ab233c83f38fd26a8309306c2603d3f57766" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-utils" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-plugin-es/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-plugin-unicorn", + "version": "36.0.0", + "bom-ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "author": "Sindre Sorhus", + "description": "Various awesome ESLint rules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eslint-plugin-unicorn@36.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/eslint-plugin-unicorn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/eslint-plugin-unicorn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-36.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c71376bd272d1969c35ba68b1259bf2ca23072b9a4ea676211c5b9e54bf992b72b55c20549632612073f870a5e9987d969c299e67a4511118dcf869386ca7500" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/eslint-plugin-unicorn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif/node_modules/ci-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/clean-regexp/node_modules/escape-string-regexp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-template-visitor/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "2.1.0", + "bom-ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@2.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2b4a6441cd7803cc8b03ea619d2607afce07b3239df809eaf92ffbf2317d241f34ff8e2078de346177d61494c1982d0cb6ce9acd9a84fca9ab021ad63e41a2b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/eslint-parser@7.24.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/eslint-parser/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-scope", + "version": "5.1.1", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "description": "ECMAScript scope analyzer for ESLint", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/eslint-scope@5.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-scope.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/eslint/eslint-scope", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-scope/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d8dc706c5fe16742a97a960dd1c35ba3e14de97a0aec6687950860c7f848665e956b46c5e3945038ec212c8cbc9500dbb8289a7522c20671f608562aba2b796f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/eslint-scope" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "estraverse", + "version": "4.3.0", + "bom-ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0", + "description": "ECMAScript JS AST traversal functions", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/estools/estraverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/estools/estraverse", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@nicolo-ribaudo/eslint-scope-5-internals/node_modules/estraverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/find-up" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/locate-path" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-locate" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/p-limit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.8.1", + "bom-ref": "read-pkg-up@7.0.1|type-fest@0.8.1", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e1d6f3233aaf8ed822339af0d64e6b107b4100d2a676e7611b20446a3374d5f13285a00886ca0a372eb2efe20df7721fa45b7063d8aa8bb903fb1c0a850b0d24" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg-up/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ajv", + "version": "6.12.6", + "bom-ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "author": "Evgeny Poberezkin", + "description": "Another JSON Schema Validator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.6", + "externalReferences": [ + { + "url": "git+https://github.com/ajv-validator/ajv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8f77d52e0bd3a39dbb6a7c98c893864d825b1bebe79d062f1349b99a691cd532be9f1029a6408b3082f4699e1d6e55423681928619be933138654ca4068320e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/ajv" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json-schema-traverse", + "version": "0.4.1", + "bom-ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "author": "Evgeny Poberezkin", + "description": "Traverse JSON Schema passing each schema object to callback", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "git+https://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@eslint/eslintrc/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.5.0", + "bom-ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/normalize-package-data" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.8.9", + "bom-ref": "read-pkg@5.2.0|hosted-git-info@2.8.9", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.9", + "externalReferences": [ + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9b120301bf4bb26e83a0e27bc47fb9f97e32d4b53fe078b9d0bf42e6c22cc0adc9cd42d2e1bc24d45be374182f611e1bcd3e2db944220b5e451367f91db2ef63" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/hosted-git-info" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.7.2", + "bom-ref": "read-pkg@5.2.0|semver@5.7.2", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.2", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "701ce79d0f4a8c9a94ebb079d91302eb908c6ab2b6eb4d161676e471a8b05aadf1cbfe61685265b21827a63a2f31527e1df7f8f5df06127d1bf3b0b9a43435d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/semver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "type-fest", + "version": "0.6.0", + "bom-ref": "read-pkg@5.2.0|type-fest@0.6.0", + "author": "Sindre Sorhus", + "description": "A collection of essential TypeScript types", + "licenses": [ + { + "expression": "(MIT OR CC0-1.0)" + } + ], + "purl": "pkg:npm/type-fest@0.6.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/type-fest.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/type-fest/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "abe301f27611d4a0cbae0af81b9c9e99fb69302eff40ba959dd06610476ace6363e5d70538ee0ea3caa5c1913750b4f7f998a6d45f0aab87019e290d86508c96" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/read-pkg/node_modules/type-fest" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsesc", + "version": "0.5.0", + "bom-ref": "regjsparser@0.10.0|jsesc@0.5.0", + "author": "Mathias Bynens", + "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "http://mths.be/mit" + } + } + ], + "purl": "pkg:npm/jsesc@0.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/jsesc.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://mths.be/jsesc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/jsesc/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b99cf952707bbb84fd2efc2616a5e28bba594a8b9a44fa2b1ace70868d48a7b54ed30c5a9c5bc12fb1a433a7531e5817fa384102945eb5a5a99c369b39e4dc9c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/regjsparser/node_modules/jsesc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "body-parser@1.20.2|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "body-parser@1.20.2|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/body-parser/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "finalhandler@1.2.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "finalhandler@1.2.0|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/finalhandler/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "2.6.9", + "bom-ref": "send@0.18.0|debug@2.6.9", + "author": "TJ Holowaychuk", + "description": "small debugging utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "1.3.1", + "bom-ref": "global-prefix@1.0.2|which@1.3.1", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/global-prefix/node_modules/which" + } + ] + }, + { + "type": "library", + "name": "rxjs", + "version": "7.8.1", + "bom-ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "author": "Ben Lesh", + "description": "Reactive Extensions for modern JavaScript", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@7.8.1", + "externalReferences": [ + { + "url": "git+https://github.com/reactivex/rxjs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://rxjs.dev", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "000dd3563fb40368ae2284245842bfb6a16306ada3fba3cee98d3325cbf32c016110520edc72f4be5b3d8562e77196c001b2b499aafba19e15d3bf48fea3ccc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/inquirer-file-tree-selection-prompt/node_modules/rxjs" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "figures@3.2.0|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/figures/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "tmp", + "version": "0.0.33", + "bom-ref": "external-editor@3.1.0|tmp@0.0.33", + "author": "KARASZI István", + "description": "Temporary file and directory creator", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tmp@0.0.33", + "externalReferences": [ + { + "url": "git+https://github.com/raszi/node-tmp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://github.com/raszi/node-tmp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/raszi/node-tmp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/external-editor/node_modules/tmp" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "rxjs@6.6.7|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/rxjs/node_modules/tslib" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "@jest/core@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@jest/core/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "ci-info", + "version": "3.9.0", + "bom-ref": "jest-config@29.7.0|ci-info@3.9.0", + "author": "Thomas Watson Steen", + "description": "Get details about the current Continuous Integration environment", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ci-info@3.9.0", + "externalReferences": [ + { + "url": "git+https://github.com/watson/ci-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/watson/ci-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/watson/ci-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "348c45e7986fe274aa42cc2401e88e8b5afcdf1cbc26574e1434d68ae839e4a06ef499db96771dd94e958879988077f4d533d94bbecd24184130a7568fd1d031" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-config/node_modules/ci-info" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "jest-validate@29.7.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jest-validate/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/pkg-dir/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "resolve-cwd@3.0.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/resolve-cwd/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "chalk", + "version": "2.4.2", + "bom-ref": "json-colorizer@2.2.2|chalk@2.4.2", + "description": "Terminal string styling done right", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/chalk.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/chalk" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "3.2.1", + "bom-ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/ansi-styles" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "json-colorizer@2.2.2|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdb468ac1e455105af95ad7a53c47faa06852326b6a86cf00eb366099b982ab6dd494306e88d5908641179f911561b8e9081959deec1437e4349fa35aaf26a16" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "supports-color", + "version": "5.5.0", + "bom-ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "author": "Sindre Sorhus", + "description": "Detect whether a terminal supports color", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/supports-color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/supports-color" + } + ] + }, + { + "type": "library", + "name": "has-flag", + "version": "3.0.0", + "bom-ref": "json-colorizer@2.2.2|has-flag@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if argv has a specific flag", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/has-flag.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0a25fd7e71e401af848c92f427043343b5fe135e95615466ad7aed2df75f1b977d059db1369b8bcd2d7f9559efdda6395bf87ba0198cd6eee4171fdf073c463" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/json-colorizer/node_modules/has-flag" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.2.0", + "bom-ref": "markdown-diff@2.0.0|diff@5.2.0", + "description": "A JavaScript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.2.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b88143c6aa5164667a4e13a4f388447ea5a81f1d9d7af445be94d97131eeafce6f2267dac546d35bd4728780a90ae0e74e838fd4212d5ca220cad1c13d57dfe4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/markdown-diff/node_modules/diff" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "5.0.0", + "bom-ref": "mocha@10.4.0|diff@5.0.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@5.0.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "fd54c2aef9b9674246b72fc158796387e0408b0dc82beda3f3b34632ef0dc1cfdfe3c5a80c00b7f79ba898ef590f5d7b64e05a1e6917d68c8bbe454cfda213df" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "glob", + "version": "8.1.0", + "bom-ref": "mocha@10.4.0|glob@8.1.0", + "author": "Isaac Z. Schlueter", + "description": "a little globber", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@8.1.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afc869123890118945d9053475fddd4be9f1c5222b797412d6a461309334439343751dfce82ee36fb1f0c2877c1608ae7b1fa4d0616381fb75f32bf19b95e809" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/glob" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "5.0.1", + "bom-ref": "mocha@10.4.0|minimatch@5.0.1", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@5.0.1", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9cb0f12054728436e5cf7a8cbaaf92a116440f8fa6889fc6fad743ae39249119e302c05ec5e1a98232c44346e5272eeb1e14766fddeb8506384afc96bbdbf4de" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/minimatch" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "log-symbols", + "version": "4.1.0", + "bom-ref": "mocha@10.4.0|log-symbols@4.1.0", + "author": "Sindre Sorhus", + "description": "Colored symbols for various log levels. Example: `✔︎ Success`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/log-symbols@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/log-symbols.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/log-symbols/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f173efa4003cbb285fb5ebbca48bd0c69259ed2618769522bd9a46cbab05b01b8a458ffbad019abde75e07c68af99932ababa930554bffd016eaf398cdf4722e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/log-symbols" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "16.2.0", + "bom-ref": "mocha@10.4.0|yargs@16.2.0", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@16.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0f59afbed0c6d0be5fb7f8c65a42e91b5fa6d1e43139f681bd33442eb6968f6db049550c5b1654bd880961c2a1ea3186224245847e0864f4214784caa5cf2607" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/yargs" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "7.0.4", + "bom-ref": "mocha@10.4.0|cliui@7.0.4", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@7.0.4", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "39c444ebc70eb15317a7562fa2797f7f39103b28cb4aeffc6e13c37d0b747b4fc46f6f374ca3f6d05b3632aa0fb2bf52c00e7de6b44203e40ccd873d9c13fe25" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/mocha/node_modules/cliui" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "6.3.0", + "bom-ref": "yargs-unparser@2.0.0|camelcase@6.3.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@6.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1a6cba161625098eee3849595126f1a365020c7f28c0493df7a8246eba6c806b6b24b33727b8c6c65f4873b430c23e22bce13901665644c79c0dd17b86a1a314" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/yargs-unparser/node_modules/camelcase" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.1", + "bom-ref": "oclif@4.13.0|@oclif/core@4.0.1", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "03e98e3a3b39fa2bf5314ac8c18b1d7a4c2116f8cd3d66264be3af77a66c3e83fc5c06ba60273b3ffa26b646c6578a237e3e39a76841a5d9c5520fa53b1a98d0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "debug", + "version": "4.3.5", + "bom-ref": "oclif@4.13.0|debug@4.3.5", + "author": "Josh Junon", + "description": "Lightweight debugging utility for Node.js and the browser", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.3.5", + "externalReferences": [ + { + "url": "git://github.com/debug-js/debug.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/debug-js/debug#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/debug-js/debug/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a6dd1b3449a778322f74bd57b1df680d0ff0ad04645c34f80145a535934f2af5b9c7f8f23bd5455e42543f4eef436ba99b0e4f95a21368f29cdf58cad7757e8e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/debug" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "oclif@4.13.0|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/ms" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-extra", + "version": "8.1.0", + "bom-ref": "oclif@4.13.0|fs-extra@8.1.0", + "author": "JP Richardson", + "description": "fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/jprichardson/node-fs-extra.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ca1950800ea69ce25428eb11505b2025d402be42a1733f2d9591b91c141f45e619cb8e8ec0b718f9989ad26b5d1ec3a8f72fe13fe0b130dd1353d431a0eb46e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/fs-extra" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "jsonfile", + "version": "4.0.0", + "bom-ref": "oclif@4.13.0|jsonfile@4.0.0", + "author": "JP Richardson", + "description": "Easily read/write JSON files.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ba175477cfc8e395fda29901d2d907b3e6c8ca590cdbbae86e27f14a605459bcf1373ee1dc48c559cdfb0b84654e91f776d286cbe5258405ec394a196ab8dc6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/jsonfile" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "universalify", + "version": "0.1.2", + "bom-ref": "oclif@4.13.0|universalify@0.1.2", + "author": "Ryan Zimmerman", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "git+https://github.com/RyanZim/universalify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac125e2390970259b2d6957eeb5ed607d27add4e9771acc71c5d9fd9d6c98b1e17ce9505d114b765b8f414620e080bdae4ffddfc604e61a002435c3ed1acd492" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/oclif/node_modules/universalify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.575.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "602b2d55a5b9b40bd7b3ebf82d1f603403be55184839b8e4d7f92709d550e504114debed550b5d25678dac3658a38013a343871b2a860a3e59d3d4d632ff9ed5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.575.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f0cad3e09d9d462b247f42453062f954d06a3ef73a8a035adb5f0b1812731d798bb26d567c60869dc7bce11ed4d944abf283ce7a7bb45f34822ef310c996c659" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.575.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d75ed4fa44248b65e829c6107dea6695170dc67eab10b1a538538143c6762530571181db956da47b4ebb6b408b9b1170a7fcc25ae73b2068ddde29f7c78437ae" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.575.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ac474da6a5b68c47399306dffecf57432c0c2d094890c8ee08aea6c3db05d8e5511871959e1fba7a1ff5245c7c2a3f9e539d5cb627d0eca6877bc746728f0761" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-host-header", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-host-header@3.575.0#packages/middleware-host-header", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-host-header", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-host-header", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5765a82c1897342738ac8599b7a15470fe13374564d3603d3cf0815a44dfc8ea288aa7eaf96666663451069c25d7ee54b2f011b25aca585d15ce178c4573c92d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-host-header" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-logger", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-logger@3.575.0#packages/middleware-logger", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-logger", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-logger", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ec310ac7d675d4c69ac9eec57e162d0bcae36ccfcf70570c3b637840401fca97205828fec3882c784d8e19d7c01fd3850e815ce98bcba79defd7abdb3e3cd04a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-logger" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-recursion-detection", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-recursion-detection@3.575.0#packages/middleware-recursion-detection", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-recursion-detection", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-recursion-detection", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ae2f3d95d445a2ce8a64319a92758f4b65cf3bdaabfa067bfa63daa14f189123355b8b8aaad9d448e37273e3b7085189aea45eb861e146ad25d9295dd1b8f03b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-recursion-detection" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.575.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7d696be117eb50d4b64773e03fe5aca0c60e44082fff8ecba742747dbddd5ced58bdd73335675d45b152517d8c43133fcbd5c57d03cba4b83396e8682f70a37a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "region-config-resolver", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/region-config-resolver@3.575.0#packages/region-config-resolver", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/region-config-resolver", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/awslabs/smithy-typescript/tree/main/packages/region-config-resolver", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b0124ac1358a096bbdcbc1735c88a3606c242abded0e43d733b072953a1ee96fad1a4a783a2ad5e225eb580f7345e3704d37a9a311ee7e87ea8c62bd06d708f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/region-config-resolver" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "types", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Types for the AWS SDK", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/types@3.575.0#packages/types", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/types", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/types", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5eb9e89501acd305f176036e762ad1d783a034e6ab1fb59489fdfcfb63dde289d91fe2fb5e820b7a6d04800d6d469805a70da914795908d6801c33520446a5ee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/types" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.575.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c02e71f95eb0de446547a5fa5d520db003c3606f93cecdd6b61970f982ed8ee3ce0d435921002ab000476a1c677a417202fb1efb5f76f47c28f8268bf811d918" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-browser", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-browser@3.575.0#packages/util-user-agent-browser", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-browser", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-browser", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "8800e89d7c9a5e0c2f0b84f4a91b8358274a227cfcd865f67327b3abfa2a5652fc6cf63b1c3f23c1966bbae25dab9b646898b51216cee3e7f592c66a3a264abd" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-browser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-user-agent-node", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-user-agent-node@3.575.0#packages/util-user-agent-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-user-agent-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-user-agent-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "930cef05f0342e820b0ce152e8157cb8e924b011eb62e94fea43577a00797999c348d89ae436c1b17ab143f1e49cd1796b8dbd496430d9a690244810bd907554" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/util-user-agent-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-env", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from known environment variables", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-env@3.575.0#packages/credential-provider-env", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-env", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-env", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "613829ab7aef6015f35ba3930c1d34704efd7af42db2cfe5cf61a525782aa955c3d26ee2efb84603ccdbe3855ebcffd6c6d0da8925bb4928eebbc542046b20e2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-env" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.575.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c507d599823ef4aa91be1598f1fc84967a5c5540415208bf1e88e2de853a58bad48eb5fdf24f771deee0283412c877fbca430b5002585b0b15e008d0da3ea78c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.575.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "05d33a6bfe5552e3607b773ac91bb1bcefb8b2b2e849fa877e44067d40df8537532699639697e773d877cf6362d7e6ae78e1cf64c34558892d1c3717e7050606" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-process", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-process@3.575.0#packages/credential-provider-process", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-process", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-process", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dbfe4d255ecc672b0a825a89490fcef0e10b35cc0b707df192769b2fd35a82dcc1ed1341da9d405174745254decbdb120cb2f8a0298d6bffae9d8ba0956fc086" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-process" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.575.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "36d5c0f4e3c82aca9abecd85ee184b4ffb766438f026cbd07af8f7d68bf536999335831cece585583a6d386eeba69b1632c93928a99f88bdaa5624099decd734" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-web-identity", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that calls STS assumeRole for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-web-identity@3.575.0#packages/credential-provider-web-identity", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-web-identity", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-web-identity", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41cbd51fbc29be91515c600680205f41e885fe9b43d0d27e1eb73c74361f3c6845799d04a1540160da612e2db9c5eec967e5db6aa08aad444766daf87c010e27" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/credential-provider-web-identity" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.575.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a5156a40b64b43dd7072e3b7ad1bcd062972bd2e1dec3423172e3712b34352d1f751210252db32b10bca8adb651099d14aa57c6d84d0f914a93b7cd12aad1fa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "token-providers", + "group": "@aws-sdk", + "version": "3.575.0", + "bom-ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "author": "AWS SDK for JavaScript Team", + "description": "A collection of token providers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/token-providers@3.575.0#packages/token-providers", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/token-providers", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/token-providers", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.575.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "10f3433d0a109232aa9f80f6b7bd2a5736df76d95a032f4a05d1b9f2a0f5c8d595c6af1187f957770981f9a1363d26a1b727d58a465d091a19885cf10e1e4850" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-cloudfront/node_modules/@aws-sdk/token-providers" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso-oidc", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Oidc Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso-oidc@3.583.0#clients/client-sso-oidc", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso-oidc", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso-oidc", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "2cedf09ab1573e2da4344e3a943d570137d1aef74dc577780e54c5a2ea169abee5beaa1491c6e6b64576aff5c2859036cf41e20daba9842d5ef1bf2568955e4a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso-oidc" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sts", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sts@3.583.0#clients/client-sts", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sts", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sts", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c4333189e98f0d6afd758d90e00ca2c6446793f86f4ba7ece8e5b1b950b3d563b8ed885a01f3ac10602040c8032cb68e7e3fe82d4e43d78b9334110f1a1e2b04" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sts" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "Core functions & classes shared by multiple AWS SDK clients", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/core@3.582.0#packages/core", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/core", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a1f983f7a21073d83575bcaa942cb1bb97c21bb90897da75368379faf1815322dd6e63c25773dd83df6744760426ebf63201b1e405051833cc1dca9b2699d923" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-node", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from a Node.JS environment. ", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-node@3.583.0#packages/credential-provider-node", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-node", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c81372a415e7cbbcc91fce52cf10e3f2cd666cb5eff5cfd56ead2a4774773ce8f689d67acb007faa52110b55f006ebf8f56be0f24035c0a5e4dcade3ae971523" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "middleware-user-agent", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "author": "AWS SDK for JavaScript Team", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/middleware-user-agent@3.583.0#packages/middleware-user-agent", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/middleware-user-agent", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-user-agent", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "c553575d70d6bc1548fc0795b52740f5256e9aac6265a11293f269527f463249ad4ca7ed7abd02c1e6a9fb5890f63f1b4403b4bcd8662246dcbdd0754b859553" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/middleware-user-agent" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "util-endpoints", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "Utilities to help with endpoint resolution", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/util-endpoints@3.583.0#packages/util-endpoints", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/util-endpoints", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/util-endpoints", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "642f666f68eae811573d8b14b03dad99872796677ef4f18dc2714d9fc8e4e1a6e76b9263936c0392737cd726e4b66051e6db4df56f2e82692db8ab6f00c20309" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/util-endpoints" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-http", + "group": "@aws-sdk", + "version": "3.582.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider for containers and HTTP sources", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-http@3.582.0#packages/credential-provider-http", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-http", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-http", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.582.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9063942b0e6bc8f90321807af4f8cadd289c54b4db581d3aa2e14dd96d44bea509a644063c0506cd872898ab6dde625a0937ffd647e8687c0044097a28a48ff1" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-http" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-ini", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that sources credentials from ~/.aws/credentials and ~/.aws/config", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-ini@3.583.0#packages/credential-provider-ini", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-ini", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-provider-ini", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f08d2858d83fca9b3a72d8e111e2ffa89f4121affec573fb44f0d0a85299db306459b98b2cea0c59746f97cb8a5010faa827be0c699cbbdb247d55de5d27ac11" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-ini" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "credential-provider-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS credential provider that exchanges a resolved SSO login token file for temporary AWS credentials", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/credential-provider-sso@3.583.0#packages/credential-provider-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#packages/credential-provider-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/master/packages/credential-provider-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "1bfd44bcbf6d05ecd2894fb4ead1b82bf90ebc57cf8e785e4f82525ea8cf33bfaf8cace0a768f1a7527d30c77af73b388d55a89fddf6ccc786823ac2a65ccc12" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/credential-provider-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "client-sso", + "group": "@aws-sdk", + "version": "3.583.0", + "bom-ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "author": "AWS SDK for JavaScript Team", + "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40aws-sdk/client-sso@3.583.0#clients/client-sso", + "externalReferences": [ + { + "url": "git+https://github.com/aws/aws-sdk-js-v3.git#clients/client-sso", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/tree/main/clients/client-sso", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/aws/aws-sdk-js-v3/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.583.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14d276326881b596708248f8f862d5af3ab0983e83f05069b6b15993b3e71a449feefd50f2dc58348ea063ddfc4518582789415b870d6e13ef5a80f1025f741f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/client-sso" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/sha1-browser/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fast-xml-parser", + "version": "4.2.5", + "bom-ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "author": "Amit Gupta", + "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-xml-parser@4.2.5", + "externalReferences": [ + { + "url": "git+https://github.com/NaturalIntelligence/fast-xml-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "07dff08b31385a782a41fb453e675a318957a09949398c4640e6a70bbedfabd93cf99d2fe5d0d2561fb782512b74844e3fffecfe381bed9bb129f07c9d5ca8d2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-sdk/core/node_modules/fast-xml-parser" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "tslib", + "version": "1.14.1", + "bom-ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1", + "author": "Microsoft Corp.", + "description": "Runtime library for TypeScript helper functions", + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/Microsoft/tslib.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://www.typescriptlang.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "5e78b7e4d2b38e032bc1ebf2b074c202bb4b0e93efc9ef3357fd04e04c989f8dcfeffeeabd0c0f87d0469077b06ccba5567b5b8a099c4fbadd5f704da3dc1126" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@aws-crypto/crc32c/node_modules/tslib" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "cli-width", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|cli-width@4.1.0", + "author": "Ilya Radchenko", + "description": "Get stdout window width, with two fallbacks, tty and then a default.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cli-width@4.1.0", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/knownasilya/cli-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/knownasilya/cli-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/knownasilya/cli-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/cli-width/-/cli-width-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a2eb99778fdd9b64b0e469aacba6c6c8d34d7b5aadf51a66c6f78b48eeca720b139d4ed15dfb30fbf6ee9161a8d5a6e006230089cd3af2b72566c3b82169a6c5" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/cli-width" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mute-stream", + "version": "1.0.0", + "bom-ref": "@inquirer/core@8.2.2|mute-stream@1.0.0", + "author": "GitHub Inc.", + "description": "Bytes go in, but they don't come out (when muted).", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/mute-stream@1.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/npm/mute-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/mute-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/mute-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6afb09421c9dfbaf3480a5f21bfb107349d7682eab0643ce7f21d87056fdfa1764a90911f5b767909d003198647b4a1eb0fa883be985149f8874173b9acb7820" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/mute-stream" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "signal-exit", + "version": "4.1.0", + "bom-ref": "@inquirer/core@8.2.2|signal-exit@4.1.0", + "author": "Ben Coe", + "description": "when you want to fire an event no matter how a process exits.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/tapjs/signal-exit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/tapjs/signal-exit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "6f3c99d5ef3cc3d3b588d25b2a73a5bd84eb58f0e5e3a3b56c6d03dd7227bfef6d90faf1acdf235144e21650e4926296827d4ce827c8035dd2b86a8e6bd2a8af" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/signal-exit" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "6.2.0", + "bom-ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "afa94f7011b1657948732984bbb227c43321756d0a0f1a4b82814b720b9ab3109a27f48e219c0835ab4af4a63fb5ff99ae5cb038a5345038f70135d405fc495c" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@inquirer/core/node_modules/wrap-ansi" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "core", + "group": "@oclif", + "version": "4.0.0-beta.15", + "bom-ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "author": "Salesforce", + "description": "base library for oclif CLIs", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40oclif/core@4.0.0-beta.15", + "externalReferences": [ + { + "url": "git+https://github.com/oclif/core.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/oclif/core", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/oclif/core/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@oclif/core/-/core-4.0.0-beta.15.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a66b5993c211e31a8fae5994a6365c83f7712363ad317a5911177dae63d41ac4bd7ad6bb80504a1545eac5f2f9132ff48cbf2c266b1b987b120039a5d27b4c3a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-not-found/node_modules/@oclif/core" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mimic-response", + "version": "3.1.0", + "bom-ref": "decompress-response@6.0.0|mimic-response@3.1.0", + "author": "Sindre Sorhus", + "description": "Mimic a Node.js HTTP response stream", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/mimic-response.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "cf4c9623ee050ebaf0792f199ade048f91dd266932d79f8bd9ee96827dfe88ae5f5b36fa4f77e1345ab6f8c79345bd3ae1ce96af837fc2fd03cd04e33731cd19" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/decompress-response/node_modules/mimic-response" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "detect-newline", + "version": "4.0.1", + "bom-ref": "sort-package-json@2.10.0|detect-newline@4.0.1", + "author": "Sindre Sorhus", + "description": "Detect the dominant newline character of a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-newline@4.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/detect-newline.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/detect-newline/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/detect-newline/-/detect-newline-4.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a84dd57a0d585f3187421940ea3cde6d9376a957fa357f80ee6eea9610861b7d1d262c6b0108583ac263b270632640929ae38fa42937d35e397ebf055746f3a2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/detect-newline" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "globby", + "version": "13.2.2", + "bom-ref": "sort-package-json@2.10.0|globby@13.2.2", + "author": "Sindre Sorhus", + "description": "User-friendly glob matching", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/globby@13.2.2", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/globby.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/globby#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/globby/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "635ccd195fa9cd0761ec7dfd97dce00783c9aa344dab276f7580831b81c55cce17baf49a41094473dd48535c802cbf205130e89a00407f3dd725d9944bea28d3" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/globby" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "slash", + "version": "4.0.0", + "bom-ref": "sort-package-json@2.10.0|slash@4.0.0", + "author": "Sindre Sorhus", + "description": "Convert Windows backslash paths to slash paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/slash@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/slash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/slash#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/slash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ddd3ac0075d7524413a4e61ca00c4b228acc4e9e20210af9216de255bec0ee5148a74547867ca79bd8b3c7a4ecb1dac87152044809558ed9ced8af1b83e0a87b" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/slash" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-plain-obj", + "version": "4.1.0", + "bom-ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "author": "Sindre Sorhus", + "description": "Check if a value is a plain object", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f8f822faf32e50d909c84c62301b792251683322a7af9ce127852ca73e7c58e841179428219905c8d1c86c102d1f0cd502093946d9dd54db0344deb5fe6983aa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/sort-package-json/node_modules/is-plain-obj" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "is-wsl", + "version": "3.1.0", + "bom-ref": "open@10.1.0|is-wsl@3.1.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-wsl@3.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-wsl.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-wsl/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "51c55f55f68ae127389bb5f77544a81e8a3340604415e0c2fb3568d3ab7df317bc0b31d265905e90d5c7fadbb435a947a25709fd0006a92e3a1de7fb41704833" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/open/node_modules/is-wsl" + } + ] + }, + { + "type": "library", + "name": "is-docker", + "version": "3.0.0", + "bom-ref": "is-inside-container@1.0.0|is-docker@3.0.0", + "author": "Sindre Sorhus", + "description": "Check if the process is running inside a Docker container", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/is-docker.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7a58dc8040e5127b3fec05c5a2c0792bfda708ce0fec540f90673f0d62f2e6b985116bd96b21ab8a4d5df7f4086399c9e1ff58b15bc1900ea42691e7f6b21275" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/is-inside-container/node_modules/is-docker" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "5.2.0", + "bom-ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "4.1.1", + "bom-ref": "prompt-sync@4.2.0|ansi-regex@4.1.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "20b96fe24ff77fabdf4383a83f6006be2ace92d950f7c6442f593d15a423c5adcbd5a6c181bb930c074f3a9bdb1a7702d014d542b97e38cf316462bab565edee" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/prompt-sync/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "21.1.1", + "bom-ref": "ts-jest@29.1.4|yargs-parser@21.1.1", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "externalReferences": [ + { + "url": "git+https://github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b55a6c256ec376379c0221696c80757b7ab1210b04e8da0f739fde4ddadb6c80b88742d5b16867a1ade0fa6d87725048ba31f3b31678549540f8652e736fcb07" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-jest/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@babel/helper-compilation-targets/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "author": "Sindre Sorhus", + "description": "Find a file or directory by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "3e93b001d43f6255d0daf8fc6b787c222a43b98462df071e550406616c4d20d71cab8d009f0ec196c11708c6edd59b7e38b03a16af6cb88a48583d0eb2721297" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "locate-path", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "author": "Sindre Sorhus", + "description": "Get the first path that exists on disk of multiple paths", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/locate-path.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b7b870f6923e5afbb03495f0939cd51e9ca122ace0daa4e592524e7f4995c4649b7b7169d9589e65c76e3588da2c3a32ea9f6e1a94041961bced6a4c2a536af2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path" + } + ] + }, + { + "type": "library", + "name": "p-locate", + "version": "4.1.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "author": "Sindre Sorhus", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-locate.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "47bf5967fd30031286bb7a18325cfc8f2fe46e1b0dad2ed2299ecfc441c1809e7e1769ad156d9f2b670eb4187570762442c6f3155ec8f84a1129ee98b74a0aec" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate" + } + ] + }, + { + "type": "library", + "name": "p-limit", + "version": "2.3.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "author": "Sindre Sorhus", + "description": "Run multiple promise-returning & async functions with limited concurrency", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/p-limit.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit" + } + ] + }, + { + "type": "library", + "name": "js-yaml", + "version": "3.14.1", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "author": "Vladimir Zapparov", + "description": "YAML 1.2 parser and serializer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.1", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/js-yaml.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a24307ece5d727b62b37d3a4dff497ae7bb8897f723a4fb6e67a97e22992da7a6ebd36039a8fd0119a2ac199186880e4de356f04e4ce20480485a2ceca7052f6" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml" + } + ] + }, + { + "type": "library", + "name": "argparse", + "version": "1.0.10", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "git+https://github.com/nodeca/argparse.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse" + } + ] + }, + { + "type": "library", + "name": "sprintf-js", + "version": "1.0.3", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3", + "author": "Alexandru Marasteanu", + "description": "JavaScript sprintf implementation", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "git+https://github.com/alexei/sprintf.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "0fd70f824bcb955deddc8ccbd03d182ef180f40864e0f72f57051b3747521abd5a3f436bb780049d351bb86beab840b4980eb81aab757f38ab951b3989b5f1f2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/sprintf-js" + } + ] + }, + { + "type": "library", + "name": "resolve-from", + "version": "5.0.0", + "bom-ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0", + "author": "Sindre Sorhus", + "description": "Resolve the path of a module like `require.resolve()` but from a given path", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-from@5.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/resolve-from.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/resolve-from/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a9883d28fdb8743e6a91af49e3b774695932d0df9be1f4d4f3d2cdf620e78c1e706a4b220b8f6bbcc0743eb509406a13987e745cf8aa3af0230df6a28c6c5867" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from" + } + ] + }, + { + "type": "library", + "name": "minimatch", + "version": "3.1.2", + "bom-ref": "test-exclude@6.0.0|minimatch@3.1.2", + "author": "Isaac Z. Schlueter", + "description": "a glob matcher in javascript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.1.2", + "externalReferences": [ + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "27ba7ade1462023c35343130c355bb8b7efe07222b3963b95d0400cd9dd539c2f43cdc9bc297e657f374e73140cf043d512c84717eaddd43be2b96aa0503881f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/minimatch" + } + ] + }, + { + "type": "library", + "name": "brace-expansion", + "version": "1.1.11", + "bom-ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "author": "Julian Gruber", + "description": "Brace expansion as known from sh/bash", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/test-exclude/node_modules/brace-expansion" + } + ] + }, + { + "type": "library", + "name": "ts-node", + "version": "7.0.1", + "bom-ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "author": "Blake Embrey", + "description": "TypeScript execution environment and REPL for node.js, with source map support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ts-node@7.0.1", + "externalReferences": [ + { + "url": "git://github.com/TypeStrong/ts-node.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/TypeStrong/ts-node/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ts-node/-/ts-node-7.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "055c156cf251b29ccd876c9fb25c93d4f49b979b88934dc46656f8f7744a1cde2a7a3fc3d3a9f570486394e246ebda05b04ece4fc5e3a5351c61fea92932cc87" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/ts-node" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "arrify", + "version": "1.0.1", + "bom-ref": "ts-mocha@10.0.0|arrify@1.0.1", + "author": "Sindre Sorhus", + "description": "Convert a value to an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arrify@1.0.1", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/arrify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/arrify#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/arrify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc26337b1f4cf451908c218c1b28baff7d5cf0625b81bd2a1b2af1e475b13ddd1a0b0878701d988cc6f65dff54ba8a20accae53bd713aa7079ac8e461d94dc50" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/arrify" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "diff", + "version": "3.5.0", + "bom-ref": "ts-mocha@10.0.0|diff@3.5.0", + "description": "A javascript text diff implementation.", + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/diff@3.5.0", + "externalReferences": [ + { + "url": "git://github.com/kpdecker/jsdiff.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kpdecker/jsdiff#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "http://github.com/kpdecker/jsdiff/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "038eaab4581dfa0ee90d98a7a67c22449b716c2d61a607f4bb33f7886f3db1c1e4d00502ec0d531b17f93a288e52ffc931947c18eb7c84bf74d215746cecb9c4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/diff" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "mkdirp", + "version": "0.5.6", + "bom-ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "author": "James Halliday", + "description": "Recursively mkdir, like `mkdir -p`", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "externalReferences": [ + { + "url": "git+https://github.com/substack/node-mkdirp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "14ffa9f1107c396a45dd86410ab3f982d0039ad5c0a41e4030b9febddc80f8fcb10a3ac2b34d268f2528cecb0edf77300de4f7c0d19d2f127933ffd8aad1c027" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/mkdirp" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "yn", + "version": "2.0.0", + "bom-ref": "ts-mocha@10.0.0|yn@2.0.0", + "author": "Sindre Sorhus", + "description": "Parse yes/no like values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yn@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/yn.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/yn#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/yn/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/yn/-/yn-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "b93bfc27fc225938144e0fbdbcb4e2fff95e525e6f0d04baba28bf7a67936f6b2c63bbe5e9059fd9f15b2081a39e18ef6dd2a553479ded03e063586d4c2f3a8d" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/ts-mocha/node_modules/yn" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "json5", + "version": "1.0.2", + "bom-ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "author": "Aseem Kishore", + "description": "JSON for humans.", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@1.0.2", + "externalReferences": [ + { + "url": "git+https://github.com/json5/json5.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://json5.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "83531630b062cfc14a8b57b8c3453254bdf0fa225c7960050406819e718a3a935ae5ff132e4b646eb7b5facea8202c9d5809be1d15064e623efffc6fda1bd760" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/json5" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "3.0.0", + "bom-ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string", + "scope": "optional", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@3.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "bdabc03115ce80154d17a9f210498bdc304ad7d891a437282305beb3043e09b1a2bbb963bbab7e264940d4c1f07a85ad69d82de0849552c5cbc83ab7e1d75cc0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/tsconfig-paths/node_modules/strip-bom" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "trace-mapping", + "group": "@jridgewell", + "version": "0.3.9", + "bom-ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "author": "Justin Ridgewell", + "description": "Trace the original position through a source map", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.9", + "externalReferences": [ + { + "url": "git+https://github.com/jridgewell/trace-mapping.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jridgewell/trace-mapping/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "dc17a5b7ab5d73c6cf800b5b72676d349962ad5a139846f97b6802f783e7930116f6323a0801d47a81bce6d8d63f95aabaa7dabe832d330886e0ff76e9928ab9" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping" + } + ] + }, + { + "type": "library", + "name": "color", + "version": "3.2.1", + "bom-ref": "colorspace@1.1.4|color@3.2.1", + "description": "Color conversion and manipulation with CSS string support", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.2.1", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color/-/color-3.2.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "68197b75923d10d37a7d4182ee65a93133cd1e659448d6a7f6db9637a6a187964b364f5b68b24e9d2325ad090772b7c5833dbf462823515023771dfa55c7a628" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color" + } + ] + }, + { + "type": "library", + "name": "color-convert", + "version": "1.9.3", + "bom-ref": "colorspace@1.1.4|color-convert@1.9.3", + "author": "Heather Arthur", + "description": "Plain color conversion functions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "git+https://github.com/Qix-/color-convert.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-convert" + } + ] + }, + { + "type": "library", + "name": "color-name", + "version": "1.1.3", + "bom-ref": "colorspace@1.1.4|color-name@1.1.3", + "author": "DY", + "description": "A list of color names and its values", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/dfcreative/color-name.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/dfcreative/color-name", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "ef67d27a784cc361d931354778203d2829a91086f35a242c8cdf811dc05b4bdbebd66b6dfaf2633dd92c20135498a016f131540cf24ae52514dd0844f4d1170f" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/colorspace/node_modules/color-name" + } + ] + }, + { + "type": "library", + "name": "sax", + "version": "1.3.0", + "bom-ref": "xlsx-populate@1.21.0|sax@1.3.0", + "author": "Isaac Z. Schlueter", + "description": "An evented streaming XML parser in JavaScript", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.3.0", + "externalReferences": [ + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "d2cfa8026c3dccb975575712f41b5937b240774716e5ed101f85b72d610ae9ae0b68b100d8e4e919858363ee976ac04bb73eb0926deed71470f79991b89e7d58" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/xlsx-populate/node_modules/sax" + } + ] + }, + { + "type": "library", + "name": "readable-stream", + "version": "2.3.8", + "bom-ref": "jszip@3.10.1|readable-stream@2.3.8", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "externalReferences": [ + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "f29d00524e173838087b04a2d25f04a63b3e1159d688aecda03204194d07844efe67263c0f520c63ba1dbb9951ac55c683bd4bd79286f10acf9ae9b8e514ed74" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/readable-stream" + } + ] + }, + { + "type": "library", + "name": "safe-buffer", + "version": "5.1.2", + "bom-ref": "jszip@3.10.1|safe-buffer@5.1.2", + "author": "Feross Aboukhadijeh", + "description": "Safer Node.js Buffer API", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/feross/safe-buffer", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/safe-buffer" + } + ] + }, + { + "type": "library", + "name": "string_decoder", + "version": "1.1.1", + "bom-ref": "jszip@3.10.1|string_decoder@1.1.1", + "description": "The string_decoder module from Node core", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/jszip/node_modules/string_decoder" + } + ] + }, + { + "type": "library", + "name": "entities", + "version": "2.2.0", + "bom-ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0", + "author": "Felix Boehm", + "description": "Encode & decode XML and HTML entities with ease", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/entities@2.2.0", + "externalReferences": [ + { + "url": "git://github.com/fb55/entities.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/fb55/entities#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/fb55/entities/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a7dda27f9373eb5f48d30f9a909acb647d0c5f43dbe435f7f573b0413b5749d41039a607d374b5b88429e2684e66d017af1ab85623baed84e22c1a36eb7f28f4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/dom-serializer/node_modules/entities" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "6.3.1", + "bom-ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1", + "author": "GitHub Inc.", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.1", + "externalReferences": [ + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "051ed5bc30951cefaadb10445ac9314ba0c9135a919dbec3c7352ba206fbd425a849f89c07162c88019df8a9749a6abf329ac6f7202b464cab4314cee978cccc" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@mitre/inspec-objects/node_modules/istanbul-lib-instrument/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "path-key", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0", + "author": "Sindre Sorhus", + "description": "Get the PATH environment variable key cross-platform", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-key@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/path-key.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-key#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/path-key/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "85a444ca9abbc6433b12b7e0232034cfe063e0018a94c49d9501368ef268ea1b960f511d90a615f86fd3e27ab4604176be04d3f24a8c14aa35b879fde74af849" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-plugins/node_modules/npm-run-path/node_modules/path-key" + } + ] + }, + { + "type": "library", + "name": "isexe", + "version": "3.1.1", + "bom-ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1", + "author": "Isaac Z. Schlueter", + "description": "Minimal module to check if a file is executable.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@3.1.1?vcs_url=git%2Bhttps%3A//github.com/isaacs/isexe.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/isexe.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/which/node_modules/isexe" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "proc-log", + "version": "3.0.0", + "bom-ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "author": "GitHub Inc.", + "description": "just emit 'log' events on the process object", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proc-log@3.0.0?vcs_url=git%2Bhttps%3A//github.com/npm/proc-log.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/proc-log.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/proc-log#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/proc-log/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/node-gyp/node_modules/proc-log" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.1.2", + "bom-ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2", + "description": "Tiny millisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2?vcs_url=git%2Bhttps%3A//github.com/zeit/ms.git", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/debug/node_modules/ms" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-flush/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-pipeline/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "fs-minipass", + "version": "2.1.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "author": "Isaac Z. Schlueter", + "description": "fs read and write streams based on minipass", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@2.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/fs-minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/npm/fs-minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "5.0.0", + "bom-ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@5.0.0?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "which", + "version": "2.0.2", + "bom-ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "author": "Isaac Z. Schlueter", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@2.0.2?vcs_url=git%3A//github.com/isaacs/node-which.git", + "externalReferences": [ + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/cross-spawn/node_modules/which" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-styles", + "version": "4.3.0", + "bom-ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "author": "Sindre Sorhus", + "description": "ANSI escape codes for styling strings in the terminal", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-styles.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-styles.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-styles" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "5.1.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@5.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/string-width" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "emoji-regex", + "version": "9.2.2", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "author": "Mathias Bynens", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2?vcs_url=git%2Bhttps%3A//github.com/mathiasbynens/emoji-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://mths.be/emoji-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/emoji-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "7.1.0", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes from a string", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@7.1.0?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ansi-regex", + "version": "6.0.1", + "bom-ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@6.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/ansi-regex.git", + "externalReferences": [ + { + "url": "git+https://github.com/chalk/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/validate-npm-package-license/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "3.0.1", + "bom-ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1?vcs_url=git%2Bhttps%3A//github.com/jslicense/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/spdx-correct/node_modules/spdx-expression-parse" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-sized/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minizlib/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/minipass-json-stream/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "4.0.0", + "bom-ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@oclif/plugin-warn-if-update-available/node_modules/http-call/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ignore", + "version": "4.0.6", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "author": "kael", + "description": "Ignore is a manager and filter for .gitignore rules.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ignore@4.0.6", + "externalReferences": [ + { + "url": "git+ssh://git@github.com/kaelzhang/node-ignore.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/kaelzhang/node-ignore/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "7321432aba9cfd875c5859e2261cc8e36f80cd2fa0370994cce485711090630c92b81041cbf2a3bb158b67f147107e8ca2ad4d8b330e056c9372ff0ee0e64832" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/@eslint/eslintrc/node_modules/ignore" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/espree/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "eslint-visitor-keys", + "version": "1.3.0", + "bom-ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0", + "author": "Toru Nagashima", + "description": "Constants and utilities about visitor keys to traverse AST.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/eslint-visitor-keys@1.3.0", + "externalReferences": [ + { + "url": "git+https://github.com/eslint/eslint-visitor-keys.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/eslint/eslint-visitor-keys/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "e89ef637c50d6b8eb6c1afca14e0edfcf277214eb4483a42dd05c2d478dcd415d7a5f2f60bd479f8053b8e17b417a19112a54c87826ebbe358ef19fee9d8a951" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/eslint-config-oclif-typescript/node_modules/eslint-utils/node_modules/eslint-visitor-keys" + }, + { + "name": "cdx:npm:package:development", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "ms", + "version": "2.0.0", + "bom-ref": "send@0.18.0|debug@2.6.9|ms@2.0.0", + "description": "Tiny milisecond conversion utility", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "git+https://github.com/zeit/ms.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/zeit/ms#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "4e9a7ad0fe885090d3b8eabfe59f1c76c93326e8dfc2a7ce4e4af02308fb211212a679099d3e92c89e0f08f9c63281630bd75d85a979295218b40b7dee2c74e4" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/send/node_modules/debug/node_modules/ms" + } + ] + }, + { + "type": "library", + "name": "minipass", + "version": "3.3.6", + "bom-ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "author": "Isaac Z. Schlueter", + "description": "minimal implementation of a PassThrough stream", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@3.3.6?vcs_url=git%2Bhttps%3A//github.com/isaacs/minipass.git", + "externalReferences": [ + { + "url": "git+https://github.com/isaacs/minipass.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/npm/node_modules/tar/node_modules/fs-minipass/node_modules/minipass" + }, + { + "name": "cdx:npm:package:bundled", + "value": "true" + } + ] + } + ], + "dependencies": [ + { + "ref": "@mitre/saf@1.4.7", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@aws-sdk/client-securityhub@3.590.0", + "@e965/xlsx@0.20.1", + "@mitre/emass_client@3.10.0", + "@mitre/hdf-converters@2.10.8", + "@mitre/heimdall-lite@2.10.9", + "@mitre/inspec-objects@1.0.1", + "@oclif/core@3.26.9", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-plugins@5.2.2", + "@oclif/plugin-version@2.2.2", + "@oclif/plugin-warn-if-update-available@3.1.4", + "@oclif/test@3.2.15", + "@smithy/node-http-handler@3.0.0", + "@types/chai@4.3.14", + "@types/express@4.17.21", + "@types/flat@5.0.5", + "@types/fs-extra@11.0.4", + "@types/get-installed-path@4.0.3", + "@types/jest@29.5.12", + "@types/js-yaml@4.0.9", + "@types/lodash@4.17.4", + "@types/mocha@10.0.6", + "@types/mock-fs@4.13.4", + "@types/mustache@4.2.5", + "@types/node@20.14.1", + "@types/objects-to-csv@1.3.3", + "@types/prompt-sync@4.2.3", + "@types/tmp@0.2.6", + "@types/uuid@9.0.8", + "@types/xml2js@0.4.14", + "@typescript-eslint/eslint-plugin@7.12.0", + "accurate-search@1.2.15", + "ajv@8.16.0", + "axios@1.7.2", + "chai@4.4.1", + "colors@1.4.0", + "csv-parse@4.16.3", + "dotenv@16.4.5", + "eslint-config-oclif-typescript@1.0.3", + "eslint-config-oclif@4.0.0", + "eslint-plugin-unicorn@52.0.0", + "eslint@8.57.0", + "express@4.19.2", + "fast-xml-parser@4.4.0", + "flat@5.0.2", + "form-data@4.0.0", + "fs-extra@11.2.0", + "get-installed-path@4.0.8", + "htmlparser2@9.1.0", + "https@1.0.0", + "inquirer-file-tree-selection-prompt@2.0.2", + "inquirer@8.0.0", + "inspecjs@2.10.8", + "jest-mock@29.7.0", + "jest@29.7.0", + "js-yaml@4.1.0", + "json-colorizer@2.2.2", + "lodash@4.17.21", + "markdown-diff@2.0.0", + "markdown-table-ts@1.0.3", + "marked@12.0.2", + "mocha@10.4.0", + "mock-fs@5.2.0", + "moment@2.30.1", + "mustache@4.2.0", + "objects-to-csv@1.3.6", + "oclif@4.13.0", + "open@10.1.0", + "prompt-sync@4.2.0", + "run-script-os@1.1.6", + "table@6.8.2", + "tmp@0.2.3", + "ts-jest@29.1.4", + "ts-mocha@10.0.0", + "ts-node@10.9.2", + "tsimportlib@0.0.5", + "tslib@2.6.3", + "typescript@5.1.6", + "uuid@9.0.1", + "winston@3.13.0", + "xlsx-populate@1.21.0", + "xml2js@0.6.2", + "yaml@2.4.3", + "zip-lib@1.0.4" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-config-service@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/ie11-detection@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha256-js@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0", + "dependsOn": [ + "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/supports-web-crypto@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/util@3.0.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/util@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/util@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/types@3.577.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-utf8-browser@3.259.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-locate-window@3.535.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "tslib@2.6.3" + }, + { + "ref": "@aws-sdk/middleware-host-header@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-logger@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-recursion-detection@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-browser@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/config-resolver@3.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/core@2.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/fetch-http-handler@3.0.1", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/invalid-dependency@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-content-length@3.0.0", + "dependsOn": [ + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-endpoint@3.0.1", + "dependsOn": [ + "@smithy/middleware-serde@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-retry@3.0.3", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/service-error-classification@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "tslib@2.6.3", + "uuid@9.0.1" + ] + }, + { + "ref": "@smithy/middleware-serde@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/middleware-stack@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-config-provider@3.1.0", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/node-http-handler@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/querystring-builder@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/protocol-http@4.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/smithy-client@3.1.1", + "dependsOn": [ + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-stack@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/types@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/url-parser@3.0.0", + "dependsOn": [ + "@smithy/querystring-parser@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-base64@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-browser@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-body-length-node@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-browser@3.0.3", + "dependsOn": [ + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-defaults-mode-node@3.0.3", + "dependsOn": [ + "@smithy/config-resolver@3.0.1", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-endpoints@2.0.1", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-middleware@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-retry@3.0.0", + "dependsOn": [ + "@smithy/service-error-classification@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-utf8@3.0.0", + "dependsOn": [ + "@smithy/util-buffer-from@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/signature-v4@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-middleware@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/is-array-buffer@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-hex-encoding@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-uri-escape@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "strnum@1.0.5" + }, + { + "ref": "@smithy/property-provider@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-stream@3.0.1", + "dependsOn": [ + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-buffer-from@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/credential-provider-imds@3.1.0", + "dependsOn": [ + "@smithy/node-config-provider@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/shared-ini-file-loader@3.1.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-config-provider@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "bowser@2.11.0" + }, + { + "ref": "@smithy/querystring-builder@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-uri-escape@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-buffer-from@3.0.0", + "dependsOn": [ + "@smithy/is-array-buffer@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/service-error-classification@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0" + ] + }, + { + "ref": "uuid@9.0.1" + }, + { + "ref": "@smithy/querystring-parser@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-node@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-ini@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-env@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-http@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-process@3.587.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-sso@3.590.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/credential-provider-web-identity@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sts@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso@3.590.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/core@3.588.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/middleware-user-agent@3.587.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/region-config-resolver@3.587.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-endpoints@3.587.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/util-user-agent-node@3.587.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/token-providers@3.587.0", + "dependsOn": [ + "@aws-sdk/client-securityhub@3.590.0|@aws-sdk/client-sso-oidc@3.590.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@e965/xlsx@0.20.1" + }, + { + "ref": "@mitre/emass_client@3.10.0", + "dependsOn": [ + "@mitre/emass_client@3.10.0|axios@0.21.4" + ] + }, + { + "ref": "@mitre/emass_client@3.10.0|axios@0.21.4", + "dependsOn": [ + "follow-redirects@1.15.6" + ] + }, + { + "ref": "follow-redirects@1.15.6" + }, + { + "ref": "@mitre/hdf-converters@2.10.8", + "dependsOn": [ + "@aws-sdk/client-config-service@3.590.0", + "@e965/xlsx@0.20.1", + "@mdi/js@7.4.47", + "@mitre/jsonix@3.0.7", + "@smithy/node-http-handler@3.0.0", + "@types/csv2json@1.4.5", + "@types/ms@0.7.34", + "@types/mustache@4.2.5", + "@types/papaparse@5.3.14", + "@types/revalidator@0.3.12", + "@types/triple-beam@1.3.5", + "@types/validator@13.12.0", + "@types/xml2js@0.4.14", + "axios@1.7.2", + "compare-versions@6.1.0", + "csv2json@2.0.2", + "fast-xml-parser@4.4.0", + "html-entities@2.5.2", + "htmlparser2@9.1.0", + "inspecjs@2.10.8", + "lodash@4.17.21", + "moment@2.30.1", + "ms@2.1.3", + "mustache@4.2.0", + "papaparse@5.4.1", + "revalidator@0.3.1", + "run-script-os@1.1.6", + "semver@7.6.2", + "tailwindcss@3.4.3", + "tw-elements@1.1.0", + "validator@13.12.0", + "winston@3.13.0", + "xml-formatter@3.6.2", + "xml-parser-xo@4.1.1", + "xml2js@0.6.2", + "yaml@2.4.3" + ] + }, + { + "ref": "@mdi/js@7.4.47" + }, + { + "ref": "@mitre/jsonix@3.0.7", + "dependsOn": [ + "@xmldom/xmldom@0.8.10", + "amdefine@0.0.4", + "xmlhttprequest@1.8.0" + ] + }, + { + "ref": "@xmldom/xmldom@0.8.10" + }, + { + "ref": "amdefine@0.0.4" + }, + { + "ref": "xmlhttprequest@1.8.0" + }, + { + "ref": "@types/csv2json@1.4.5", + "dependsOn": [ + "@types/pumpify@1.4.4" + ] + }, + { + "ref": "@types/pumpify@1.4.4", + "dependsOn": [ + "@types/duplexify@3.6.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/duplexify@3.6.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/node@20.14.1", + "dependsOn": [ + "undici-types@5.26.5" + ] + }, + { + "ref": "@types/ms@0.7.34" + }, + { + "ref": "@types/mustache@4.2.5" + }, + { + "ref": "@types/papaparse@5.3.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/revalidator@0.3.12" + }, + { + "ref": "@types/triple-beam@1.3.5" + }, + { + "ref": "@types/validator@13.12.0" + }, + { + "ref": "@types/xml2js@0.4.14", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "axios@1.7.2", + "dependsOn": [ + "follow-redirects@1.15.6", + "form-data@4.0.0", + "proxy-from-env@1.1.0" + ] + }, + { + "ref": "compare-versions@6.1.0" + }, + { + "ref": "csv2json@2.0.2", + "dependsOn": [ + "csv-parser@2.3.5", + "exec-promise@0.7.0", + "minimist@1.2.8", + "promise-toolbox@0.14.0", + "pump@3.0.0", + "pumpify@2.0.1", + "strip-bom-stream@4.0.0", + "through2@3.0.2" + ] + }, + { + "ref": "csv-parser@2.3.5", + "dependsOn": [ + "minimist@1.2.8", + "through2@3.0.2" + ] + }, + { + "ref": "minimist@1.2.8" + }, + { + "ref": "through2@3.0.2", + "dependsOn": [ + "inherits@2.0.4", + "readable-stream@3.6.2" + ] + }, + { + "ref": "exec-promise@0.7.0", + "dependsOn": [ + "log-symbols@1.0.2" + ] + }, + { + "ref": "log-symbols@1.0.2", + "dependsOn": [ + "log-symbols@1.0.2|chalk@1.1.3" + ] + }, + { + "ref": "log-symbols@1.0.2|chalk@1.1.3", + "dependsOn": [ + "log-symbols@1.0.2|ansi-styles@2.2.1", + "log-symbols@1.0.2|escape-string-regexp@1.0.5", + "has-ansi@2.0.0", + "log-symbols@1.0.2|strip-ansi@3.0.1", + "log-symbols@1.0.2|supports-color@2.0.0" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-styles@2.2.1" + }, + { + "ref": "log-symbols@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "log-symbols@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "log-symbols@1.0.2|ansi-regex@2.1.1" + ] + }, + { + "ref": "log-symbols@1.0.2|ansi-regex@2.1.1" + }, + { + "ref": "log-symbols@1.0.2|supports-color@2.0.0" + }, + { + "ref": "has-ansi@2.0.0", + "dependsOn": [ + "has-ansi@2.0.0|ansi-regex@2.1.1" + ] + }, + { + "ref": "has-ansi@2.0.0|ansi-regex@2.1.1" + }, + { + "ref": "promise-toolbox@0.14.0", + "dependsOn": [ + "make-error@1.3.6" + ] + }, + { + "ref": "make-error@1.3.6" + }, + { + "ref": "pump@3.0.0", + "dependsOn": [ + "end-of-stream@1.4.4", + "once@1.4.0" + ] + }, + { + "ref": "end-of-stream@1.4.4", + "dependsOn": [ + "once@1.4.0" + ] + }, + { + "ref": "once@1.4.0", + "dependsOn": [ + "wrappy@1.0.2" + ] + }, + { + "ref": "pumpify@2.0.1", + "dependsOn": [ + "duplexify@4.1.3", + "inherits@2.0.4", + "pump@3.0.0" + ] + }, + { + "ref": "duplexify@4.1.3", + "dependsOn": [ + "end-of-stream@1.4.4", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ] + }, + { + "ref": "inherits@2.0.4" + }, + { + "ref": "readable-stream@3.6.2", + "dependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "stream-shift@1.0.3" + }, + { + "ref": "strip-bom-stream@4.0.0", + "dependsOn": [ + "first-chunk-stream@3.0.0", + "strip-bom-buf@2.0.0" + ] + }, + { + "ref": "first-chunk-stream@3.0.0" + }, + { + "ref": "strip-bom-buf@2.0.0", + "dependsOn": [ + "is-utf8@0.2.1" + ] + }, + { + "ref": "is-utf8@0.2.1" + }, + { + "ref": "fast-xml-parser@4.4.0", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "html-entities@2.5.2" + }, + { + "ref": "htmlparser2@9.1.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.1.0", + "entities@4.5.0" + ] + }, + { + "ref": "inspecjs@2.10.8" + }, + { + "ref": "lodash@4.17.21" + }, + { + "ref": "moment@2.30.1" + }, + { + "ref": "ms@2.1.3" + }, + { + "ref": "mustache@4.2.0" + }, + { + "ref": "papaparse@5.4.1" + }, + { + "ref": "revalidator@0.3.1" + }, + { + "ref": "run-script-os@1.1.6" + }, + { + "ref": "semver@7.6.2" + }, + { + "ref": "tailwindcss@3.4.3", + "dependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.5.3", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "postcss-import@15.1.0", + "postcss-js@4.0.1", + "postcss-load-config@4.0.2", + "postcss-nested@6.0.1", + "postcss-selector-parser@6.0.16", + "postcss@8.4.38", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "@alloc/quick-lru@5.2.0" + }, + { + "ref": "arg@5.0.2" + }, + { + "ref": "chokidar@3.5.3", + "dependsOn": [ + "anymatch@3.1.3", + "braces@3.0.2", + "fsevents@2.3.3", + "chokidar@3.5.3|glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ] + }, + { + "ref": "chokidar@3.5.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "didyoumean@1.2.2" + }, + { + "ref": "dlv@1.1.3" + }, + { + "ref": "fast-glob@3.3.2", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "fast-glob@3.3.2|glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.5" + ] + }, + { + "ref": "fast-glob@3.3.2|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "@nodelib/fs.stat@2.0.5" + }, + { + "ref": "@nodelib/fs.walk@1.2.8", + "dependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.17.1" + ] + }, + { + "ref": "is-glob@4.0.3", + "dependsOn": [ + "is-extglob@2.1.1" + ] + }, + { + "ref": "merge2@1.4.1" + }, + { + "ref": "micromatch@4.0.5", + "dependsOn": [ + "braces@3.0.2", + "picomatch@2.3.1" + ] + }, + { + "ref": "glob-parent@6.0.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "jiti@1.21.0" + }, + { + "ref": "lilconfig@2.1.0" + }, + { + "ref": "braces@3.0.2", + "dependsOn": [ + "fill-range@7.0.1" + ] + }, + { + "ref": "picomatch@2.3.1" + }, + { + "ref": "normalize-path@3.0.0" + }, + { + "ref": "object-hash@3.0.0" + }, + { + "ref": "picocolors@1.0.0" + }, + { + "ref": "postcss-import@15.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "postcss-value-parser@4.2.0" + }, + { + "ref": "postcss@8.4.38", + "dependsOn": [ + "nanoid@3.3.7", + "picocolors@1.0.0", + "source-map-js@1.2.0" + ] + }, + { + "ref": "read-cache@1.0.0", + "dependsOn": [ + "pify@2.3.0" + ] + }, + { + "ref": "pify@2.3.0" + }, + { + "ref": "resolve@1.22.8", + "dependsOn": [ + "is-core-module@2.13.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ] + }, + { + "ref": "postcss-js@4.0.1", + "dependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.4.38" + ] + }, + { + "ref": "camelcase-css@2.0.1" + }, + { + "ref": "postcss-load-config@4.0.2", + "dependsOn": [ + "postcss-load-config@4.0.2|lilconfig@3.1.1", + "postcss@8.4.38", + "ts-node@10.9.2", + "yaml@2.4.3" + ] + }, + { + "ref": "postcss-load-config@4.0.2|lilconfig@3.1.1" + }, + { + "ref": "ts-node@10.9.2", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1", + "@tsconfig/node10@1.0.11", + "@tsconfig/node12@1.0.11", + "@tsconfig/node14@1.0.3", + "@tsconfig/node16@1.0.4", + "@types/node@20.14.1", + "acorn-walk@8.3.2", + "acorn@8.11.3", + "ts-node@10.9.2|arg@4.1.3", + "create-require@1.1.1", + "diff@4.0.2", + "make-error@1.3.6", + "typescript@5.1.6", + "v8-compile-cache-lib@3.0.1", + "yn@3.1.1" + ] + }, + { + "ref": "ts-node@10.9.2|arg@4.1.3" + }, + { + "ref": "yaml@2.4.3" + }, + { + "ref": "postcss-nested@6.0.1", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "postcss-selector-parser@6.0.16", + "dependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "cssesc@3.0.0" + }, + { + "ref": "util-deprecate@1.0.2" + }, + { + "ref": "nanoid@3.3.7" + }, + { + "ref": "source-map-js@1.2.0" + }, + { + "ref": "is-core-module@2.13.1", + "dependsOn": [ + "hasown@2.0.2" + ] + }, + { + "ref": "path-parse@1.0.7" + }, + { + "ref": "supports-preserve-symlinks-flag@1.0.0" + }, + { + "ref": "sucrase@3.35.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "sucrase@3.35.0|commander@4.1.1", + "sucrase@3.35.0|glob@10.3.12", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.6", + "ts-interface-checker@0.1.13" + ] + }, + { + "ref": "sucrase@3.35.0|commander@4.1.1" + }, + { + "ref": "sucrase@3.35.0|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "sucrase@3.35.0|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "sucrase@3.35.0|minipass@7.0.4" + }, + { + "ref": "@jridgewell/gen-mapping@0.3.5", + "dependsOn": [ + "@jridgewell/set-array@1.2.1", + "@jridgewell/sourcemap-codec@1.4.15", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "@jridgewell/set-array@1.2.1" + }, + { + "ref": "@jridgewell/sourcemap-codec@1.4.15" + }, + { + "ref": "@jridgewell/trace-mapping@0.3.25", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "foreground-child@3.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "foreground-child@3.1.1|signal-exit@4.1.0" + ] + }, + { + "ref": "foreground-child@3.1.1|signal-exit@4.1.0" + }, + { + "ref": "cross-spawn@7.0.3", + "dependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ] + }, + { + "ref": "jackspeak@2.3.6", + "dependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2", + "dependsOn": [ + "string-width@4.2.3", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.5h3h9846p8.g5nk6qdc128", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "wrap-ansi@7.0.0", + "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "eastasianwidth@0.2.0", + "@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "@isaacs/cliui@8.0.2|wrap-ansi@8.1.0", + "dependsOn": [ + "@isaacs/cliui@8.0.2|ansi-styles@6.2.1", + "@isaacs/cliui@8.0.2|string-width@5.1.2", + "@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "@isaacs/cliui@8.0.2|ansi-styles@6.2.1" + }, + { + "ref": "string-width@4.2.3", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "emoji-regex@8.0.0" + }, + { + "ref": "is-fullwidth-code-point@3.0.0" + }, + { + "ref": "strip-ansi@6.0.1", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.5h3h9846p8.g5nk6qdc128", + "dependsOn": [ + "ansi-regex@5.0.1" + ] + }, + { + "ref": "ansi-regex@5.0.1" + }, + { + "ref": "wrap-ansi@7.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-styles@4.3.0", + "dependsOn": [ + "color-convert@2.0.1" + ] + }, + { + "ref": "BomRef.5hrhe0lu5jo.6brcifutiug", + "dependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@pkgjs/parseargs@0.11.0" + }, + { + "ref": "minimatch@9.0.4", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "path-scurry@1.10.2", + "dependsOn": [ + "path-scurry@1.10.2|lru-cache@10.2.0", + "path-scurry@1.10.2|minipass@7.0.4" + ] + }, + { + "ref": "path-scurry@1.10.2|lru-cache@10.2.0" + }, + { + "ref": "path-scurry@1.10.2|minipass@7.0.4" + }, + { + "ref": "lines-and-columns@1.2.4" + }, + { + "ref": "mz@2.7.0", + "dependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ] + }, + { + "ref": "any-promise@1.3.0" + }, + { + "ref": "object-assign@4.1.1" + }, + { + "ref": "thenify-all@1.6.0", + "dependsOn": [ + "thenify@3.3.1" + ] + }, + { + "ref": "thenify@3.3.1", + "dependsOn": [ + "any-promise@1.3.0" + ] + }, + { + "ref": "pirates@4.0.6" + }, + { + "ref": "ts-interface-checker@0.1.13" + }, + { + "ref": "tw-elements@1.1.0", + "dependsOn": [ + "@popperjs/core@2.11.8", + "chart.js@3.9.1", + "chartjs-plugin-datalabels@2.2.0", + "deepmerge@4.3.1", + "detect-autofill@1.1.4", + "perfect-scrollbar@1.5.5", + "tw-elements@1.1.0|tailwindcss@3.3.0" + ] + }, + { + "ref": "tw-elements@1.1.0|tailwindcss@3.3.0", + "dependsOn": [ + "arg@5.0.2", + "chokidar@3.5.3", + "color-name@1.1.4", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.2", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.0", + "lilconfig@2.1.0", + "micromatch@4.0.5", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.0.0", + "tw-elements@1.1.0|postcss-import@14.1.0", + "postcss-js@4.0.1", + "tw-elements@1.1.0|postcss-load-config@3.1.4", + "tw-elements@1.1.0|postcss-nested@6.0.0", + "postcss-selector-parser@6.0.16", + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "quick-lru@5.1.1", + "resolve@1.22.8", + "sucrase@3.35.0" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-import@14.1.0", + "dependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.4.38", + "read-cache@1.0.0", + "resolve@1.22.8" + ] + }, + { + "ref": "tw-elements@1.1.0|postcss-load-config@3.1.4", + "dependsOn": [ + "lilconfig@2.1.0", + "postcss@8.4.38", + "ts-node@10.9.2", + "tw-elements@1.1.0|yaml@1.10.2" + ] + }, + { + "ref": "tw-elements@1.1.0|yaml@1.10.2" + }, + { + "ref": "tw-elements@1.1.0|postcss-nested@6.0.0", + "dependsOn": [ + "postcss-selector-parser@6.0.16", + "postcss@8.4.38" + ] + }, + { + "ref": "@popperjs/core@2.11.8" + }, + { + "ref": "chart.js@3.9.1" + }, + { + "ref": "chartjs-plugin-datalabels@2.2.0", + "dependsOn": [ + "chart.js@3.9.1" + ] + }, + { + "ref": "deepmerge@4.3.1" + }, + { + "ref": "detect-autofill@1.1.4", + "dependsOn": [ + "custom-event-polyfill@1.0.7" + ] + }, + { + "ref": "custom-event-polyfill@1.0.7" + }, + { + "ref": "perfect-scrollbar@1.5.5" + }, + { + "ref": "color-name@1.1.4" + }, + { + "ref": "quick-lru@5.1.1" + }, + { + "ref": "validator@13.12.0" + }, + { + "ref": "winston@3.13.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@dabh/diagnostics@2.0.3", + "async@3.2.5", + "is-stream@2.0.1", + "logform@2.6.0", + "one-time@1.0.0", + "readable-stream@3.6.2", + "safe-stable-stringify@2.4.3", + "stack-trace@0.0.10", + "triple-beam@1.4.1", + "winston-transport@4.7.0" + ] + }, + { + "ref": "xml-formatter@3.6.2", + "dependsOn": [ + "xml-parser-xo@4.1.1" + ] + }, + { + "ref": "xml-parser-xo@4.1.1" + }, + { + "ref": "xml2js@0.6.2", + "dependsOn": [ + "sax@1.2.1", + "xmlbuilder@11.0.1" + ] + }, + { + "ref": "@mitre/heimdall-lite@2.10.9", + "dependsOn": [ + "express@4.19.2" + ] + }, + { + "ref": "express@4.19.2", + "dependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.2", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.6", + "cookie@0.6.0", + "express@4.19.2|debug@2.6.9", + "depd@2.0.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.2.0", + "fresh@0.5.2", + "http-errors@2.0.0", + "merge-descriptors@1.0.1", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.7", + "proxy-addr@2.0.7", + "qs@6.11.0", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.18.0", + "serve-static@1.15.0", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ] + }, + { + "ref": "express@4.19.2|debug@2.6.9", + "dependsOn": [ + "express@4.19.2|ms@2.0.0" + ] + }, + { + "ref": "express@4.19.2|ms@2.0.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1", + "dependsOn": [ + "@types/flat@5.0.5", + "@types/he@1.2.3", + "@types/json-diff@0.7.0", + "@types/jstoxml@2.0.4", + "@types/lodash@4.17.4", + "@types/mustache@4.2.5", + "@types/pretty@2.0.3", + "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "flat@5.0.2", + "he@1.2.0", + "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "inspecjs@2.10.8", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json-diff@0.9.1", + "jstoxml@3.2.10", + "lodash@4.17.21", + "mustache@4.2.0", + "pretty@2.0.0", + "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "winston@3.13.0", + "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|fast-xml-parser@3.21.1", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|htmlparser2@7.2.0", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "@mitre/inspec-objects@1.0.1|entities@3.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|domutils@2.8.0", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1", + "dependsOn": [ + "domelementtype@2.3.0", + "@mitre/inspec-objects@1.0.1|domhandler@4.3.1", + "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dom-serializer@1.4.1|entities@2.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|entities@3.0.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "rimraf@3.0.2", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/reporters@28.1.3", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "terminal-link@2.1.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|istanbul-lib-instrument@5.2.1|semver@6.3.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "dependsOn": [ + "@types/node@20.14.1", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|convert-source-map@1.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ci-info@3.9.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-changed-files@28.1.3", + "dependsOn": [ + "execa@5.1.1", + "p-limit@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "micromatch@4.0.5", + "parse-json@5.2.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/test-sequencer@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-circus@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "@mitre/inspec-objects@1.0.1|dedent@0.7.0", + "is-generator-fn@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "p-limit@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/babel__traverse@7.20.5", + "@types/prettier@2.7.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|expect@28.1.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "natural-compare@1.4.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "semver@7.6.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|dedent@0.7.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-each@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "ansi-regex@5.0.1", + "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-matcher-utils@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "execa@5.1.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/fake-timers@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "@types/node@20.14.1", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-mock@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "jest-pnp-resolver@1.2.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-runner@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/console@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/transform@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "graceful-fs@4.2.11", + "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-environment-node@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-haste-map@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-message-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-resolve@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-runtime@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-worker@28.1.3", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|camelcase@6.3.0", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "leven@3.1.0", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-resolve-dependencies@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-regex-util@28.0.2", + "@mitre/inspec-objects@1.0.1|jest-snapshot@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|resolve.exports@1.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|emittery@0.10.2" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-docblock@28.1.1", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-leak-detector@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-watcher@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|emittery@0.10.2", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "string-length@4.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/fake-timers@9.1.2", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinonjs/commons@1.8.6", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/globals@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/environment@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/expect@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/source-map@28.1.2", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/expect-utils@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-diff@28.1.3", + "dependsOn": [ + "chalk@4.1.2", + "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1", + "@mitre/inspec-objects@1.0.1|jest-get-type@28.0.2", + "@mitre/inspec-objects@1.0.1|pretty-format@28.1.3" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|diff-sequences@28.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|camelcase@6.3.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@jest/schemas@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ansi-styles@5.2.0" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|@sinclair/typebox@0.24.51" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|jest-cli@28.1.3", + "dependsOn": [ + "@mitre/inspec-objects@1.0.1|@jest/core@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/test-result@28.1.3", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "import-local@3.1.0", + "@mitre/inspec-objects@1.0.1|jest-config@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest-validate@28.1.3", + "prompts@2.4.2", + "yargs@17.7.2" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|ts-jest@28.0.8", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|@jest/types@28.1.3", + "@mitre/inspec-objects@1.0.1|babel-jest@28.1.3", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "@mitre/inspec-objects@1.0.1|jest-util@28.1.3", + "@mitre/inspec-objects@1.0.1|jest@28.1.3", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "@mitre/inspec-objects@1.0.1|typescript@4.9.5", + "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-preset-jest@28.1.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|babel-plugin-jest-hoist@28.1.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@mitre/inspec-objects@1.0.1|typescript@4.9.5" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yargs-parser@21.1.1" + }, + { + "ref": "@mitre/inspec-objects@1.0.1|yaml@1.10.2" + }, + { + "ref": "@types/flat@5.0.5" + }, + { + "ref": "@types/he@1.2.3" + }, + { + "ref": "@types/json-diff@0.7.0" + }, + { + "ref": "@types/jstoxml@2.0.4" + }, + { + "ref": "@types/lodash@4.17.4" + }, + { + "ref": "@types/pretty@2.0.3" + }, + { + "ref": "flat@5.0.2" + }, + { + "ref": "he@1.2.0" + }, + { + "ref": "domelementtype@2.3.0" + }, + { + "ref": "chalk@4.1.2", + "dependsOn": [ + "ansi-styles@4.3.0", + "chalk@4.1.2|supports-color@7.2.0" + ] + }, + { + "ref": "chalk@4.1.2|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "slash@3.0.0" + }, + { + "ref": "@bcoe/v8-coverage@0.2.3" + }, + { + "ref": "collect-v8-coverage@1.0.2" + }, + { + "ref": "exit@0.1.2" + }, + { + "ref": "glob@7.2.3", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "glob@7.2.3|minimatch@3.1.2", + "once@1.4.0", + "path-is-absolute@1.0.1" + ] + }, + { + "ref": "glob@7.2.3|minimatch@3.1.2", + "dependsOn": [ + "glob@7.2.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "glob@7.2.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "graceful-fs@4.2.11" + }, + { + "ref": "istanbul-lib-coverage@3.2.2" + }, + { + "ref": "@babel/core@7.24.4", + "dependsOn": [ + "@ampproject/remapping@2.3.0", + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-compilation-targets@7.23.6", + "@babel/helper-module-transforms@7.23.3", + "@babel/helpers@7.24.4", + "@babel/parser@7.24.4", + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0", + "convert-source-map@2.0.0", + "debug@4.3.4", + "gensync@1.0.0-beta.2", + "json5@2.2.3", + "@babel/core@7.24.4|semver@6.3.1" + ] + }, + { + "ref": "@babel/core@7.24.4|semver@6.3.1" + }, + { + "ref": "@babel/parser@7.24.4" + }, + { + "ref": "@istanbuljs/schema@0.1.3" + }, + { + "ref": "istanbul-lib-report@3.0.1", + "dependsOn": [ + "istanbul-lib-coverage@3.2.2", + "make-dir@4.0.0", + "istanbul-lib-report@3.0.1|supports-color@7.2.0" + ] + }, + { + "ref": "istanbul-lib-report@3.0.1|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "istanbul-lib-source-maps@4.0.1", + "dependsOn": [ + "debug@4.3.4", + "istanbul-lib-coverage@3.2.2", + "source-map@0.6.1" + ] + }, + { + "ref": "istanbul-reports@3.1.7", + "dependsOn": [ + "html-escaper@2.0.2", + "istanbul-lib-report@3.0.1" + ] + }, + { + "ref": "merge-stream@2.0.0" + }, + { + "ref": "supports-color@8.1.1", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "string-length@4.0.2", + "dependsOn": [ + "char-regex@1.0.2", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "terminal-link@2.1.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "supports-hyperlinks@2.3.0" + ] + }, + { + "ref": "ansi-escapes@4.3.2", + "dependsOn": [ + "type-fest@0.21.3" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0", + "dependsOn": [ + "has-flag@4.0.0", + "supports-hyperlinks@2.3.0|supports-color@7.2.0" + ] + }, + { + "ref": "supports-hyperlinks@2.3.0|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "v8-to-istanbul@9.2.0", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "@types/istanbul-lib-coverage@2.0.6", + "convert-source-map@2.0.0" + ] + }, + { + "ref": "@types/istanbul-lib-coverage@2.0.6" + }, + { + "ref": "babel-plugin-istanbul@6.1.1", + "dependsOn": [ + "@babel/helper-plugin-utils@7.24.0", + "@istanbuljs/load-nyc-config@1.1.0", + "@istanbuljs/schema@0.1.3", + "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "test-exclude@6.0.0" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|istanbul-lib-instrument@5.2.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "babel-plugin-istanbul@6.1.1|semver@6.3.1" + ] + }, + { + "ref": "babel-plugin-istanbul@6.1.1|semver@6.3.1" + }, + { + "ref": "fast-json-stable-stringify@2.1.0" + }, + { + "ref": "write-file-atomic@4.0.2", + "dependsOn": [ + "imurmurhash@0.1.4", + "signal-exit@3.0.7" + ] + }, + { + "ref": "execa@5.1.1", + "dependsOn": [ + "cross-spawn@7.0.3", + "get-stream@6.0.1", + "human-signals@2.1.0", + "is-stream@2.0.1", + "merge-stream@2.0.0", + "npm-run-path@4.0.1", + "onetime@5.1.2", + "signal-exit@3.0.7", + "strip-final-newline@2.0.0" + ] + }, + { + "ref": "p-limit@3.1.0", + "dependsOn": [ + "yocto-queue@0.1.0" + ] + }, + { + "ref": "co@4.6.0" + }, + { + "ref": "is-generator-fn@2.1.0" + }, + { + "ref": "stack-utils@2.0.6", + "dependsOn": [ + "stack-utils@2.0.6|escape-string-regexp@2.0.0" + ] + }, + { + "ref": "stack-utils@2.0.6|escape-string-regexp@2.0.0" + }, + { + "ref": "parse-json@5.2.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "error-ex@1.3.2", + "json-parse-even-better-errors@2.3.1", + "lines-and-columns@1.2.4" + ] + }, + { + "ref": "strip-json-comments@3.1.1" + }, + { + "ref": "@types/graceful-fs@4.1.9", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "anymatch@3.1.3", + "dependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.1" + ] + }, + { + "ref": "fb-watchman@2.0.2", + "dependsOn": [ + "bser@2.1.1" + ] + }, + { + "ref": "fsevents@2.3.3" + }, + { + "ref": "walker@1.0.8", + "dependsOn": [ + "makeerror@1.0.12" + ] + }, + { + "ref": "@babel/code-frame@7.24.2", + "dependsOn": [ + "@babel/highlight@7.24.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "@types/stack-utils@2.0.3" + }, + { + "ref": "jest-pnp-resolver@1.2.3", + "dependsOn": [ + "jest-resolve@29.7.0" + ] + }, + { + "ref": "detect-newline@3.1.0" + }, + { + "ref": "source-map-support@0.5.13", + "dependsOn": [ + "buffer-from@1.1.2", + "source-map@0.6.1" + ] + }, + { + "ref": "type-detect@4.0.8" + }, + { + "ref": "callsites@3.1.0" + }, + { + "ref": "cjs-module-lexer@1.2.3" + }, + { + "ref": "strip-bom@4.0.0" + }, + { + "ref": "@babel/generator@7.24.4", + "dependsOn": [ + "@babel/types@7.24.0", + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25", + "@babel/generator@7.24.4|jsesc@2.5.2" + ] + }, + { + "ref": "@babel/generator@7.24.4|jsesc@2.5.2" + }, + { + "ref": "@babel/plugin-syntax-typescript@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/generator@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-function-name@7.23.0", + "@babel/helper-hoist-variables@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "debug@4.3.4", + "@babel/traverse@7.24.1|globals@11.12.0" + ] + }, + { + "ref": "@babel/traverse@7.24.1|globals@11.12.0" + }, + { + "ref": "@babel/types@7.24.0", + "dependsOn": [ + "@babel/helper-string-parser@7.24.1", + "@babel/helper-validator-identifier@7.22.20", + "to-fast-properties@2.0.0" + ] + }, + { + "ref": "@types/babel__traverse@7.20.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/prettier@2.7.3" + }, + { + "ref": "babel-preset-current-node-syntax@1.0.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/plugin-syntax-async-generators@7.8.4", + "@babel/plugin-syntax-bigint@7.8.3", + "@babel/plugin-syntax-class-properties@7.12.13", + "@babel/plugin-syntax-import-meta@7.10.4", + "@babel/plugin-syntax-json-strings@7.8.3", + "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "@babel/plugin-syntax-numeric-separator@7.10.4", + "@babel/plugin-syntax-object-rest-spread@7.8.3", + "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "@babel/plugin-syntax-optional-chaining@7.8.3", + "@babel/plugin-syntax-top-level-await@7.14.5" + ] + }, + { + "ref": "natural-compare@1.4.0" + }, + { + "ref": "leven@3.1.0" + }, + { + "ref": "react-is@18.2.0" + }, + { + "ref": "rimraf@3.0.2", + "dependsOn": [ + "glob@7.2.3" + ] + }, + { + "ref": "@types/istanbul-reports@3.0.4", + "dependsOn": [ + "@types/istanbul-lib-report@3.0.3" + ] + }, + { + "ref": "@types/yargs@17.0.32", + "dependsOn": [ + "@types/yargs-parser@21.0.3" + ] + }, + { + "ref": "import-local@3.1.0", + "dependsOn": [ + "pkg-dir@4.2.0", + "resolve-cwd@3.0.0" + ] + }, + { + "ref": "prompts@2.4.2", + "dependsOn": [ + "kleur@3.0.3", + "sisteransi@1.0.5" + ] + }, + { + "ref": "kleur@3.0.3" + }, + { + "ref": "sisteransi@1.0.5" + }, + { + "ref": "yargs@17.7.2", + "dependsOn": [ + "cliui@8.0.1", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs@17.7.2|yargs-parser@21.1.1" + ] + }, + { + "ref": "yargs@17.7.2|yargs-parser@21.1.1" + }, + { + "ref": "json-diff@0.9.1", + "dependsOn": [ + "cli-color@2.0.4", + "difflib@0.2.4", + "dreamopt@0.8.0" + ] + }, + { + "ref": "cli-color@2.0.4", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "memoizee@0.4.15", + "timers-ext@0.1.7" + ] + }, + { + "ref": "d@1.0.2", + "dependsOn": [ + "es5-ext@0.10.64", + "type@2.7.2" + ] + }, + { + "ref": "es5-ext@0.10.64", + "dependsOn": [ + "es6-iterator@2.0.3", + "es6-symbol@3.1.4", + "esniff@2.0.1", + "next-tick@1.1.0" + ] + }, + { + "ref": "type@2.7.2" + }, + { + "ref": "es6-iterator@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "es6-symbol@3.1.4", + "dependsOn": [ + "d@1.0.2", + "ext@1.7.0" + ] + }, + { + "ref": "ext@1.7.0", + "dependsOn": [ + "type@2.7.2" + ] + }, + { + "ref": "esniff@2.0.1", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "event-emitter@0.3.5", + "type@2.7.2" + ] + }, + { + "ref": "event-emitter@0.3.5", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64" + ] + }, + { + "ref": "next-tick@1.1.0" + }, + { + "ref": "memoizee@0.4.15", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-weak-map@2.0.3", + "event-emitter@0.3.5", + "is-promise@2.2.2", + "lru-queue@0.1.0", + "next-tick@1.1.0", + "timers-ext@0.1.7" + ] + }, + { + "ref": "es6-weak-map@2.0.3", + "dependsOn": [ + "d@1.0.2", + "es5-ext@0.10.64", + "es6-iterator@2.0.3", + "es6-symbol@3.1.4" + ] + }, + { + "ref": "is-promise@2.2.2" + }, + { + "ref": "lru-queue@0.1.0", + "dependsOn": [ + "es5-ext@0.10.64" + ] + }, + { + "ref": "timers-ext@0.1.7", + "dependsOn": [ + "es5-ext@0.10.64", + "next-tick@1.1.0" + ] + }, + { + "ref": "difflib@0.2.4", + "dependsOn": [ + "heap@0.2.7" + ] + }, + { + "ref": "heap@0.2.7" + }, + { + "ref": "dreamopt@0.8.0", + "dependsOn": [ + "wordwrap@1.0.0" + ] + }, + { + "ref": "wordwrap@1.0.0" + }, + { + "ref": "jstoxml@3.2.10" + }, + { + "ref": "pretty@2.0.0", + "dependsOn": [ + "condense-newlines@0.2.1", + "extend-shallow@2.0.1", + "js-beautify@1.15.1" + ] + }, + { + "ref": "condense-newlines@0.2.1", + "dependsOn": [ + "extend-shallow@2.0.1", + "is-whitespace@0.3.0", + "kind-of@3.2.2" + ] + }, + { + "ref": "extend-shallow@2.0.1", + "dependsOn": [ + "is-extendable@0.1.1" + ] + }, + { + "ref": "is-whitespace@0.3.0" + }, + { + "ref": "kind-of@3.2.2", + "dependsOn": [ + "is-buffer@1.1.6" + ] + }, + { + "ref": "is-buffer@1.1.6" + }, + { + "ref": "is-extendable@0.1.1" + }, + { + "ref": "js-beautify@1.15.1", + "dependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.4", + "js-beautify@1.15.1|glob@10.3.12", + "js-cookie@3.0.5", + "nopt@7.2.0" + ] + }, + { + "ref": "js-beautify@1.15.1|glob@10.3.12", + "dependsOn": [ + "foreground-child@3.1.1", + "jackspeak@2.3.6", + "minimatch@9.0.4", + "js-beautify@1.15.1|minipass@7.0.4", + "path-scurry@1.10.2" + ] + }, + { + "ref": "js-beautify@1.15.1|minipass@7.0.4" + }, + { + "ref": "config-chain@1.1.13", + "dependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ] + }, + { + "ref": "ini@1.3.8" + }, + { + "ref": "proto-list@1.2.4" + }, + { + "ref": "editorconfig@1.0.4", + "dependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "editorconfig@1.0.4|minimatch@9.0.1", + "semver@7.6.2" + ] + }, + { + "ref": "editorconfig@1.0.4|minimatch@9.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "@one-ini/wasm@0.1.1" + }, + { + "ref": "commander@10.0.1" + }, + { + "ref": "brace-expansion@2.0.1", + "dependsOn": [ + "balanced-match@1.0.2" + ] + }, + { + "ref": "js-cookie@3.0.5" + }, + { + "ref": "nopt@7.2.0", + "dependsOn": [ + "abbrev@2.0.0" + ] + }, + { + "ref": "abbrev@2.0.0" + }, + { + "ref": "@types/babel__core@7.20.5", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0", + "@types/babel__generator@7.6.8", + "@types/babel__template@7.4.4", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "@babel/template@7.24.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "bs-logger@0.2.6", + "dependsOn": [ + "fast-json-stable-stringify@2.1.0" + ] + }, + { + "ref": "json5@2.2.3" + }, + { + "ref": "lodash.memoize@4.1.2" + }, + { + "ref": "@oclif/core@3.26.9", + "dependsOn": [ + "@types/cli-progress@3.11.5", + "ansi-escapes@4.3.2", + "ansi-styles@4.3.0", + "cardinal@2.1.1", + "chalk@4.1.2", + "clean-stack@3.0.1", + "cli-progress@3.12.0", + "color@4.2.3", + "@oclif/core@3.26.9|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "hyperlinker@1.0.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "@oclif/core@3.26.9|js-yaml@3.14.1", + "minimatch@9.0.4", + "natural-orderby@2.0.3", + "object-treeify@1.1.33", + "password-prompt@1.1.3", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "supports-color@8.1.1", + "supports-hyperlinks@2.3.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/core@3.26.9|debug@4.3.5", + "dependsOn": [ + "@oclif/core@3.26.9|ms@2.1.2" + ] + }, + { + "ref": "@oclif/core@3.26.9|ms@2.1.2" + }, + { + "ref": "@oclif/core@3.26.9|js-yaml@3.14.1", + "dependsOn": [ + "@oclif/core@3.26.9|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@oclif/core@3.26.9|argparse@1.0.10", + "dependsOn": [ + "@oclif/core@3.26.9|sprintf-js@1.0.3" + ] + }, + { + "ref": "@oclif/core@3.26.9|sprintf-js@1.0.3" + }, + { + "ref": "@types/cli-progress@3.11.5", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "type-fest@0.21.3" + }, + { + "ref": "color-convert@2.0.1", + "dependsOn": [ + "color-name@1.1.4" + ] + }, + { + "ref": "cardinal@2.1.1", + "dependsOn": [ + "ansicolors@0.3.2", + "redeyed@2.1.1" + ] + }, + { + "ref": "ansicolors@0.3.2" + }, + { + "ref": "redeyed@2.1.1", + "dependsOn": [ + "esprima@4.0.1" + ] + }, + { + "ref": "esprima@4.0.1" + }, + { + "ref": "has-flag@4.0.0" + }, + { + "ref": "clean-stack@3.0.1", + "dependsOn": [ + "escape-string-regexp@4.0.0" + ] + }, + { + "ref": "escape-string-regexp@4.0.0" + }, + { + "ref": "cli-progress@3.12.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "color@4.2.3", + "dependsOn": [ + "color-convert@2.0.1", + "color-string@1.9.1" + ] + }, + { + "ref": "color-string@1.9.1", + "dependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2", + "dependsOn": [ + "simple-swizzle@0.2.2|is-arrayish@0.3.2" + ] + }, + { + "ref": "simple-swizzle@0.2.2|is-arrayish@0.3.2" + }, + { + "ref": "ejs@3.1.10", + "dependsOn": [ + "jake@10.8.7" + ] + }, + { + "ref": "jake@10.8.7", + "dependsOn": [ + "async@3.2.5", + "chalk@4.1.2", + "filelist@1.0.4", + "jake@10.8.7|minimatch@3.1.2" + ] + }, + { + "ref": "jake@10.8.7|minimatch@3.1.2", + "dependsOn": [ + "jake@10.8.7|brace-expansion@1.1.11" + ] + }, + { + "ref": "jake@10.8.7|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "async@3.2.5" + }, + { + "ref": "filelist@1.0.4", + "dependsOn": [ + "filelist@1.0.4|minimatch@5.1.6" + ] + }, + { + "ref": "filelist@1.0.4|minimatch@5.1.6", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "balanced-match@1.0.2" + }, + { + "ref": "concat-map@0.0.1" + }, + { + "ref": "get-package-type@0.1.0" + }, + { + "ref": "globby@11.1.0", + "dependsOn": [ + "array-union@2.1.0", + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "slash@3.0.0" + ] + }, + { + "ref": "array-union@2.1.0" + }, + { + "ref": "dir-glob@3.0.1", + "dependsOn": [ + "path-type@4.0.0" + ] + }, + { + "ref": "path-type@4.0.0" + }, + { + "ref": "ignore@5.3.1" + }, + { + "ref": "hyperlinker@1.0.0" + }, + { + "ref": "indent-string@4.0.0" + }, + { + "ref": "is-wsl@2.2.0", + "dependsOn": [ + "is-docker@2.2.1" + ] + }, + { + "ref": "is-docker@2.2.1" + }, + { + "ref": "natural-orderby@2.0.3" + }, + { + "ref": "object-treeify@1.1.33" + }, + { + "ref": "password-prompt@1.1.3", + "dependsOn": [ + "ansi-escapes@4.3.2", + "cross-spawn@7.0.3" + ] + }, + { + "ref": "slice-ansi@4.0.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "astral-regex@2.0.0", + "is-fullwidth-code-point@3.0.0" + ] + }, + { + "ref": "astral-regex@2.0.0" + }, + { + "ref": "widest-line@3.1.0", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug" + ] + }, + { + "ref": "BomRef.okvgjdrtm6.tqh1scmn9b8", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0", + "dependsOn": [ + "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|@oclif/core@4.0.0-beta.13", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "@oclif/plugin-help@6.1.0|supports-color@9.4.0", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-help@6.1.0|supports-color@9.4.0" + }, + { + "ref": "ansis@3.2.0" + }, + { + "ref": "cli-spinners@2.9.2" + }, + { + "ref": "cosmiconfig@9.0.0", + "dependsOn": [ + "env-paths@2.2.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "parse-json@5.2.0", + "typescript@5.1.6" + ] + }, + { + "ref": "env-paths@2.2.1" + }, + { + "ref": "import-fresh@3.3.0", + "dependsOn": [ + "parent-module@1.0.1", + "resolve-from@4.0.0" + ] + }, + { + "ref": "js-yaml@4.1.0", + "dependsOn": [ + "argparse@2.0.1" + ] + }, + { + "ref": "error-ex@1.3.2", + "dependsOn": [ + "is-arrayish@0.2.1" + ] + }, + { + "ref": "json-parse-even-better-errors@2.3.1" + }, + { + "ref": "typescript@5.1.6" + }, + { + "ref": "debug@4.3.4", + "dependsOn": [ + "debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "debug@4.3.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "npm@10.8.0", + "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1", + "semver@7.6.2", + "validate-npm-package-name@5.0.1", + "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-package-arg@11.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2", + "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0", + "semver@7.6.2", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|proc-log@4.2.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|npm-run-path@5.3.0|path-key@4.0.0" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|object-treeify@4.0.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|which@4.0.0", + "dependsOn": [ + "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + ] + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|isexe@3.1.1" + }, + { + "ref": "@oclif/plugin-plugins@5.2.2|yarn@1.22.22" + }, + { + "ref": "hosted-git-info@7.0.2", + "dependsOn": [ + "hosted-git-info@7.0.2|lru-cache@10.2.2" + ] + }, + { + "ref": "hosted-git-info@7.0.2|lru-cache@10.2.2" + }, + { + "ref": "validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/config@8.3.2", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|abbrev@2.0.0", + "npm@10.8.0|archy@1.0.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|chalk@5.3.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|cli-columns@4.0.0", + "npm@10.8.0|fastest-levenshtein@1.0.16", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|init-package-json@6.0.3", + "npm@10.8.0|is-cidr@5.0.5", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|libnpmaccess@8.0.6", + "npm@10.8.0|libnpmdiff@6.1.2", + "npm@10.8.0|libnpmexec@8.1.1", + "npm@10.8.0|libnpmfund@5.0.10", + "npm@10.8.0|libnpmhook@10.0.5", + "npm@10.8.0|libnpmorg@6.0.6", + "npm@10.8.0|libnpmpack@7.0.2", + "npm@10.8.0|libnpmpublish@9.0.8", + "npm@10.8.0|libnpmsearch@7.0.5", + "npm@10.8.0|libnpmteam@6.0.5", + "npm@10.8.0|libnpmversion@6.0.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|ms@2.1.3", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-audit-report@5.0.0", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-profile@10.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|npm-user-validate@2.0.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|qrcode-terminal@0.12.0", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|spdx-expression-parse@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|supports-color@9.4.0", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|text-table@0.2.0", + "npm@10.8.0|tiny-relative-date@1.3.0", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|validate-npm-package-name@5.0.1", + "npm@10.8.0|which@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/string-locale-compare@1.1.0" + }, + { + "ref": "npm@10.8.0|@npmcli/arborist@7.5.2", + "dependsOn": [ + "npm@10.8.0|@isaacs/string-locale-compare@1.1.0", + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/query@3.1.0", + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|bin-links@4.0.4", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|common-ancestor-path@1.0.1", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|json-stringify-nice@1.1.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|parse-conflict-json@3.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|proggy@2.0.0", + "npm@10.8.0|promise-all-reject-late@1.0.1", + "npm@10.8.0|promise-call-limit@3.0.1", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|treeverse@3.0.0", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/fs@3.1.1", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "dependsOn": [ + "npm@10.8.0|npm-bundled@3.0.1", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-bundled@3.0.1", + "dependsOn": [ + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-normalize-package-bin@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/name-from-folder@2.0.0", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|read-package-json-fast@3.0.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/metavuln-calculator@7.1.1", + "dependsOn": [ + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|cacache@18.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/fs@3.1.1", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass-collect@2.0.1", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|p-map@4.0.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|unique-filename@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|json-parse-even-better-errors@3.0.2" + }, + { + "ref": "npm@10.8.0|pacote@18.0.6", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|fs-minipass@3.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-packlist@8.0.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|proc-log@4.2.0" + }, + { + "ref": "npm@10.8.0|semver@7.6.2" + }, + { + "ref": "npm@10.8.0|@npmcli/name-from-folder@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/node-gyp@3.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/package-json@5.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/query@3.1.0", + "dependsOn": [ + "npm@10.8.0|postcss-selector-parser@6.0.16" + ] + }, + { + "ref": "npm@10.8.0|postcss-selector-parser@6.0.16", + "dependsOn": [ + "npm@10.8.0|cssesc@3.0.0", + "npm@10.8.0|util-deprecate@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|cssesc@3.0.0" + }, + { + "ref": "npm@10.8.0|util-deprecate@1.0.2" + }, + { + "ref": "npm@10.8.0|@npmcli/redact@2.0.0" + }, + { + "ref": "npm@10.8.0|@npmcli/run-script@8.1.0", + "dependsOn": [ + "npm@10.8.0|@npmcli/node-gyp@3.0.0", + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|node-gyp@10.1.0", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|bin-links@4.0.4", + "dependsOn": [ + "npm@10.8.0|cmd-shim@6.0.3", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|read-cmd-shim@4.0.0", + "npm@10.8.0|write-file-atomic@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|cmd-shim@6.0.3" + }, + { + "ref": "npm@10.8.0|read-cmd-shim@4.0.0" + }, + { + "ref": "npm@10.8.0|write-file-atomic@5.0.1", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|common-ancestor-path@1.0.1" + }, + { + "ref": "npm@10.8.0|hosted-git-info@7.0.2", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2" + ] + }, + { + "ref": "npm@10.8.0|json-stringify-nice@1.1.4" + }, + { + "ref": "npm@10.8.0|lru-cache@10.2.2" + }, + { + "ref": "npm@10.8.0|minimatch@9.0.4", + "dependsOn": [ + "npm@10.8.0|brace-expansion@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|nopt@7.2.1", + "dependsOn": [ + "npm@10.8.0|abbrev@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|npm-install-checks@6.3.0", + "dependsOn": [ + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-package-arg@11.0.2", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|npm-pick-manifest@9.0.1", + "dependsOn": [ + "npm@10.8.0|npm-install-checks@6.3.0", + "npm@10.8.0|npm-normalize-package-bin@3.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|npm-registry-fetch@17.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/redact@2.0.0", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-json-stream@1.0.1", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|parse-conflict-json@3.0.1", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|just-diff-apply@5.5.0", + "npm@10.8.0|just-diff@6.0.2" + ] + }, + { + "ref": "npm@10.8.0|proggy@2.0.0" + }, + { + "ref": "npm@10.8.0|promise-all-reject-late@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-call-limit@3.0.1" + }, + { + "ref": "npm@10.8.0|read-package-json-fast@3.0.2", + "dependsOn": [ + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|npm-normalize-package-bin@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ssri@10.0.6", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|treeverse@3.0.0" + }, + { + "ref": "npm@10.8.0|walk-up-path@3.0.1" + }, + { + "ref": "npm@10.8.0|@npmcli/config@8.3.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/map-workspaces@3.0.6", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|ini@4.1.2", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|ci-info@4.0.0" + }, + { + "ref": "npm@10.8.0|ini@4.1.2" + }, + { + "ref": "npm@10.8.0|glob@10.3.15", + "dependsOn": [ + "npm@10.8.0|foreground-child@3.1.1", + "npm@10.8.0|jackspeak@2.3.6", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|path-scurry@1.11.1" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/git@5.0.7", + "dependsOn": [ + "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|npm-pick-manifest@9.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-inflight@1.0.1", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/promise-spawn@7.0.2", + "dependsOn": [ + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|promise-inflight@1.0.1" + }, + { + "ref": "npm@10.8.0|promise-retry@2.0.1", + "dependsOn": [ + "npm@10.8.0|err-code@2.0.3", + "npm@10.8.0|retry@0.12.0" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0", + "dependsOn": [ + "npm@10.8.0|which@4.0.0|isexe@3.1.1" + ] + }, + { + "ref": "npm@10.8.0|which@4.0.0|isexe@3.1.1" + }, + { + "ref": "npm@10.8.0|normalize-package-data@6.0.1", + "dependsOn": [ + "npm@10.8.0|hosted-git-info@7.0.2", + "npm@10.8.0|is-core-module@2.13.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0", + "dependsOn": [ + "npm@10.8.0|env-paths@2.2.1", + "npm@10.8.0|exponential-backoff@3.1.1", + "npm@10.8.0|glob@10.3.15", + "npm@10.8.0|graceful-fs@4.2.11", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|nopt@7.2.1", + "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|tar@6.2.1", + "npm@10.8.0|which@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|node-gyp@10.1.0|proc-log@3.0.0" + }, + { + "ref": "npm@10.8.0|@sigstore/tuf@2.3.3", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|tuf-js@2.2.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + }, + { + "ref": "npm@10.8.0|tuf-js@2.2.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/models@2.0.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|make-fetch-happen@13.0.1" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/models@2.0.1", + "dependsOn": [ + "npm@10.8.0|@tufjs/canonical-json@2.0.0", + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|@tufjs/canonical-json@2.0.0" + }, + { + "ref": "npm@10.8.0|debug@4.3.4", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4|ms@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|debug@4.3.4|ms@2.1.2" + }, + { + "ref": "npm@10.8.0|make-fetch-happen@13.0.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/agent@2.2.2", + "npm@10.8.0|cacache@18.0.3", + "npm@10.8.0|http-cache-semantics@4.1.1", + "npm@10.8.0|is-lambda@1.0.1", + "npm@10.8.0|minipass-fetch@3.0.5", + "npm@10.8.0|minipass-flush@1.0.5", + "npm@10.8.0|minipass-pipeline@1.2.4", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|negotiator@0.6.3", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|abbrev@2.0.0" + }, + { + "ref": "npm@10.8.0|archy@1.0.0" + }, + { + "ref": "npm@10.8.0|fs-minipass@3.0.3", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass-collect@2.0.1", + "dependsOn": [ + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|minipass@7.1.1" + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5", + "dependsOn": [ + "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-flush@1.0.5|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|yallist@4.0.0" + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4", + "dependsOn": [ + "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-pipeline@1.2.4|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|p-map@4.0.0", + "dependsOn": [ + "npm@10.8.0|aggregate-error@3.1.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1", + "dependsOn": [ + "npm@10.8.0|chownr@2.0.0", + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "npm@10.8.0|tar@6.2.1|minipass@5.0.0", + "npm@10.8.0|minizlib@2.1.2", + "npm@10.8.0|mkdirp@1.0.4", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0", + "dependsOn": [ + "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|fs-minipass@2.1.0|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|tar@6.2.1|minipass@5.0.0" + }, + { + "ref": "npm@10.8.0|unique-filename@3.0.0", + "dependsOn": [ + "npm@10.8.0|unique-slug@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|unique-slug@4.0.0", + "dependsOn": [ + "npm@10.8.0|imurmurhash@0.1.4" + ] + }, + { + "ref": "npm@10.8.0|imurmurhash@0.1.4" + }, + { + "ref": "npm@10.8.0|chalk@5.3.0" + }, + { + "ref": "npm@10.8.0|cli-columns@4.0.0", + "dependsOn": [ + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|string-width@4.2.3", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|emoji-regex@8.0.0" + }, + { + "ref": "npm@10.8.0|is-fullwidth-code-point@3.0.0" + }, + { + "ref": "npm@10.8.0|strip-ansi@6.0.1", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|ansi-regex@5.0.1" + }, + { + "ref": "npm@10.8.0|fastest-levenshtein@1.0.16" + }, + { + "ref": "npm@10.8.0|foreground-child@3.1.1", + "dependsOn": [ + "npm@10.8.0|cross-spawn@7.0.3", + "npm@10.8.0|signal-exit@4.1.0" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3", + "dependsOn": [ + "npm@10.8.0|path-key@3.1.1", + "npm@10.8.0|shebang-command@2.0.0", + "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|cross-spawn@7.0.3|which@2.0.2", + "dependsOn": [ + "npm@10.8.0|isexe@2.0.0" + ] + }, + { + "ref": "npm@10.8.0|path-key@3.1.1" + }, + { + "ref": "npm@10.8.0|shebang-command@2.0.0", + "dependsOn": [ + "npm@10.8.0|shebang-regex@3.0.0" + ] + }, + { + "ref": "npm@10.8.0|shebang-regex@3.0.0" + }, + { + "ref": "npm@10.8.0|isexe@2.0.0" + }, + { + "ref": "npm@10.8.0|signal-exit@4.1.0" + }, + { + "ref": "npm@10.8.0|jackspeak@2.3.6", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2", + "npm@10.8.0|@pkgjs/parseargs@0.11.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2", + "dependsOn": [ + "BomRef.6h760ft6oi8.7sr4bitkllo", + "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "BomRef.uih8rvtlbdo.33q7f9m1mj", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "npm@10.8.0|wrap-ansi@7.0.0", + "npm@10.8.0|wrap-ansi@8.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2", + "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|@isaacs/cliui@8.0.2|ansi-regex@6.0.1" + }, + { + "ref": "BomRef.6h760ft6oi8.7sr4bitkllo", + "dependsOn": [ + "npm@10.8.0|emoji-regex@8.0.0", + "npm@10.8.0|is-fullwidth-code-point@3.0.0", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|eastasianwidth@0.2.0" + }, + { + "ref": "BomRef.uih8rvtlbdo.33q7f9m1mj", + "dependsOn": [ + "npm@10.8.0|ansi-regex@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "npm@10.8.0|string-width@4.2.3", + "npm@10.8.0|strip-ansi@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@7.0.0|ansi-styles@4.3.0", + "dependsOn": [ + "npm@10.8.0|color-convert@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|color-convert@2.0.1", + "dependsOn": [ + "npm@10.8.0|color-name@1.1.4" + ] + }, + { + "ref": "npm@10.8.0|color-name@1.1.4" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0", + "dependsOn": [ + "npm@10.8.0|ansi-styles@6.2.1", + "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|string-width@5.1.2", + "dependsOn": [ + "npm@10.8.0|eastasianwidth@0.2.0", + "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2", + "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|emoji-regex@9.2.2" + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|strip-ansi@7.1.0", + "dependsOn": [ + "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + ] + }, + { + "ref": "npm@10.8.0|wrap-ansi@8.1.0|ansi-regex@6.0.1" + }, + { + "ref": "npm@10.8.0|ansi-styles@6.2.1" + }, + { + "ref": "npm@10.8.0|@pkgjs/parseargs@0.11.0" + }, + { + "ref": "npm@10.8.0|path-scurry@1.11.1", + "dependsOn": [ + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|minipass@7.1.1" + ] + }, + { + "ref": "npm@10.8.0|graceful-fs@4.2.11" + }, + { + "ref": "npm@10.8.0|init-package-json@6.0.3", + "dependsOn": [ + "npm@10.8.0|@npmcli/package-json@5.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|promzard@1.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|validate-npm-package-license@3.0.4", + "npm@10.8.0|validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "npm@10.8.0|promzard@1.0.2", + "dependsOn": [ + "npm@10.8.0|read@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|read@3.0.1", + "dependsOn": [ + "npm@10.8.0|mute-stream@1.0.0" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0", + "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|validate-npm-package-license@3.0.4|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0", + "dependsOn": [ + "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-correct@3.2.0|spdx-expression-parse@3.0.1", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|spdx-exceptions@2.5.0" + }, + { + "ref": "npm@10.8.0|spdx-license-ids@3.0.17" + }, + { + "ref": "npm@10.8.0|validate-npm-package-name@5.0.1" + }, + { + "ref": "npm@10.8.0|is-cidr@5.0.5", + "dependsOn": [ + "npm@10.8.0|cidr-regex@4.0.5" + ] + }, + { + "ref": "npm@10.8.0|cidr-regex@4.0.5", + "dependsOn": [ + "npm@10.8.0|ip-regex@5.0.0" + ] + }, + { + "ref": "npm@10.8.0|ip-regex@5.0.0" + }, + { + "ref": "npm@10.8.0|libnpmaccess@8.0.6", + "dependsOn": [ + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmdiff@6.1.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/installed-package-contents@2.1.0", + "npm@10.8.0|binary-extensions@2.3.0", + "npm@10.8.0|diff@5.2.0", + "npm@10.8.0|minimatch@9.0.4", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|tar@6.2.1" + ] + }, + { + "ref": "npm@10.8.0|binary-extensions@2.3.0" + }, + { + "ref": "npm@10.8.0|diff@5.2.0" + }, + { + "ref": "npm@10.8.0|libnpmexec@8.1.1", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|read-package-json-fast@3.0.2", + "npm@10.8.0|read@3.0.1", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|walk-up-path@3.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmfund@5.0.10", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmhook@10.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|aproba@2.0.0" + }, + { + "ref": "npm@10.8.0|libnpmorg@6.0.6", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmpack@7.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/arborist@7.5.2", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|pacote@18.0.6" + ] + }, + { + "ref": "npm@10.8.0|libnpmpublish@9.0.8", + "dependsOn": [ + "npm@10.8.0|ci-info@4.0.0", + "npm@10.8.0|normalize-package-data@6.0.1", + "npm@10.8.0|npm-package-arg@11.0.2", + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2", + "npm@10.8.0|sigstore@2.3.0", + "npm@10.8.0|ssri@10.0.6" + ] + }, + { + "ref": "npm@10.8.0|sigstore@2.3.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|@sigstore/sign@2.3.1", + "npm@10.8.0|@sigstore/tuf@2.3.3", + "npm@10.8.0|@sigstore/verify@1.2.0" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/bundle@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/core@1.1.0" + }, + { + "ref": "npm@10.8.0|@sigstore/sign@2.3.1", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2", + "npm@10.8.0|make-fetch-happen@13.0.1", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|promise-retry@2.0.1" + ] + }, + { + "ref": "npm@10.8.0|@sigstore/verify@1.2.0", + "dependsOn": [ + "npm@10.8.0|@sigstore/bundle@2.3.1", + "npm@10.8.0|@sigstore/core@1.1.0", + "npm@10.8.0|@sigstore/protobuf-specs@0.3.2" + ] + }, + { + "ref": "npm@10.8.0|libnpmsearch@7.0.5", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmteam@6.0.5", + "dependsOn": [ + "npm@10.8.0|aproba@2.0.0", + "npm@10.8.0|npm-registry-fetch@17.0.1" + ] + }, + { + "ref": "npm@10.8.0|libnpmversion@6.0.2", + "dependsOn": [ + "npm@10.8.0|@npmcli/git@5.0.7", + "npm@10.8.0|@npmcli/run-script@8.1.0", + "npm@10.8.0|json-parse-even-better-errors@3.0.2", + "npm@10.8.0|proc-log@4.2.0", + "npm@10.8.0|semver@7.6.2" + ] + }, + { + "ref": "npm@10.8.0|@npmcli/agent@2.2.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|http-proxy-agent@7.0.2", + "npm@10.8.0|https-proxy-agent@7.0.4", + "npm@10.8.0|lru-cache@10.2.2", + "npm@10.8.0|socks-proxy-agent@8.0.3" + ] + }, + { + "ref": "npm@10.8.0|agent-base@7.1.1", + "dependsOn": [ + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|http-proxy-agent@7.0.2", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|https-proxy-agent@7.0.4", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4" + ] + }, + { + "ref": "npm@10.8.0|socks-proxy-agent@8.0.3", + "dependsOn": [ + "npm@10.8.0|agent-base@7.1.1", + "npm@10.8.0|debug@4.3.4", + "npm@10.8.0|socks@2.8.3" + ] + }, + { + "ref": "npm@10.8.0|socks@2.8.3", + "dependsOn": [ + "npm@10.8.0|ip-address@9.0.5", + "npm@10.8.0|smart-buffer@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|ip-address@9.0.5", + "dependsOn": [ + "npm@10.8.0|jsbn@1.1.0", + "npm@10.8.0|sprintf-js@1.1.3" + ] + }, + { + "ref": "npm@10.8.0|jsbn@1.1.0" + }, + { + "ref": "npm@10.8.0|sprintf-js@1.1.3" + }, + { + "ref": "npm@10.8.0|smart-buffer@4.2.0" + }, + { + "ref": "npm@10.8.0|http-cache-semantics@4.1.1" + }, + { + "ref": "npm@10.8.0|is-lambda@1.0.1" + }, + { + "ref": "npm@10.8.0|minipass-fetch@3.0.5", + "dependsOn": [ + "npm@10.8.0|encoding@0.1.13", + "npm@10.8.0|minipass-sized@1.0.3", + "npm@10.8.0|minipass@7.1.1", + "npm@10.8.0|minizlib@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|encoding@0.1.13", + "dependsOn": [ + "npm@10.8.0|iconv-lite@0.6.3" + ] + }, + { + "ref": "npm@10.8.0|iconv-lite@0.6.3", + "dependsOn": [ + "npm@10.8.0|safer-buffer@2.1.2" + ] + }, + { + "ref": "npm@10.8.0|safer-buffer@2.1.2" + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3", + "dependsOn": [ + "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-sized@1.0.3|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2", + "dependsOn": [ + "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|minizlib@2.1.2|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|negotiator@0.6.3" + }, + { + "ref": "npm@10.8.0|err-code@2.0.3" + }, + { + "ref": "npm@10.8.0|retry@0.12.0" + }, + { + "ref": "npm@10.8.0|brace-expansion@2.0.1", + "dependsOn": [ + "npm@10.8.0|balanced-match@1.0.2" + ] + }, + { + "ref": "npm@10.8.0|balanced-match@1.0.2" + }, + { + "ref": "npm@10.8.0|ms@2.1.3" + }, + { + "ref": "npm@10.8.0|env-paths@2.2.1" + }, + { + "ref": "npm@10.8.0|exponential-backoff@3.1.1" + }, + { + "ref": "npm@10.8.0|is-core-module@2.13.1", + "dependsOn": [ + "npm@10.8.0|hasown@2.0.2" + ] + }, + { + "ref": "npm@10.8.0|hasown@2.0.2", + "dependsOn": [ + "npm@10.8.0|function-bind@1.1.2" + ] + }, + { + "ref": "npm@10.8.0|function-bind@1.1.2" + }, + { + "ref": "npm@10.8.0|npm-audit-report@5.0.0" + }, + { + "ref": "npm@10.8.0|npm-profile@10.0.0", + "dependsOn": [ + "npm@10.8.0|npm-registry-fetch@17.0.1", + "npm@10.8.0|proc-log@4.2.0" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1", + "dependsOn": [ + "npm@10.8.0|jsonparse@1.3.1", + "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6" + ] + }, + { + "ref": "npm@10.8.0|minipass-json-stream@1.0.1|minipass@3.3.6", + "dependsOn": [ + "npm@10.8.0|yallist@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|jsonparse@1.3.1" + }, + { + "ref": "npm@10.8.0|npm-user-validate@2.0.1" + }, + { + "ref": "npm@10.8.0|aggregate-error@3.1.0", + "dependsOn": [ + "npm@10.8.0|clean-stack@2.2.0", + "npm@10.8.0|indent-string@4.0.0" + ] + }, + { + "ref": "npm@10.8.0|clean-stack@2.2.0" + }, + { + "ref": "npm@10.8.0|indent-string@4.0.0" + }, + { + "ref": "npm@10.8.0|npm-packlist@8.0.2", + "dependsOn": [ + "npm@10.8.0|ignore-walk@6.0.5" + ] + }, + { + "ref": "npm@10.8.0|ignore-walk@6.0.5", + "dependsOn": [ + "npm@10.8.0|minimatch@9.0.4" + ] + }, + { + "ref": "npm@10.8.0|just-diff-apply@5.5.0" + }, + { + "ref": "npm@10.8.0|just-diff@6.0.2" + }, + { + "ref": "npm@10.8.0|qrcode-terminal@0.12.0" + }, + { + "ref": "npm@10.8.0|mute-stream@1.0.0" + }, + { + "ref": "npm@10.8.0|spdx-expression-parse@4.0.0", + "dependsOn": [ + "npm@10.8.0|spdx-exceptions@2.5.0", + "npm@10.8.0|spdx-license-ids@3.0.17" + ] + }, + { + "ref": "npm@10.8.0|supports-color@9.4.0" + }, + { + "ref": "npm@10.8.0|chownr@2.0.0" + }, + { + "ref": "npm@10.8.0|mkdirp@1.0.4" + }, + { + "ref": "npm@10.8.0|text-table@0.2.0" + }, + { + "ref": "npm@10.8.0|tiny-relative-date@1.3.0" + }, + { + "ref": "@oclif/plugin-version@2.2.2", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "ansis@3.2.0" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-version@2.2.2|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-version@2.2.2|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-version@2.2.2|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "ansis@3.2.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "lodash@4.17.21" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "dependsOn": [ + "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|ms@2.1.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0", + "dependsOn": [ + "content-type@1.0.5", + "@oclif/plugin-warn-if-update-available@3.1.4|debug@4.3.5", + "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0", + "is-stream@2.0.1", + "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|http-call@5.3.0|parse-json@4.0.0", + "dependsOn": [ + "error-ex@1.3.2", + "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + ] + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|is-retry-allowed@1.1.0" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|json-parse-better-errors@1.0.2" + }, + { + "ref": "@oclif/plugin-warn-if-update-available@3.1.4|tunnel-agent@0.6.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "content-type@1.0.5" + }, + { + "ref": "is-stream@2.0.1" + }, + { + "ref": "is-arrayish@0.2.1" + }, + { + "ref": "safe-buffer@5.2.1" + }, + { + "ref": "@oclif/test@3.2.15", + "dependsOn": [ + "@oclif/core@3.26.9", + "chai@4.4.1", + "fancy-test@3.0.15" + ] + }, + { + "ref": "chai@4.4.1", + "dependsOn": [ + "assertion-error@1.1.0", + "check-error@1.0.3", + "deep-eql@4.1.3", + "get-func-name@2.0.2", + "loupe@2.3.7", + "pathval@1.1.1", + "type-detect@4.0.8" + ] + }, + { + "ref": "fancy-test@3.0.15", + "dependsOn": [ + "@types/chai@4.3.14", + "@types/lodash@4.17.4", + "@types/node@20.14.1", + "@types/sinon@17.0.3", + "lodash@4.17.21", + "mock-stdin@1.0.0", + "nock@13.5.4", + "sinon@16.1.3", + "stdout-stderr@0.1.13" + ] + }, + { + "ref": "@types/chai@4.3.14" + }, + { + "ref": "@types/sinon@17.0.3", + "dependsOn": [ + "@types/sinonjs__fake-timers@8.1.5" + ] + }, + { + "ref": "@types/sinonjs__fake-timers@8.1.5" + }, + { + "ref": "mock-stdin@1.0.0" + }, + { + "ref": "nock@13.5.4", + "dependsOn": [ + "debug@4.3.4", + "json-stringify-safe@5.0.1", + "propagate@2.0.1" + ] + }, + { + "ref": "json-stringify-safe@5.0.1" + }, + { + "ref": "propagate@2.0.1" + }, + { + "ref": "sinon@16.1.3", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "@sinonjs/fake-timers@10.3.0", + "@sinonjs/samsam@8.0.0", + "sinon@16.1.3|diff@5.2.0", + "nise@5.1.9", + "sinon@16.1.3|supports-color@7.2.0" + ] + }, + { + "ref": "sinon@16.1.3|diff@5.2.0" + }, + { + "ref": "sinon@16.1.3|supports-color@7.2.0", + "dependsOn": [ + "has-flag@4.0.0" + ] + }, + { + "ref": "@sinonjs/commons@3.0.1", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/fake-timers@10.3.0", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0", + "dependsOn": [ + "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "lodash.get@4.4.2", + "type-detect@4.0.8" + ] + }, + { + "ref": "@sinonjs/samsam@8.0.0|@sinonjs/commons@2.0.0", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "lodash.get@4.4.2" + }, + { + "ref": "nise@5.1.9", + "dependsOn": [ + "@sinonjs/commons@3.0.1", + "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "@sinonjs/text-encoding@0.7.2", + "just-extend@6.2.0", + "nise@5.1.9|path-to-regexp@6.2.2" + ] + }, + { + "ref": "nise@5.1.9|@sinonjs/fake-timers@11.2.2", + "dependsOn": [ + "@sinonjs/commons@3.0.1" + ] + }, + { + "ref": "nise@5.1.9|path-to-regexp@6.2.2" + }, + { + "ref": "@sinonjs/text-encoding@0.7.2" + }, + { + "ref": "just-extend@6.2.0" + }, + { + "ref": "stdout-stderr@0.1.13", + "dependsOn": [ + "debug@4.3.4", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@smithy/abort-controller@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@types/express@4.17.21", + "dependsOn": [ + "@types/body-parser@1.19.5", + "@types/express-serve-static-core@4.19.0", + "@types/qs@6.9.15", + "@types/serve-static@1.15.7" + ] + }, + { + "ref": "@types/body-parser@1.19.5", + "dependsOn": [ + "@types/connect@3.4.38", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/connect@3.4.38", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/express-serve-static-core@4.19.0", + "dependsOn": [ + "@types/node@20.14.1", + "@types/qs@6.9.15", + "@types/range-parser@1.2.7", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/qs@6.9.15" + }, + { + "ref": "@types/range-parser@1.2.7" + }, + { + "ref": "@types/send@0.17.4", + "dependsOn": [ + "@types/mime@1.3.5", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/mime@1.3.5" + }, + { + "ref": "@types/serve-static@1.15.7", + "dependsOn": [ + "@types/http-errors@2.0.4", + "@types/node@20.14.1", + "@types/send@0.17.4" + ] + }, + { + "ref": "@types/http-errors@2.0.4" + }, + { + "ref": "@types/fs-extra@11.0.4", + "dependsOn": [ + "@types/jsonfile@6.1.4", + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/jsonfile@6.1.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/get-installed-path@4.0.3" + }, + { + "ref": "@types/jest@29.5.12", + "dependsOn": [ + "expect@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "expect@29.7.0", + "dependsOn": [ + "@jest/expect-utils@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/expect-utils@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3" + ] + }, + { + "ref": "jest-get-type@29.6.3" + }, + { + "ref": "jest-matcher-utils@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-diff@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "diff-sequences@29.6.3", + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "diff-sequences@29.6.3" + }, + { + "ref": "pretty-format@29.7.0", + "dependsOn": [ + "@jest/schemas@29.6.3", + "pretty-format@29.7.0|ansi-styles@5.2.0", + "react-is@18.2.0" + ] + }, + { + "ref": "pretty-format@29.7.0|ansi-styles@5.2.0" + }, + { + "ref": "jest-message-util@29.7.0", + "dependsOn": [ + "@babel/code-frame@7.24.2", + "@jest/types@29.6.3", + "@types/stack-utils@2.0.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/types@29.6.3", + "dependsOn": [ + "@jest/schemas@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "@types/istanbul-reports@3.0.4", + "@types/node@20.14.1", + "@types/yargs@17.0.32", + "chalk@4.1.2" + ] + }, + { + "ref": "jest-util@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-util@29.7.0|ci-info@3.9.0", + "graceful-fs@4.2.11", + "picomatch@2.3.1" + ] + }, + { + "ref": "jest-util@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/schemas@29.6.3", + "dependsOn": [ + "@sinclair/typebox@0.27.8" + ] + }, + { + "ref": "@sinclair/typebox@0.27.8" + }, + { + "ref": "@types/js-yaml@4.0.9" + }, + { + "ref": "@types/mocha@10.0.6" + }, + { + "ref": "@types/mock-fs@4.13.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "undici-types@5.26.5" + }, + { + "ref": "@types/objects-to-csv@1.3.3" + }, + { + "ref": "@types/prompt-sync@4.2.3" + }, + { + "ref": "@types/tmp@0.2.6" + }, + { + "ref": "@types/uuid@9.0.8" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0", + "dependsOn": [ + "@eslint-community/regexpp@4.10.0", + "@typescript-eslint/parser@7.7.1", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/type-utils@7.12.0", + "@typescript-eslint/utils@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "eslint@8.57.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "natural-compare@1.4.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/eslint-plugin@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@eslint-community/regexpp@4.10.0" + }, + { + "ref": "@typescript-eslint/parser@7.7.1", + "dependsOn": [ + "@typescript-eslint/scope-manager@7.7.1", + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/typescript-estree@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/scope-manager@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1" + ] + }, + { + "ref": "@typescript-eslint/types@7.7.1" + }, + { + "ref": "@typescript-eslint/visitor-keys@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/typescript-estree@7.7.1", + "dependsOn": [ + "@typescript-eslint/types@7.7.1", + "@typescript-eslint/visitor-keys@7.7.1", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "ts-api-utils@1.3.0", + "dependsOn": [ + "typescript@5.1.6" + ] + }, + { + "ref": "eslint-visitor-keys@3.4.3" + }, + { + "ref": "eslint@8.57.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@eslint-community/regexpp@4.10.0", + "@eslint/eslintrc@2.1.4", + "@eslint/js@8.57.0", + "@humanwhocodes/config-array@0.11.14", + "@humanwhocodes/module-importer@1.0.1", + "@nodelib/fs.walk@1.2.8", + "@ungap/structured-clone@1.2.0", + "eslint@8.57.0|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "escape-string-regexp@4.0.0", + "eslint-scope@7.2.2", + "eslint-visitor-keys@3.4.3", + "espree@9.6.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "find-up@5.0.0", + "glob-parent@6.0.2", + "globals@13.24.0", + "graphemer@1.4.0", + "ignore@5.3.1", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "is-path-inside@3.0.3", + "js-yaml@4.1.0", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint@8.57.0|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "strip-ansi@6.0.1", + "text-table@0.2.0" + ] + }, + { + "ref": "eslint@8.57.0|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint@8.57.0|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint@8.57.0|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint@8.57.0|minimatch@3.1.2", + "dependsOn": [ + "eslint@8.57.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint@8.57.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "@typescript-eslint/utils@7.12.0", + "debug@4.3.4", + "eslint@8.57.0", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/type-utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0", + "dependsOn": [ + "@eslint-community/eslint-utils@4.4.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/scope-manager@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0" + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "@typescript-eslint/utils@7.12.0|@typescript-eslint/typescript-estree@7.12.0", + "dependsOn": [ + "@typescript-eslint/utils@7.12.0|@typescript-eslint/types@7.12.0", + "@typescript-eslint/utils@7.12.0|@typescript-eslint/visitor-keys@7.12.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "minimatch@9.0.4", + "semver@7.6.2", + "ts-api-utils@1.3.0" + ] + }, + { + "ref": "@eslint-community/eslint-utils@4.4.0", + "dependsOn": [ + "eslint-visitor-keys@3.4.3", + "eslint@8.57.0" + ] + }, + { + "ref": "graphemer@1.4.0" + }, + { + "ref": "accurate-search@1.2.15" + }, + { + "ref": "ajv@8.16.0", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "json-schema-traverse@1.0.0", + "require-from-string@2.0.2", + "uri-js@4.4.1" + ] + }, + { + "ref": "fast-deep-equal@3.1.3" + }, + { + "ref": "json-schema-traverse@1.0.0" + }, + { + "ref": "require-from-string@2.0.2" + }, + { + "ref": "uri-js@4.4.1", + "dependsOn": [ + "punycode@2.3.1" + ] + }, + { + "ref": "punycode@2.3.1" + }, + { + "ref": "form-data@4.0.0", + "dependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "mime-types@2.1.35" + ] + }, + { + "ref": "proxy-from-env@1.1.0" + }, + { + "ref": "assertion-error@1.1.0" + }, + { + "ref": "check-error@1.0.3", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "get-func-name@2.0.2" + }, + { + "ref": "deep-eql@4.1.3", + "dependsOn": [ + "type-detect@4.0.8" + ] + }, + { + "ref": "loupe@2.3.7", + "dependsOn": [ + "get-func-name@2.0.2" + ] + }, + { + "ref": "pathval@1.1.1" + }, + { + "ref": "colors@1.4.0" + }, + { + "ref": "csv-parse@4.16.3" + }, + { + "ref": "dotenv@16.4.5" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/eslint-plugin@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "functional-red-black-tree@1.0.1", + "ignore@5.3.1", + "regexpp@3.2.0", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/parser@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "chalk@4.1.2", + "cross-spawn@7.0.3", + "debug@4.3.4", + "doctrine@3.0.0", + "enquirer@2.4.1", + "escape-string-regexp@4.0.0", + "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "eslint-config-oclif-typescript@1.0.3|eslint-visitor-keys@2.1.0", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "esquery@1.5.0", + "esutils@2.0.3", + "fast-deep-equal@3.1.3", + "file-entry-cache@6.0.1", + "functional-red-black-tree@1.0.1", + "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6", + "import-fresh@3.3.0", + "imurmurhash@0.1.4", + "is-glob@4.0.3", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "json-stable-stringify-without-jsonify@1.0.1", + "levn@0.4.1", + "lodash.merge@4.6.2", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "natural-compare@1.4.0", + "optionator@0.9.3", + "progress@2.0.3", + "regexpp@3.2.0", + "semver@7.6.2", + "strip-ansi@6.0.1", + "strip-json-comments@3.1.1", + "table@6.8.2", + "text-table@0.2.0", + "v8-compile-cache@2.4.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@babel/code-frame@7.12.11", + "dependsOn": [ + "@babel/highlight@7.24.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "globals@13.24.0", + "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6", + "import-fresh@3.3.0", + "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@eslint/eslintrc@0.4.3|ignore@4.0.6" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1", + "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|espree@7.3.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|js-yaml@3.14.1", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/config-array@0.5.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1", + "debug@4.3.4", + "eslint-config-oclif-typescript@1.0.3|minimatch@3.1.2" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@humanwhocodes/object-schema@1.2.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|json-schema-traverse@0.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|estraverse@4.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-utils@2.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|acorn@7.4.1" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|glob-parent@5.1.2", + "dependsOn": [ + "is-glob@4.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|argparse@1.0.10", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|sprintf-js@1.0.3" + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/types@4.33.0", + "eslint-config-oclif-typescript@1.0.3|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo-space@0.29.0", + "dependsOn": [ + "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "eslint-config-oclif-typescript@1.0.3|eslint-config-xo@0.38.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint-config-oclif-typescript@1.0.3|eslint@7.32.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0", + "dependsOn": [ + "@types/json-schema@7.0.15", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "eslint-utils@3.0.0", + "eslint@8.57.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/scope-manager@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/typescript-estree@4.33.0", + "dependsOn": [ + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/types@4.33.0", + "@typescript-eslint/experimental-utils@4.33.0|@typescript-eslint/visitor-keys@4.33.0", + "debug@4.3.4", + "globby@11.1.0", + "is-glob@4.0.3", + "semver@7.6.2", + "tsutils@3.21.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + ] + }, + { + "ref": "@typescript-eslint/experimental-utils@4.33.0|estraverse@4.3.0" + }, + { + "ref": "@types/json-schema@7.0.15" + }, + { + "ref": "tsutils@3.21.0", + "dependsOn": [ + "tsutils@3.21.0|tslib@1.14.1", + "typescript@5.1.6" + ] + }, + { + "ref": "tsutils@3.21.0|tslib@1.14.1" + }, + { + "ref": "esrecurse@4.3.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "eslint-utils@3.0.0", + "dependsOn": [ + "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-utils@3.0.0|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/highlight@7.24.2", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@babel/highlight@7.24.2|chalk@2.4.2", + "js-tokens@4.0.0", + "picocolors@1.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|chalk@2.4.2", + "dependsOn": [ + "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "@babel/highlight@7.24.2|escape-string-regexp@1.0.5", + "@babel/highlight@7.24.2|supports-color@5.5.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|ansi-styles@3.2.1", + "dependsOn": [ + "@babel/highlight@7.24.2|color-convert@1.9.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-convert@1.9.3", + "dependsOn": [ + "@babel/highlight@7.24.2|color-name@1.1.3" + ] + }, + { + "ref": "@babel/highlight@7.24.2|color-name@1.1.3" + }, + { + "ref": "@babel/highlight@7.24.2|escape-string-regexp@1.0.5" + }, + { + "ref": "@babel/highlight@7.24.2|supports-color@5.5.0", + "dependsOn": [ + "@babel/highlight@7.24.2|has-flag@3.0.0" + ] + }, + { + "ref": "@babel/highlight@7.24.2|has-flag@3.0.0" + }, + { + "ref": "globals@13.24.0", + "dependsOn": [ + "globals@13.24.0|type-fest@0.20.2" + ] + }, + { + "ref": "globals@13.24.0|type-fest@0.20.2" + }, + { + "ref": "doctrine@3.0.0", + "dependsOn": [ + "esutils@2.0.3" + ] + }, + { + "ref": "enquirer@2.4.1", + "dependsOn": [ + "ansi-colors@4.1.1", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "ansi-colors@4.1.1" + }, + { + "ref": "acorn-jsx@5.3.2", + "dependsOn": [ + "acorn@8.11.3" + ] + }, + { + "ref": "esquery@1.5.0", + "dependsOn": [ + "estraverse@5.3.0" + ] + }, + { + "ref": "esutils@2.0.3" + }, + { + "ref": "file-entry-cache@6.0.1", + "dependsOn": [ + "flat-cache@3.2.0" + ] + }, + { + "ref": "functional-red-black-tree@1.0.1" + }, + { + "ref": "imurmurhash@0.1.4" + }, + { + "ref": "json-stable-stringify-without-jsonify@1.0.1" + }, + { + "ref": "levn@0.4.1", + "dependsOn": [ + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "lodash.merge@4.6.2" + }, + { + "ref": "optionator@0.9.3", + "dependsOn": [ + "@aashutoshrathi/word-wrap@1.2.6", + "deep-is@0.1.4", + "optionator@0.9.3|fast-levenshtein@2.0.6", + "levn@0.4.1", + "prelude-ls@1.2.1", + "type-check@0.4.0" + ] + }, + { + "ref": "optionator@0.9.3|fast-levenshtein@2.0.6" + }, + { + "ref": "progress@2.0.3" + }, + { + "ref": "regexpp@3.2.0" + }, + { + "ref": "table@6.8.2", + "dependsOn": [ + "ajv@8.16.0", + "lodash.truncate@4.4.2", + "slice-ansi@4.0.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "text-table@0.2.0" + }, + { + "ref": "v8-compile-cache@2.4.0" + }, + { + "ref": "confusing-browser-globals@1.0.10" + }, + { + "ref": "eslint-plugin-mocha@9.0.0", + "dependsOn": [ + "eslint-utils@3.0.0", + "eslint@8.57.0", + "ramda@0.27.2" + ] + }, + { + "ref": "ramda@0.27.2" + }, + { + "ref": "eslint-plugin-node@11.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1", + "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "eslint@8.57.0", + "ignore@5.3.1", + "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "resolve@1.22.8", + "eslint-plugin-node@11.1.0|semver@6.3.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-plugin-node@11.1.0|minimatch@3.1.2", + "dependsOn": [ + "eslint-plugin-node@11.1.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "eslint-plugin-node@11.1.0|semver@6.3.1" + }, + { + "ref": "eslint-plugin-es@3.0.1", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "eslint@8.57.0", + "regexpp@3.2.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-utils@2.1.0", + "dependsOn": [ + "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + ] + }, + { + "ref": "eslint-plugin-es@3.0.1|eslint-visitor-keys@1.3.0" + }, + { + "ref": "eslint-config-oclif@4.0.0", + "dependsOn": [ + "eslint-config-xo-space@0.27.0", + "eslint-plugin-mocha@9.0.0", + "eslint-plugin-node@11.1.0", + "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|eslint-plugin-unicorn@36.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "eslint-config-oclif@4.0.0|ci-info@3.9.0", + "clean-regexp@1.0.0", + "eslint-template-visitor@2.3.2", + "eslint-utils@3.0.0", + "eslint@8.57.0", + "is-builtin-module@3.2.1", + "lodash@4.17.21", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "safe-regex@2.1.1", + "semver@7.6.2" + ] + }, + { + "ref": "eslint-config-oclif@4.0.0|ci-info@3.9.0" + }, + { + "ref": "eslint-config-xo-space@0.27.0", + "dependsOn": [ + "eslint-config-xo@0.35.0", + "eslint@8.57.0" + ] + }, + { + "ref": "eslint-config-xo@0.35.0", + "dependsOn": [ + "confusing-browser-globals@1.0.10", + "eslint@8.57.0" + ] + }, + { + "ref": "@babel/helper-validator-identifier@7.22.20" + }, + { + "ref": "clean-regexp@1.0.0", + "dependsOn": [ + "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "clean-regexp@1.0.0|escape-string-regexp@1.0.5" + }, + { + "ref": "eslint-template-visitor@2.3.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/eslint-parser@7.24.1", + "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "esquery@1.5.0", + "multimap@1.1.0" + ] + }, + { + "ref": "eslint-template-visitor@2.3.2|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0", + "eslint@8.57.0", + "@babel/eslint-parser@7.24.1|semver@6.3.1" + ] + }, + { + "ref": "@babel/eslint-parser@7.24.1|eslint-visitor-keys@2.1.0" + }, + { + "ref": "@babel/eslint-parser@7.24.1|semver@6.3.1" + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1", + "dependsOn": [ + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|eslint-scope@5.1.1", + "dependsOn": [ + "esrecurse@4.3.0", + "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + ] + }, + { + "ref": "@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1|estraverse@4.3.0" + }, + { + "ref": "multimap@1.1.0" + }, + { + "ref": "is-builtin-module@3.2.1", + "dependsOn": [ + "builtin-modules@3.3.0" + ] + }, + { + "ref": "pluralize@8.0.0" + }, + { + "ref": "read-pkg-up@7.0.1", + "dependsOn": [ + "read-pkg-up@7.0.1|find-up@4.1.0", + "read-pkg@5.2.0", + "read-pkg-up@7.0.1|type-fest@0.8.1" + ] + }, + { + "ref": "read-pkg-up@7.0.1|find-up@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|locate-path@5.0.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-locate@4.1.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-locate@4.1.0", + "dependsOn": [ + "read-pkg-up@7.0.1|p-limit@2.3.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "read-pkg-up@7.0.1|type-fest@0.8.1" + }, + { + "ref": "regexp-tree@0.1.27" + }, + { + "ref": "safe-regex@2.1.1", + "dependsOn": [ + "regexp-tree@0.1.27" + ] + }, + { + "ref": "eslint-plugin-unicorn@52.0.0", + "dependsOn": [ + "@babel/helper-validator-identifier@7.22.20", + "@eslint-community/eslint-utils@4.4.0", + "@eslint/eslintrc@2.1.4", + "ci-info@4.0.0", + "clean-regexp@1.0.0", + "core-js-compat@3.37.0", + "eslint@8.57.0", + "esquery@1.5.0", + "indent-string@4.0.0", + "is-builtin-module@3.2.1", + "jsesc@3.0.2", + "pluralize@8.0.0", + "read-pkg-up@7.0.1", + "regexp-tree@0.1.27", + "regjsparser@0.10.0", + "semver@7.6.2", + "strip-indent@3.0.0" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "debug@4.3.4", + "espree@9.6.1", + "globals@13.24.0", + "ignore@5.3.1", + "import-fresh@3.3.0", + "js-yaml@4.1.0", + "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "strip-json-comments@3.1.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|ajv@6.12.6", + "dependsOn": [ + "fast-deep-equal@3.1.3", + "fast-json-stable-stringify@2.1.0", + "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1", + "uri-js@4.4.1" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|json-schema-traverse@0.4.1" + }, + { + "ref": "@eslint/eslintrc@2.1.4|minimatch@3.1.2", + "dependsOn": [ + "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11" + ] + }, + { + "ref": "@eslint/eslintrc@2.1.4|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "espree@9.6.1", + "dependsOn": [ + "acorn-jsx@5.3.2", + "acorn@8.11.3", + "eslint-visitor-keys@3.4.3" + ] + }, + { + "ref": "parent-module@1.0.1", + "dependsOn": [ + "callsites@3.1.0" + ] + }, + { + "ref": "resolve-from@4.0.0" + }, + { + "ref": "ci-info@4.0.0" + }, + { + "ref": "core-js-compat@3.37.0", + "dependsOn": [ + "browserslist@4.23.0" + ] + }, + { + "ref": "browserslist@4.23.0", + "dependsOn": [ + "caniuse-lite@1.0.30001612", + "electron-to-chromium@1.4.747", + "node-releases@2.0.14", + "update-browserslist-db@1.0.13" + ] + }, + { + "ref": "caniuse-lite@1.0.30001612" + }, + { + "ref": "electron-to-chromium@1.4.747" + }, + { + "ref": "node-releases@2.0.14" + }, + { + "ref": "update-browserslist-db@1.0.13", + "dependsOn": [ + "browserslist@4.23.0", + "escalade@3.1.2", + "picocolors@1.0.0" + ] + }, + { + "ref": "escalade@3.1.2" + }, + { + "ref": "estraverse@5.3.0" + }, + { + "ref": "builtin-modules@3.3.0" + }, + { + "ref": "jsesc@3.0.2" + }, + { + "ref": "p-try@2.2.0" + }, + { + "ref": "path-exists@4.0.0" + }, + { + "ref": "read-pkg@5.2.0", + "dependsOn": [ + "@types/normalize-package-data@2.4.4", + "read-pkg@5.2.0|normalize-package-data@2.5.0", + "parse-json@5.2.0", + "read-pkg@5.2.0|type-fest@0.6.0" + ] + }, + { + "ref": "read-pkg@5.2.0|normalize-package-data@2.5.0", + "dependsOn": [ + "read-pkg@5.2.0|hosted-git-info@2.8.9", + "resolve@1.22.8", + "read-pkg@5.2.0|semver@5.7.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "read-pkg@5.2.0|hosted-git-info@2.8.9" + }, + { + "ref": "read-pkg@5.2.0|semver@5.7.2" + }, + { + "ref": "read-pkg@5.2.0|type-fest@0.6.0" + }, + { + "ref": "@types/normalize-package-data@2.4.4" + }, + { + "ref": "validate-npm-package-license@3.0.4", + "dependsOn": [ + "spdx-correct@3.2.0", + "spdx-expression-parse@3.0.1" + ] + }, + { + "ref": "regjsparser@0.10.0", + "dependsOn": [ + "regjsparser@0.10.0|jsesc@0.5.0" + ] + }, + { + "ref": "regjsparser@0.10.0|jsesc@0.5.0" + }, + { + "ref": "strip-indent@3.0.0", + "dependsOn": [ + "min-indent@1.0.1" + ] + }, + { + "ref": "min-indent@1.0.1" + }, + { + "ref": "@eslint/js@8.57.0" + }, + { + "ref": "@humanwhocodes/config-array@0.11.14", + "dependsOn": [ + "@humanwhocodes/object-schema@2.0.3", + "debug@4.3.4", + "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|minimatch@3.1.2", + "dependsOn": [ + "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11" + ] + }, + { + "ref": "@humanwhocodes/config-array@0.11.14|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@humanwhocodes/object-schema@2.0.3" + }, + { + "ref": "@humanwhocodes/module-importer@1.0.1" + }, + { + "ref": "@nodelib/fs.scandir@2.1.5", + "dependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ] + }, + { + "ref": "run-parallel@1.2.0", + "dependsOn": [ + "queue-microtask@1.2.3" + ] + }, + { + "ref": "queue-microtask@1.2.3" + }, + { + "ref": "fastq@1.17.1", + "dependsOn": [ + "reusify@1.0.4" + ] + }, + { + "ref": "reusify@1.0.4" + }, + { + "ref": "@ungap/structured-clone@1.2.0" + }, + { + "ref": "path-key@3.1.1" + }, + { + "ref": "shebang-command@2.0.0", + "dependsOn": [ + "shebang-regex@3.0.0" + ] + }, + { + "ref": "shebang-regex@3.0.0" + }, + { + "ref": "which@2.0.2", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "isexe@2.0.0" + }, + { + "ref": "eslint-scope@7.2.2", + "dependsOn": [ + "esrecurse@4.3.0", + "estraverse@5.3.0" + ] + }, + { + "ref": "acorn@8.11.3" + }, + { + "ref": "flat-cache@3.2.0", + "dependsOn": [ + "flatted@3.3.1", + "keyv@4.5.4", + "rimraf@3.0.2" + ] + }, + { + "ref": "flatted@3.3.1" + }, + { + "ref": "keyv@4.5.4", + "dependsOn": [ + "json-buffer@3.0.1" + ] + }, + { + "ref": "json-buffer@3.0.1" + }, + { + "ref": "find-up@5.0.0", + "dependsOn": [ + "locate-path@6.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "locate-path@6.0.0", + "dependsOn": [ + "p-locate@5.0.0" + ] + }, + { + "ref": "p-locate@5.0.0", + "dependsOn": [ + "p-limit@3.1.0" + ] + }, + { + "ref": "is-extglob@2.1.1" + }, + { + "ref": "is-path-inside@3.0.3" + }, + { + "ref": "prelude-ls@1.2.1" + }, + { + "ref": "type-check@0.4.0", + "dependsOn": [ + "prelude-ls@1.2.1" + ] + }, + { + "ref": "@aashutoshrathi/word-wrap@1.2.6" + }, + { + "ref": "deep-is@0.1.4" + }, + { + "ref": "accepts@1.3.8", + "dependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ] + }, + { + "ref": "mime-types@2.1.35", + "dependsOn": [ + "mime-db@1.52.0" + ] + }, + { + "ref": "negotiator@0.6.3" + }, + { + "ref": "array-flatten@1.1.1" + }, + { + "ref": "body-parser@1.20.2", + "dependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "body-parser@1.20.2|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.11.0", + "raw-body@2.5.2", + "type-is@1.6.18", + "unpipe@1.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|debug@2.6.9", + "dependsOn": [ + "body-parser@1.20.2|ms@2.0.0" + ] + }, + { + "ref": "body-parser@1.20.2|ms@2.0.0" + }, + { + "ref": "bytes@3.1.2" + }, + { + "ref": "depd@2.0.0" + }, + { + "ref": "destroy@1.2.0" + }, + { + "ref": "http-errors@2.0.0", + "dependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.1", + "toidentifier@1.0.1" + ] + }, + { + "ref": "iconv-lite@0.4.24", + "dependsOn": [ + "safer-buffer@2.1.2" + ] + }, + { + "ref": "safer-buffer@2.1.2" + }, + { + "ref": "on-finished@2.4.1", + "dependsOn": [ + "ee-first@1.1.1" + ] + }, + { + "ref": "qs@6.11.0", + "dependsOn": [ + "side-channel@1.0.6" + ] + }, + { + "ref": "raw-body@2.5.2", + "dependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.0", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ] + }, + { + "ref": "unpipe@1.0.0" + }, + { + "ref": "type-is@1.6.18", + "dependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ] + }, + { + "ref": "content-disposition@0.5.4", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "cookie-signature@1.0.6" + }, + { + "ref": "cookie@0.6.0" + }, + { + "ref": "encodeurl@1.0.2" + }, + { + "ref": "escape-html@1.0.3" + }, + { + "ref": "etag@1.8.1" + }, + { + "ref": "finalhandler@1.2.0", + "dependsOn": [ + "finalhandler@1.2.0|debug@2.6.9", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.1", + "unpipe@1.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|debug@2.6.9", + "dependsOn": [ + "finalhandler@1.2.0|ms@2.0.0" + ] + }, + { + "ref": "finalhandler@1.2.0|ms@2.0.0" + }, + { + "ref": "parseurl@1.3.3" + }, + { + "ref": "statuses@2.0.1" + }, + { + "ref": "fresh@0.5.2" + }, + { + "ref": "setprototypeof@1.2.0" + }, + { + "ref": "toidentifier@1.0.1" + }, + { + "ref": "merge-descriptors@1.0.1" + }, + { + "ref": "methods@1.1.2" + }, + { + "ref": "ee-first@1.1.1" + }, + { + "ref": "path-to-regexp@0.1.7" + }, + { + "ref": "proxy-addr@2.0.7", + "dependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ] + }, + { + "ref": "forwarded@0.2.0" + }, + { + "ref": "ipaddr.js@1.9.1" + }, + { + "ref": "side-channel@1.0.6", + "dependsOn": [ + "call-bind@1.0.7", + "es-errors@1.3.0", + "get-intrinsic@1.2.4", + "object-inspect@1.13.1" + ] + }, + { + "ref": "call-bind@1.0.7", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "set-function-length@1.2.2" + ] + }, + { + "ref": "es-define-property@1.0.0", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "get-intrinsic@1.2.4", + "dependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2", + "has-proto@1.0.3", + "has-symbols@1.0.3", + "hasown@2.0.2" + ] + }, + { + "ref": "es-errors@1.3.0" + }, + { + "ref": "function-bind@1.1.2" + }, + { + "ref": "set-function-length@1.2.2", + "dependsOn": [ + "define-data-property@1.1.4", + "es-errors@1.3.0", + "function-bind@1.1.2", + "get-intrinsic@1.2.4", + "gopd@1.0.1", + "has-property-descriptors@1.0.2" + ] + }, + { + "ref": "define-data-property@1.1.4", + "dependsOn": [ + "es-define-property@1.0.0", + "es-errors@1.3.0", + "gopd@1.0.1" + ] + }, + { + "ref": "gopd@1.0.1", + "dependsOn": [ + "get-intrinsic@1.2.4" + ] + }, + { + "ref": "has-property-descriptors@1.0.2", + "dependsOn": [ + "es-define-property@1.0.0" + ] + }, + { + "ref": "has-proto@1.0.3" + }, + { + "ref": "has-symbols@1.0.3" + }, + { + "ref": "hasown@2.0.2", + "dependsOn": [ + "function-bind@1.1.2" + ] + }, + { + "ref": "object-inspect@1.13.1" + }, + { + "ref": "range-parser@1.2.1" + }, + { + "ref": "send@0.18.0", + "dependsOn": [ + "send@0.18.0|debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@1.0.2", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.0", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.1" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9", + "dependsOn": [ + "send@0.18.0|debug@2.6.9|ms@2.0.0" + ] + }, + { + "ref": "send@0.18.0|debug@2.6.9|ms@2.0.0" + }, + { + "ref": "mime@1.6.0" + }, + { + "ref": "serve-static@1.15.0", + "dependsOn": [ + "encodeurl@1.0.2", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.18.0" + ] + }, + { + "ref": "media-typer@0.3.0" + }, + { + "ref": "utils-merge@1.0.1" + }, + { + "ref": "vary@1.1.2" + }, + { + "ref": "asynckit@0.4.0" + }, + { + "ref": "combined-stream@1.0.8", + "dependsOn": [ + "delayed-stream@1.0.0" + ] + }, + { + "ref": "delayed-stream@1.0.0" + }, + { + "ref": "mime-db@1.52.0" + }, + { + "ref": "fs-extra@11.2.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "jsonfile@6.1.0", + "universalify@2.0.1" + ] + }, + { + "ref": "jsonfile@6.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "universalify@2.0.1" + ] + }, + { + "ref": "universalify@2.0.1" + }, + { + "ref": "get-installed-path@4.0.8", + "dependsOn": [ + "global-modules@1.0.0" + ] + }, + { + "ref": "global-modules@1.0.0", + "dependsOn": [ + "global-prefix@1.0.2", + "is-windows@1.0.2", + "resolve-dir@1.0.1" + ] + }, + { + "ref": "global-prefix@1.0.2", + "dependsOn": [ + "expand-tilde@2.0.2", + "homedir-polyfill@1.0.3", + "ini@1.3.8", + "is-windows@1.0.2", + "global-prefix@1.0.2|which@1.3.1" + ] + }, + { + "ref": "global-prefix@1.0.2|which@1.3.1", + "dependsOn": [ + "isexe@2.0.0" + ] + }, + { + "ref": "expand-tilde@2.0.2", + "dependsOn": [ + "homedir-polyfill@1.0.3" + ] + }, + { + "ref": "homedir-polyfill@1.0.3", + "dependsOn": [ + "parse-passwd@1.0.0" + ] + }, + { + "ref": "parse-passwd@1.0.0" + }, + { + "ref": "is-windows@1.0.2" + }, + { + "ref": "resolve-dir@1.0.1", + "dependsOn": [ + "expand-tilde@2.0.2", + "global-modules@1.0.0" + ] + }, + { + "ref": "domhandler@5.0.3", + "dependsOn": [ + "domelementtype@2.3.0" + ] + }, + { + "ref": "domutils@3.1.0", + "dependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ] + }, + { + "ref": "dom-serializer@2.0.0", + "dependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ] + }, + { + "ref": "entities@4.5.0" + }, + { + "ref": "https@1.0.0" + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2", + "dependsOn": [ + "chalk@4.1.2", + "cli-cursor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1" + ] + }, + { + "ref": "inquirer-file-tree-selection-prompt@2.0.2|rxjs@7.8.1", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "cli-cursor@3.1.0", + "dependsOn": [ + "restore-cursor@3.1.0" + ] + }, + { + "ref": "restore-cursor@3.1.0", + "dependsOn": [ + "onetime@5.1.2", + "signal-exit@3.0.7" + ] + }, + { + "ref": "onetime@5.1.2", + "dependsOn": [ + "mimic-fn@2.1.0" + ] + }, + { + "ref": "mimic-fn@2.1.0" + }, + { + "ref": "signal-exit@3.0.7" + }, + { + "ref": "figures@3.2.0", + "dependsOn": [ + "figures@3.2.0|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "figures@3.2.0|escape-string-regexp@1.0.5" + }, + { + "ref": "inquirer@8.0.0", + "dependsOn": [ + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-cursor@3.1.0", + "cli-width@3.0.0", + "external-editor@3.1.0", + "figures@3.2.0", + "lodash@4.17.21", + "mute-stream@0.0.8", + "run-async@2.4.1", + "rxjs@6.6.7", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "through@2.3.8" + ] + }, + { + "ref": "cli-width@3.0.0" + }, + { + "ref": "external-editor@3.1.0", + "dependsOn": [ + "chardet@0.7.0", + "iconv-lite@0.4.24", + "external-editor@3.1.0|tmp@0.0.33" + ] + }, + { + "ref": "external-editor@3.1.0|tmp@0.0.33", + "dependsOn": [ + "os-tmpdir@1.0.2" + ] + }, + { + "ref": "chardet@0.7.0" + }, + { + "ref": "os-tmpdir@1.0.2" + }, + { + "ref": "mute-stream@0.0.8" + }, + { + "ref": "run-async@2.4.1" + }, + { + "ref": "rxjs@6.6.7", + "dependsOn": [ + "rxjs@6.6.7|tslib@1.14.1" + ] + }, + { + "ref": "rxjs@6.6.7|tslib@1.14.1" + }, + { + "ref": "through@2.3.8" + }, + { + "ref": "jest-mock@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-util@29.7.0" + ] + }, + { + "ref": "@types/istanbul-lib-report@3.0.3", + "dependsOn": [ + "@types/istanbul-lib-coverage@2.0.6" + ] + }, + { + "ref": "@types/yargs-parser@21.0.3" + }, + { + "ref": "jest@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/types@29.6.3", + "import-local@3.1.0", + "jest-cli@29.7.0" + ] + }, + { + "ref": "@jest/core@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/reporters@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "@jest/core@29.7.0|ci-info@3.9.0", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-changed-files@29.7.0", + "jest-config@29.7.0", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve-dependencies@29.7.0", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "jest-watcher@29.7.0", + "micromatch@4.0.5", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@jest/core@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/console@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "@jest/reporters@29.7.0", + "dependsOn": [ + "@bcoe/v8-coverage@0.2.3", + "@jest/console@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "@types/node@20.14.1", + "chalk@4.1.2", + "collect-v8-coverage@1.0.2", + "exit@0.1.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "istanbul-lib-coverage@3.2.2", + "istanbul-lib-instrument@6.0.2", + "istanbul-lib-report@3.0.1", + "istanbul-lib-source-maps@4.0.1", + "istanbul-reports@3.1.7", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "slash@3.0.0", + "string-length@4.0.2", + "strip-ansi@6.0.1", + "v8-to-istanbul@9.2.0" + ] + }, + { + "ref": "@jest/test-result@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/types@29.6.3", + "@types/istanbul-lib-coverage@2.0.6", + "collect-v8-coverage@1.0.2" + ] + }, + { + "ref": "@jest/transform@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/types@29.6.3", + "@jridgewell/trace-mapping@0.3.25", + "babel-plugin-istanbul@6.1.1", + "chalk@4.1.2", + "convert-source-map@2.0.0", + "fast-json-stable-stringify@2.1.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "micromatch@4.0.5", + "pirates@4.0.6", + "slash@3.0.0", + "write-file-atomic@4.0.2" + ] + }, + { + "ref": "fs.realpath@1.0.0" + }, + { + "ref": "inflight@1.0.6", + "dependsOn": [ + "once@1.4.0", + "wrappy@1.0.2" + ] + }, + { + "ref": "path-is-absolute@1.0.1" + }, + { + "ref": "istanbul-lib-instrument@6.0.2", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/parser@7.24.4", + "@istanbuljs/schema@0.1.3", + "istanbul-lib-coverage@3.2.2", + "semver@7.6.2" + ] + }, + { + "ref": "make-dir@4.0.0", + "dependsOn": [ + "semver@7.6.2" + ] + }, + { + "ref": "source-map@0.6.1" + }, + { + "ref": "html-escaper@2.0.2" + }, + { + "ref": "jest-worker@29.7.0", + "dependsOn": [ + "@types/node@20.14.1", + "jest-util@29.7.0", + "merge-stream@2.0.0", + "supports-color@8.1.1" + ] + }, + { + "ref": "char-regex@1.0.2" + }, + { + "ref": "convert-source-map@2.0.0" + }, + { + "ref": "jest-changed-files@29.7.0", + "dependsOn": [ + "execa@5.1.1", + "jest-util@29.7.0", + "p-limit@3.1.0" + ] + }, + { + "ref": "get-stream@6.0.1" + }, + { + "ref": "human-signals@2.1.0" + }, + { + "ref": "npm-run-path@4.0.1", + "dependsOn": [ + "path-key@3.1.1" + ] + }, + { + "ref": "strip-final-newline@2.0.0" + }, + { + "ref": "yocto-queue@0.1.0" + }, + { + "ref": "jest-config@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/test-sequencer@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "babel-jest@29.7.0", + "chalk@4.1.2", + "jest-config@29.7.0|ci-info@3.9.0", + "deepmerge@4.3.1", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-circus@29.7.0", + "jest-environment-node@29.7.0", + "jest-get-type@29.6.3", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-runner@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "micromatch@4.0.5", + "parse-json@5.2.0", + "pretty-format@29.7.0", + "slash@3.0.0", + "strip-json-comments@3.1.1", + "ts-node@10.9.2" + ] + }, + { + "ref": "jest-config@29.7.0|ci-info@3.9.0" + }, + { + "ref": "@jest/test-sequencer@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "slash@3.0.0" + ] + }, + { + "ref": "jest-haste-map@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@types/graceful-fs@4.1.9", + "@types/node@20.14.1", + "anymatch@3.1.3", + "fb-watchman@2.0.2", + "fsevents@2.3.3", + "graceful-fs@4.2.11", + "jest-regex-util@29.6.3", + "jest-util@29.7.0", + "jest-worker@29.7.0", + "micromatch@4.0.5", + "walker@1.0.8" + ] + }, + { + "ref": "babel-jest@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@types/babel__core@7.20.5", + "babel-plugin-istanbul@6.1.1", + "babel-preset-jest@29.6.3", + "chalk@4.1.2", + "graceful-fs@4.2.11", + "slash@3.0.0" + ] + }, + { + "ref": "jest-circus@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "co@4.6.0", + "dedent@1.5.3", + "is-generator-fn@2.1.0", + "jest-each@29.7.0", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-runtime@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "p-limit@3.1.0", + "pretty-format@29.7.0", + "pure-rand@6.1.0", + "slash@3.0.0", + "stack-utils@2.0.6" + ] + }, + { + "ref": "@jest/environment@29.7.0", + "dependsOn": [ + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/expect@29.7.0", + "dependsOn": [ + "expect@29.7.0", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "jest-snapshot@29.7.0", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/generator@7.24.4", + "@babel/plugin-syntax-jsx@7.24.1", + "@babel/plugin-syntax-typescript@7.24.1", + "@babel/types@7.24.0", + "@jest/expect-utils@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-preset-current-node-syntax@1.0.1", + "chalk@4.1.2", + "expect@29.7.0", + "graceful-fs@4.2.11", + "jest-diff@29.7.0", + "jest-get-type@29.6.3", + "jest-matcher-utils@29.7.0", + "jest-message-util@29.7.0", + "jest-util@29.7.0", + "natural-compare@1.4.0", + "pretty-format@29.7.0", + "semver@7.6.2" + ] + }, + { + "ref": "dedent@1.5.3" + }, + { + "ref": "jest-each@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "jest-util@29.7.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-runtime@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/globals@29.7.0", + "@jest/source-map@29.6.3", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "cjs-module-lexer@1.2.3", + "collect-v8-coverage@1.0.2", + "glob@7.2.3", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-regex-util@29.6.3", + "jest-resolve@29.7.0", + "jest-snapshot@29.7.0", + "jest-util@29.7.0", + "slash@3.0.0", + "strip-bom@4.0.0" + ] + }, + { + "ref": "pure-rand@6.1.0" + }, + { + "ref": "jest-environment-node@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/fake-timers@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "@jest/fake-timers@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "@sinonjs/fake-timers@10.3.0", + "@types/node@20.14.1", + "jest-message-util@29.7.0", + "jest-mock@29.7.0", + "jest-util@29.7.0" + ] + }, + { + "ref": "jest-regex-util@29.6.3" + }, + { + "ref": "jest-resolve@29.7.0", + "dependsOn": [ + "chalk@4.1.2", + "graceful-fs@4.2.11", + "jest-haste-map@29.7.0", + "jest-pnp-resolver@1.2.3", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "resolve.exports@2.0.2", + "resolve@1.22.8", + "slash@3.0.0" + ] + }, + { + "ref": "jest-runner@29.7.0", + "dependsOn": [ + "@jest/console@29.7.0", + "@jest/environment@29.7.0", + "@jest/test-result@29.7.0", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "chalk@4.1.2", + "emittery@0.13.1", + "graceful-fs@4.2.11", + "jest-docblock@29.7.0", + "jest-environment-node@29.7.0", + "jest-haste-map@29.7.0", + "jest-leak-detector@29.7.0", + "jest-message-util@29.7.0", + "jest-resolve@29.7.0", + "jest-runtime@29.7.0", + "jest-util@29.7.0", + "jest-watcher@29.7.0", + "jest-worker@29.7.0", + "p-limit@3.1.0", + "source-map-support@0.5.13" + ] + }, + { + "ref": "jest-validate@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "jest-validate@29.7.0|camelcase@6.3.0", + "chalk@4.1.2", + "jest-get-type@29.6.3", + "leven@3.1.0", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-validate@29.7.0|camelcase@6.3.0" + }, + { + "ref": "bser@2.1.1", + "dependsOn": [ + "node-int64@0.4.0" + ] + }, + { + "ref": "node-int64@0.4.0" + }, + { + "ref": "makeerror@1.0.12", + "dependsOn": [ + "tmpl@1.0.5" + ] + }, + { + "ref": "tmpl@1.0.5" + }, + { + "ref": "jest-resolve-dependencies@29.7.0", + "dependsOn": [ + "jest-regex-util@29.6.3", + "jest-snapshot@29.7.0" + ] + }, + { + "ref": "resolve.exports@2.0.2" + }, + { + "ref": "emittery@0.13.1" + }, + { + "ref": "jest-docblock@29.7.0", + "dependsOn": [ + "detect-newline@3.1.0" + ] + }, + { + "ref": "jest-leak-detector@29.7.0", + "dependsOn": [ + "jest-get-type@29.6.3", + "pretty-format@29.7.0" + ] + }, + { + "ref": "jest-watcher@29.7.0", + "dependsOn": [ + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "@types/node@20.14.1", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "emittery@0.13.1", + "jest-util@29.7.0", + "string-length@4.0.2" + ] + }, + { + "ref": "@jest/globals@29.7.0", + "dependsOn": [ + "@jest/environment@29.7.0", + "@jest/expect@29.7.0", + "@jest/types@29.6.3", + "jest-mock@29.7.0" + ] + }, + { + "ref": "@jest/source-map@29.6.3", + "dependsOn": [ + "@jridgewell/trace-mapping@0.3.25", + "callsites@3.1.0", + "graceful-fs@4.2.11" + ] + }, + { + "ref": "@babel/plugin-syntax-jsx@7.24.1", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/helper-plugin-utils@7.24.0" + }, + { + "ref": "@babel/plugin-syntax-async-generators@7.8.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-bigint@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-class-properties@7.12.13", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-import-meta@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-json-strings@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-numeric-separator@7.10.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-object-rest-spread@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-catch-binding@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-optional-chaining@7.8.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "@babel/plugin-syntax-top-level-await@7.14.5", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-plugin-utils@7.24.0" + ] + }, + { + "ref": "pkg-dir@4.2.0", + "dependsOn": [ + "pkg-dir@4.2.0|find-up@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|find-up@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|locate-path@5.0.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-locate@4.1.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-locate@4.1.0", + "dependsOn": [ + "pkg-dir@4.2.0|p-limit@2.3.0" + ] + }, + { + "ref": "pkg-dir@4.2.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0", + "dependsOn": [ + "resolve-cwd@3.0.0|resolve-from@5.0.0" + ] + }, + { + "ref": "resolve-cwd@3.0.0|resolve-from@5.0.0" + }, + { + "ref": "jest-cli@29.7.0", + "dependsOn": [ + "@jest/core@29.7.0", + "@jest/test-result@29.7.0", + "@jest/types@29.6.3", + "chalk@4.1.2", + "create-jest@29.7.0", + "exit@0.1.2", + "import-local@3.1.0", + "jest-config@29.7.0", + "jest-util@29.7.0", + "jest-validate@29.7.0", + "yargs@17.7.2" + ] + }, + { + "ref": "create-jest@29.7.0", + "dependsOn": [ + "@jest/types@29.6.3", + "chalk@4.1.2", + "exit@0.1.2", + "graceful-fs@4.2.11", + "jest-config@29.7.0", + "jest-util@29.7.0", + "prompts@2.4.2" + ] + }, + { + "ref": "cliui@8.0.1", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "get-caller-file@2.0.5" + }, + { + "ref": "require-directory@2.1.1" + }, + { + "ref": "y18n@5.0.8" + }, + { + "ref": "argparse@2.0.1" + }, + { + "ref": "json-colorizer@2.2.2", + "dependsOn": [ + "json-colorizer@2.2.2|chalk@2.4.2", + "lodash.get@4.4.2" + ] + }, + { + "ref": "json-colorizer@2.2.2|chalk@2.4.2", + "dependsOn": [ + "json-colorizer@2.2.2|ansi-styles@3.2.1", + "json-colorizer@2.2.2|escape-string-regexp@1.0.5", + "json-colorizer@2.2.2|supports-color@5.5.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|ansi-styles@3.2.1", + "dependsOn": [ + "json-colorizer@2.2.2|color-convert@1.9.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-convert@1.9.3", + "dependsOn": [ + "json-colorizer@2.2.2|color-name@1.1.3" + ] + }, + { + "ref": "json-colorizer@2.2.2|color-name@1.1.3" + }, + { + "ref": "json-colorizer@2.2.2|escape-string-regexp@1.0.5" + }, + { + "ref": "json-colorizer@2.2.2|supports-color@5.5.0", + "dependsOn": [ + "json-colorizer@2.2.2|has-flag@3.0.0" + ] + }, + { + "ref": "json-colorizer@2.2.2|has-flag@3.0.0" + }, + { + "ref": "markdown-diff@2.0.0", + "dependsOn": [ + "markdown-diff@2.0.0|diff@5.2.0", + "marked@12.0.2" + ] + }, + { + "ref": "markdown-diff@2.0.0|diff@5.2.0" + }, + { + "ref": "marked@12.0.2" + }, + { + "ref": "markdown-table-ts@1.0.3" + }, + { + "ref": "mocha@10.4.0", + "dependsOn": [ + "ansi-colors@4.1.1", + "browser-stdout@1.3.1", + "chokidar@3.5.3", + "debug@4.3.4", + "mocha@10.4.0|diff@5.0.0", + "escape-string-regexp@4.0.0", + "find-up@5.0.0", + "mocha@10.4.0|glob@8.1.0", + "he@1.2.0", + "js-yaml@4.1.0", + "mocha@10.4.0|log-symbols@4.1.0", + "mocha@10.4.0|minimatch@5.0.1", + "ms@2.1.3", + "serialize-javascript@6.0.0", + "strip-json-comments@3.1.1", + "supports-color@8.1.1", + "workerpool@6.2.1", + "yargs-parser@20.2.4", + "yargs-unparser@2.0.0", + "mocha@10.4.0|yargs@16.2.0" + ] + }, + { + "ref": "mocha@10.4.0|diff@5.0.0" + }, + { + "ref": "mocha@10.4.0|glob@8.1.0", + "dependsOn": [ + "fs.realpath@1.0.0", + "inflight@1.0.6", + "inherits@2.0.4", + "mocha@10.4.0|minimatch@5.0.1", + "once@1.4.0" + ] + }, + { + "ref": "mocha@10.4.0|minimatch@5.0.1", + "dependsOn": [ + "brace-expansion@2.0.1" + ] + }, + { + "ref": "mocha@10.4.0|log-symbols@4.1.0", + "dependsOn": [ + "chalk@4.1.2", + "is-unicode-supported@0.1.0" + ] + }, + { + "ref": "mocha@10.4.0|yargs@16.2.0", + "dependsOn": [ + "mocha@10.4.0|cliui@7.0.4", + "escalade@3.1.2", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "y18n@5.0.8", + "yargs-parser@20.2.4" + ] + }, + { + "ref": "mocha@10.4.0|cliui@7.0.4", + "dependsOn": [ + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "browser-stdout@1.3.1" + }, + { + "ref": "fill-range@7.0.1", + "dependsOn": [ + "to-regex-range@5.0.1" + ] + }, + { + "ref": "to-regex-range@5.0.1", + "dependsOn": [ + "is-number@7.0.0" + ] + }, + { + "ref": "is-number@7.0.0" + }, + { + "ref": "is-binary-path@2.1.0", + "dependsOn": [ + "binary-extensions@2.3.0" + ] + }, + { + "ref": "binary-extensions@2.3.0" + }, + { + "ref": "readdirp@3.6.0", + "dependsOn": [ + "picomatch@2.3.1" + ] + }, + { + "ref": "wrappy@1.0.2" + }, + { + "ref": "is-unicode-supported@0.1.0" + }, + { + "ref": "serialize-javascript@6.0.0", + "dependsOn": [ + "randombytes@2.1.0" + ] + }, + { + "ref": "randombytes@2.1.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "workerpool@6.2.1" + }, + { + "ref": "yargs-parser@20.2.4" + }, + { + "ref": "yargs-unparser@2.0.0", + "dependsOn": [ + "yargs-unparser@2.0.0|camelcase@6.3.0", + "decamelize@4.0.0", + "flat@5.0.2", + "is-plain-obj@2.1.0" + ] + }, + { + "ref": "yargs-unparser@2.0.0|camelcase@6.3.0" + }, + { + "ref": "decamelize@4.0.0" + }, + { + "ref": "is-plain-obj@2.1.0" + }, + { + "ref": "mock-fs@5.2.0" + }, + { + "ref": "objects-to-csv@1.3.6", + "dependsOn": [ + "async-csv@2.1.3" + ] + }, + { + "ref": "async-csv@2.1.3", + "dependsOn": [ + "csv@5.5.3" + ] + }, + { + "ref": "csv@5.5.3", + "dependsOn": [ + "csv-generate@3.4.3", + "csv-parse@4.16.3", + "csv-stringify@5.6.5", + "stream-transform@2.1.3" + ] + }, + { + "ref": "csv-generate@3.4.3" + }, + { + "ref": "csv-stringify@5.6.5" + }, + { + "ref": "stream-transform@2.1.3", + "dependsOn": [ + "mixme@0.5.10" + ] + }, + { + "ref": "mixme@0.5.10" + }, + { + "ref": "oclif@4.13.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0", + "@aws-sdk/client-s3@3.583.0", + "@inquirer/confirm@3.1.9", + "@inquirer/input@2.1.9", + "@inquirer/select@2.3.5", + "oclif@4.13.0|@oclif/core@4.0.1", + "@oclif/plugin-help@6.1.0", + "@oclif/plugin-not-found@3.2.1", + "@oclif/plugin-warn-if-update-available@3.1.4", + "async-retry@1.3.3", + "chalk@4.1.2", + "change-case@4.1.2", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "find-yarn-workspace-root@2.0.0", + "oclif@4.13.0|fs-extra@8.1.0", + "github-slugger@2.0.0", + "got@13.0.0", + "lodash@4.17.21", + "normalize-package-data@6.0.1", + "semver@7.6.2", + "sort-package-json@2.10.0", + "tiny-jsonc@1.0.1", + "validate-npm-package-name@5.0.1" + ] + }, + { + "ref": "oclif@4.13.0|@oclif/core@4.0.1", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "oclif@4.13.0|debug@4.3.5", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "oclif@4.13.0|debug@4.3.5", + "dependsOn": [ + "oclif@4.13.0|ms@2.1.2" + ] + }, + { + "ref": "oclif@4.13.0|ms@2.1.2" + }, + { + "ref": "oclif@4.13.0|fs-extra@8.1.0", + "dependsOn": [ + "graceful-fs@4.2.11", + "oclif@4.13.0|jsonfile@4.0.0", + "oclif@4.13.0|universalify@0.1.2" + ] + }, + { + "ref": "oclif@4.13.0|jsonfile@4.0.0", + "dependsOn": [ + "graceful-fs@4.2.11" + ] + }, + { + "ref": "oclif@4.13.0|universalify@0.1.2" + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/types@3.0.0", + "bowser@2.11.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-http@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-ini@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-env@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-process@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-sso@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/credential-provider-web-identity@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sts@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso@3.575.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/core@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-host-header@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-logger@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-recursion-detection@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/middleware-user-agent@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/region-config-resolver@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-endpoints@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-browser@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/util-user-agent-node@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/token-providers@3.575.0", + "dependsOn": [ + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/client-sso-oidc@3.575.0", + "@aws-sdk/client-cloudfront@3.575.0|@aws-sdk/types@3.575.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/xml-builder@3.575.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/util-waiter@3.0.0", + "dependsOn": [ + "@smithy/abort-controller@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0", + "dependsOn": [ + "@aws-crypto/sha1-browser@3.0.0", + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "@aws-sdk/middleware-expect-continue@3.577.0", + "@aws-sdk/middleware-flexible-checksums@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-location-constraint@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/middleware-signing@3.577.0", + "@aws-sdk/middleware-ssec@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/signature-v4-multi-region@3.582.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@aws-sdk/xml-builder@3.575.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/eventstream-serde-browser@3.0.0", + "@smithy/eventstream-serde-config-resolver@3.0.0", + "@smithy/eventstream-serde-node@3.0.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-blob-browser@3.0.0", + "@smithy/hash-node@3.0.0", + "@smithy/hash-stream-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/md5-js@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-retry@3.0.0", + "@smithy/util-stream@3.0.1", + "@smithy/util-utf8@3.0.0", + "@smithy/util-waiter@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso-oidc@3.583.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-node@3.583.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-http@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-ini@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sts@3.583.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/credential-provider-sso@3.583.0", + "dependsOn": [ + "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-s3@3.583.0|@aws-sdk/client-sso@3.583.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/core@3.582.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/middleware-user-agent@3.583.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/client-s3@3.583.0|@aws-sdk/util-endpoints@3.583.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0", + "dependsOn": [ + "@aws-crypto/ie11-detection@3.0.0", + "@aws-crypto/supports-web-crypto@3.0.0", + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-locate-window@3.535.0", + "@aws-sdk/util-utf8-browser@3.259.0", + "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/sha1-browser@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/region-config-resolver@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-user-agent-node@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-env@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-process@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-web-identity@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/token-providers@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso-oidc@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sts@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/client-sso-oidc@3.577.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/credential-provider-node@3.577.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0", + "dependsOn": [ + "@smithy/core@2.1.1", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/core@3.576.0|fast-xml-parser@4.2.5", + "dependsOn": [ + "strnum@1.0.5" + ] + }, + { + "ref": "@aws-sdk/credential-provider-node@3.577.0", + "dependsOn": [ + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-http@3.577.0", + "@aws-sdk/credential-provider-ini@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-user-agent@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-endpoints@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "@smithy/util-endpoints@2.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-http@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/node-http-handler@3.0.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-stream@3.0.1", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-ini@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sts@3.577.0", + "@aws-sdk/credential-provider-env@3.577.0", + "@aws-sdk/credential-provider-process@3.577.0", + "@aws-sdk/credential-provider-sso@3.577.0", + "@aws-sdk/credential-provider-web-identity@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/credential-provider-imds@3.1.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/credential-provider-sso@3.577.0", + "dependsOn": [ + "@aws-sdk/client-sso@3.577.0", + "@aws-sdk/token-providers@3.577.0", + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/shared-ini-file-loader@3.1.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/client-sso@3.577.0", + "dependsOn": [ + "@aws-crypto/sha256-browser@3.0.0", + "@aws-crypto/sha256-js@3.0.0", + "@aws-sdk/core@3.576.0", + "@aws-sdk/middleware-host-header@3.577.0", + "@aws-sdk/middleware-logger@3.577.0", + "@aws-sdk/middleware-recursion-detection@3.577.0", + "@aws-sdk/middleware-user-agent@3.577.0", + "@aws-sdk/region-config-resolver@3.577.0", + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-endpoints@3.577.0", + "@aws-sdk/util-user-agent-browser@3.577.0", + "@aws-sdk/util-user-agent-node@3.577.0", + "@smithy/config-resolver@3.0.1", + "@smithy/core@2.1.1", + "@smithy/fetch-http-handler@3.0.1", + "@smithy/hash-node@3.0.0", + "@smithy/invalid-dependency@3.0.0", + "@smithy/middleware-content-length@3.0.0", + "@smithy/middleware-endpoint@3.0.1", + "@smithy/middleware-retry@3.0.3", + "@smithy/middleware-serde@3.0.0", + "@smithy/middleware-stack@3.0.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/node-http-handler@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/url-parser@3.0.0", + "@smithy/util-base64@3.0.0", + "@smithy/util-body-length-browser@3.0.0", + "@smithy/util-body-length-node@3.0.0", + "@smithy/util-defaults-mode-browser@3.0.3", + "@smithy/util-defaults-mode-node@3.0.3", + "@smithy/util-endpoints@2.0.1", + "@smithy/util-middleware@3.0.0", + "@smithy/util-retry@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-bucket-endpoint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/util-arn-parser@3.568.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-expect-continue@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-flexible-checksums@3.577.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@aws-crypto/crc32c@3.0.0", + "@aws-sdk/types@3.577.0", + "@smithy/is-array-buffer@3.0.0", + "@smithy/protocol-http@4.0.0", + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-crypto/crc32c@3.0.0", + "dependsOn": [ + "@aws-crypto/util@3.0.0", + "@aws-sdk/types@3.577.0", + "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + ] + }, + { + "ref": "@aws-crypto/crc32c@3.0.0|tslib@1.14.1" + }, + { + "ref": "@aws-sdk/middleware-location-constraint@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-sdk-s3@3.582.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@aws-sdk/util-arn-parser@3.568.0", + "@smithy/node-config-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/smithy-client@3.1.1", + "@smithy/types@3.0.0", + "@smithy/util-config-provider@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-signing@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/property-provider@3.1.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-middleware@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/middleware-ssec@3.577.0", + "dependsOn": [ + "@aws-sdk/types@3.577.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@aws-sdk/signature-v4-multi-region@3.582.0", + "dependsOn": [ + "@aws-sdk/middleware-sdk-s3@3.582.0", + "@aws-sdk/types@3.577.0", + "@smithy/protocol-http@4.0.0", + "@smithy/signature-v4@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-browser@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-universal@3.0.0", + "dependsOn": [ + "@smithy/eventstream-codec@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-codec@3.0.0", + "dependsOn": [ + "@aws-crypto/crc32@3.0.0", + "@smithy/types@3.0.0", + "@smithy/util-hex-encoding@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-config-resolver@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/eventstream-serde-node@3.0.0", + "dependsOn": [ + "@smithy/eventstream-serde-universal@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-blob-browser@3.0.0", + "dependsOn": [ + "@smithy/chunked-blob-reader-native@3.0.0", + "@smithy/chunked-blob-reader@3.0.0", + "@smithy/types@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader-native@3.0.0", + "dependsOn": [ + "@smithy/util-base64@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/chunked-blob-reader@3.0.0", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/hash-stream-node@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@smithy/md5-js@3.0.0", + "dependsOn": [ + "@smithy/types@3.0.0", + "@smithy/util-utf8@3.0.0", + "tslib@2.6.3" + ] + }, + { + "ref": "@inquirer/confirm@3.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/core@8.2.2", + "dependsOn": [ + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "@types/mute-stream@0.0.4", + "@types/node@20.14.1", + "@types/wrap-ansi@3.0.0", + "ansi-escapes@4.3.2", + "chalk@4.1.2", + "cli-spinners@2.9.2", + "@inquirer/core@8.2.2|cli-width@4.1.0", + "@inquirer/core@8.2.2|mute-stream@1.0.0", + "@inquirer/core@8.2.2|signal-exit@4.1.0", + "strip-ansi@6.0.1", + "@inquirer/core@8.2.2|wrap-ansi@6.2.0" + ] + }, + { + "ref": "@inquirer/core@8.2.2|cli-width@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|mute-stream@1.0.0" + }, + { + "ref": "@inquirer/core@8.2.2|signal-exit@4.1.0" + }, + { + "ref": "@inquirer/core@8.2.2|wrap-ansi@6.2.0", + "dependsOn": [ + "ansi-styles@4.3.0", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "strip-ansi@6.0.1" + ] + }, + { + "ref": "@inquirer/figures@1.0.3" + }, + { + "ref": "@inquirer/type@1.3.3" + }, + { + "ref": "@types/mute-stream@0.0.4", + "dependsOn": [ + "@types/node@20.14.1" + ] + }, + { + "ref": "@types/wrap-ansi@3.0.0" + }, + { + "ref": "@inquirer/input@2.1.9", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/type@1.3.3" + ] + }, + { + "ref": "@inquirer/select@2.3.5", + "dependsOn": [ + "@inquirer/core@8.2.2", + "@inquirer/figures@1.0.3", + "@inquirer/type@1.3.3", + "ansi-escapes@4.3.2", + "chalk@4.1.2" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1", + "dependsOn": [ + "@inquirer/confirm@3.1.9", + "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "ansis@3.2.0", + "fast-levenshtein@3.0.0" + ] + }, + { + "ref": "@oclif/plugin-not-found@3.2.1|@oclif/core@4.0.0-beta.15", + "dependsOn": [ + "ansi-escapes@4.3.2", + "ansis@3.2.0", + "clean-stack@3.0.1", + "cli-spinners@2.9.2", + "cosmiconfig@9.0.0", + "debug@4.3.4", + "ejs@3.1.10", + "get-package-type@0.1.0", + "globby@11.1.0", + "indent-string@4.0.0", + "is-wsl@2.2.0", + "minimatch@9.0.4", + "BomRef.5hrhe0lu5jo.6brcifutiug", + "supports-color@8.1.1", + "widest-line@3.1.0", + "wordwrap@1.0.0", + "BomRef.okvgjdrtm6.tqh1scmn9b8" + ] + }, + { + "ref": "fast-levenshtein@3.0.0", + "dependsOn": [ + "fastest-levenshtein@1.0.16" + ] + }, + { + "ref": "fastest-levenshtein@1.0.16" + }, + { + "ref": "async-retry@1.3.3", + "dependsOn": [ + "retry@0.13.1" + ] + }, + { + "ref": "retry@0.13.1" + }, + { + "ref": "change-case@4.1.2", + "dependsOn": [ + "camel-case@4.1.2", + "capital-case@1.0.4", + "constant-case@3.0.4", + "dot-case@3.0.4", + "header-case@2.0.4", + "no-case@3.0.4", + "param-case@3.0.4", + "pascal-case@3.1.2", + "path-case@3.0.4", + "sentence-case@3.0.4", + "snake-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "camel-case@4.1.2", + "dependsOn": [ + "pascal-case@3.1.2", + "tslib@2.6.3" + ] + }, + { + "ref": "pascal-case@3.1.2", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "capital-case@1.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "no-case@3.0.4", + "dependsOn": [ + "lower-case@2.0.2", + "tslib@2.6.3" + ] + }, + { + "ref": "upper-case-first@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "constant-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case@2.0.2" + ] + }, + { + "ref": "upper-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "dot-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "header-case@2.0.4", + "dependsOn": [ + "capital-case@1.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "lower-case@2.0.2", + "dependsOn": [ + "tslib@2.6.3" + ] + }, + { + "ref": "param-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "path-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "sentence-case@3.0.4", + "dependsOn": [ + "no-case@3.0.4", + "tslib@2.6.3", + "upper-case-first@2.0.2" + ] + }, + { + "ref": "snake-case@3.0.4", + "dependsOn": [ + "dot-case@3.0.4", + "tslib@2.6.3" + ] + }, + { + "ref": "find-yarn-workspace-root@2.0.0", + "dependsOn": [ + "micromatch@4.0.5" + ] + }, + { + "ref": "github-slugger@2.0.0" + }, + { + "ref": "got@13.0.0", + "dependsOn": [ + "@sindresorhus/is@5.6.0", + "@szmarczak/http-timer@5.0.1", + "cacheable-lookup@7.0.0", + "cacheable-request@10.2.14", + "decompress-response@6.0.0", + "form-data-encoder@2.1.4", + "get-stream@6.0.1", + "http2-wrapper@2.2.1", + "lowercase-keys@3.0.0", + "p-cancelable@3.0.0", + "responselike@3.0.0" + ] + }, + { + "ref": "@sindresorhus/is@5.6.0" + }, + { + "ref": "@szmarczak/http-timer@5.0.1", + "dependsOn": [ + "defer-to-connect@2.0.1" + ] + }, + { + "ref": "defer-to-connect@2.0.1" + }, + { + "ref": "cacheable-lookup@7.0.0" + }, + { + "ref": "cacheable-request@10.2.14", + "dependsOn": [ + "@types/http-cache-semantics@4.0.4", + "get-stream@6.0.1", + "http-cache-semantics@4.1.1", + "keyv@4.5.4", + "mimic-response@4.0.0", + "normalize-url@8.0.1", + "responselike@3.0.0" + ] + }, + { + "ref": "@types/http-cache-semantics@4.0.4" + }, + { + "ref": "http-cache-semantics@4.1.1" + }, + { + "ref": "mimic-response@4.0.0" + }, + { + "ref": "normalize-url@8.0.1" + }, + { + "ref": "responselike@3.0.0", + "dependsOn": [ + "lowercase-keys@3.0.0" + ] + }, + { + "ref": "decompress-response@6.0.0", + "dependsOn": [ + "decompress-response@6.0.0|mimic-response@3.1.0" + ] + }, + { + "ref": "decompress-response@6.0.0|mimic-response@3.1.0" + }, + { + "ref": "form-data-encoder@2.1.4" + }, + { + "ref": "http2-wrapper@2.2.1", + "dependsOn": [ + "quick-lru@5.1.1", + "resolve-alpn@1.2.1" + ] + }, + { + "ref": "resolve-alpn@1.2.1" + }, + { + "ref": "lowercase-keys@3.0.0" + }, + { + "ref": "p-cancelable@3.0.0" + }, + { + "ref": "normalize-package-data@6.0.1", + "dependsOn": [ + "hosted-git-info@7.0.2", + "is-core-module@2.13.1", + "semver@7.6.2", + "validate-npm-package-license@3.0.4" + ] + }, + { + "ref": "spdx-correct@3.2.0", + "dependsOn": [ + "spdx-expression-parse@3.0.1", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-expression-parse@3.0.1", + "dependsOn": [ + "spdx-exceptions@2.5.0", + "spdx-license-ids@3.0.17" + ] + }, + { + "ref": "spdx-license-ids@3.0.17" + }, + { + "ref": "spdx-exceptions@2.5.0" + }, + { + "ref": "sort-package-json@2.10.0", + "dependsOn": [ + "detect-indent@7.0.1", + "sort-package-json@2.10.0|detect-newline@4.0.1", + "get-stdin@9.0.0", + "git-hooks-list@3.1.0", + "sort-package-json@2.10.0|globby@13.2.2", + "sort-package-json@2.10.0|is-plain-obj@4.1.0", + "semver@7.6.2", + "sort-object-keys@1.1.3" + ] + }, + { + "ref": "sort-package-json@2.10.0|detect-newline@4.0.1" + }, + { + "ref": "sort-package-json@2.10.0|globby@13.2.2", + "dependsOn": [ + "dir-glob@3.0.1", + "fast-glob@3.3.2", + "ignore@5.3.1", + "merge2@1.4.1", + "sort-package-json@2.10.0|slash@4.0.0" + ] + }, + { + "ref": "sort-package-json@2.10.0|slash@4.0.0" + }, + { + "ref": "sort-package-json@2.10.0|is-plain-obj@4.1.0" + }, + { + "ref": "detect-indent@7.0.1" + }, + { + "ref": "get-stdin@9.0.0" + }, + { + "ref": "git-hooks-list@3.1.0" + }, + { + "ref": "sort-object-keys@1.1.3" + }, + { + "ref": "tiny-jsonc@1.0.1" + }, + { + "ref": "open@10.1.0", + "dependsOn": [ + "default-browser@5.2.1", + "define-lazy-prop@3.0.0", + "is-inside-container@1.0.0", + "open@10.1.0|is-wsl@3.1.0" + ] + }, + { + "ref": "open@10.1.0|is-wsl@3.1.0", + "dependsOn": [ + "is-inside-container@1.0.0" + ] + }, + { + "ref": "default-browser@5.2.1", + "dependsOn": [ + "bundle-name@4.1.0", + "default-browser-id@5.0.0" + ] + }, + { + "ref": "bundle-name@4.1.0", + "dependsOn": [ + "run-applescript@7.0.0" + ] + }, + { + "ref": "run-applescript@7.0.0" + }, + { + "ref": "default-browser-id@5.0.0" + }, + { + "ref": "define-lazy-prop@3.0.0" + }, + { + "ref": "is-inside-container@1.0.0", + "dependsOn": [ + "is-inside-container@1.0.0|is-docker@3.0.0" + ] + }, + { + "ref": "is-inside-container@1.0.0|is-docker@3.0.0" + }, + { + "ref": "prompt-sync@4.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|strip-ansi@5.2.0" + ] + }, + { + "ref": "prompt-sync@4.2.0|strip-ansi@5.2.0", + "dependsOn": [ + "prompt-sync@4.2.0|ansi-regex@4.1.1" + ] + }, + { + "ref": "prompt-sync@4.2.0|ansi-regex@4.1.1" + }, + { + "ref": "lodash.truncate@4.4.2" + }, + { + "ref": "tmp@0.2.3" + }, + { + "ref": "ts-jest@29.1.4", + "dependsOn": [ + "@babel/core@7.24.4", + "@jest/transform@29.7.0", + "@jest/types@29.6.3", + "babel-jest@29.7.0", + "bs-logger@0.2.6", + "fast-json-stable-stringify@2.1.0", + "jest-util@29.7.0", + "jest@29.7.0", + "json5@2.2.3", + "lodash.memoize@4.1.2", + "make-error@1.3.6", + "semver@7.6.2", + "typescript@5.1.6", + "ts-jest@29.1.4|yargs-parser@21.1.1" + ] + }, + { + "ref": "ts-jest@29.1.4|yargs-parser@21.1.1" + }, + { + "ref": "@ampproject/remapping@2.3.0", + "dependsOn": [ + "@jridgewell/gen-mapping@0.3.5", + "@jridgewell/trace-mapping@0.3.25" + ] + }, + { + "ref": "js-tokens@4.0.0" + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6", + "dependsOn": [ + "@babel/compat-data@7.24.4", + "@babel/helper-validator-option@7.23.5", + "browserslist@4.23.0", + "lru-cache@5.1.1", + "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + ] + }, + { + "ref": "@babel/helper-compilation-targets@7.23.6|semver@6.3.1" + }, + { + "ref": "@babel/compat-data@7.24.4" + }, + { + "ref": "@babel/helper-validator-option@7.23.5" + }, + { + "ref": "lru-cache@5.1.1", + "dependsOn": [ + "yallist@3.1.1" + ] + }, + { + "ref": "yallist@3.1.1" + }, + { + "ref": "@babel/helper-module-transforms@7.23.3", + "dependsOn": [ + "@babel/core@7.24.4", + "@babel/helper-environment-visitor@7.22.20", + "@babel/helper-module-imports@7.24.3", + "@babel/helper-simple-access@7.22.5", + "@babel/helper-split-export-declaration@7.22.6", + "@babel/helper-validator-identifier@7.22.20" + ] + }, + { + "ref": "@babel/helper-environment-visitor@7.22.20" + }, + { + "ref": "@babel/helper-module-imports@7.24.3", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-simple-access@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-split-export-declaration@7.22.6", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helpers@7.24.4", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/traverse@7.24.1", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-function-name@7.23.0", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-hoist-variables@7.22.5", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@babel/helper-string-parser@7.24.1" + }, + { + "ref": "to-fast-properties@2.0.0" + }, + { + "ref": "gensync@1.0.0-beta.2" + }, + { + "ref": "@jridgewell/resolve-uri@3.1.2" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0", + "dependsOn": [ + "camelcase@5.3.1", + "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "get-package-type@0.1.0", + "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|find-up@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "path-exists@4.0.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|locate-path@5.0.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-locate@4.1.0", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|p-limit@2.3.0", + "dependsOn": [ + "p-try@2.2.0" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|js-yaml@3.14.1", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "esprima@4.0.1" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|argparse@1.0.10", + "dependsOn": [ + "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + ] + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|sprintf-js@1.0.3" + }, + { + "ref": "@istanbuljs/load-nyc-config@1.1.0|resolve-from@5.0.0" + }, + { + "ref": "camelcase@5.3.1" + }, + { + "ref": "test-exclude@6.0.0", + "dependsOn": [ + "@istanbuljs/schema@0.1.3", + "glob@7.2.3", + "test-exclude@6.0.0|minimatch@3.1.2" + ] + }, + { + "ref": "test-exclude@6.0.0|minimatch@3.1.2", + "dependsOn": [ + "test-exclude@6.0.0|brace-expansion@1.1.11" + ] + }, + { + "ref": "test-exclude@6.0.0|brace-expansion@1.1.11", + "dependsOn": [ + "balanced-match@1.0.2", + "concat-map@0.0.1" + ] + }, + { + "ref": "@types/babel__generator@7.6.8", + "dependsOn": [ + "@babel/types@7.24.0" + ] + }, + { + "ref": "@types/babel__template@7.4.4", + "dependsOn": [ + "@babel/parser@7.24.4", + "@babel/types@7.24.0" + ] + }, + { + "ref": "babel-preset-jest@29.6.3", + "dependsOn": [ + "@babel/core@7.24.4", + "babel-plugin-jest-hoist@29.6.3", + "babel-preset-current-node-syntax@1.0.1" + ] + }, + { + "ref": "babel-plugin-jest-hoist@29.6.3", + "dependsOn": [ + "@babel/template@7.24.0", + "@babel/types@7.24.0", + "@types/babel__core@7.20.5", + "@types/babel__traverse@7.20.5" + ] + }, + { + "ref": "ts-mocha@10.0.0", + "dependsOn": [ + "mocha@10.4.0", + "ts-mocha@10.0.0|ts-node@7.0.1", + "tsconfig-paths@3.15.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|ts-node@7.0.1", + "dependsOn": [ + "ts-mocha@10.0.0|arrify@1.0.1", + "buffer-from@1.1.2", + "ts-mocha@10.0.0|diff@3.5.0", + "make-error@1.3.6", + "minimist@1.2.8", + "ts-mocha@10.0.0|mkdirp@0.5.6", + "source-map-support@0.5.13", + "ts-mocha@10.0.0|yn@2.0.0" + ] + }, + { + "ref": "ts-mocha@10.0.0|arrify@1.0.1" + }, + { + "ref": "ts-mocha@10.0.0|diff@3.5.0" + }, + { + "ref": "ts-mocha@10.0.0|mkdirp@0.5.6", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "ts-mocha@10.0.0|yn@2.0.0" + }, + { + "ref": "buffer-from@1.1.2" + }, + { + "ref": "tsconfig-paths@3.15.0", + "dependsOn": [ + "@types/json5@0.0.29", + "tsconfig-paths@3.15.0|json5@1.0.2", + "minimist@1.2.8", + "tsconfig-paths@3.15.0|strip-bom@3.0.0" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|json5@1.0.2", + "dependsOn": [ + "minimist@1.2.8" + ] + }, + { + "ref": "tsconfig-paths@3.15.0|strip-bom@3.0.0" + }, + { + "ref": "@types/json5@0.0.29" + }, + { + "ref": "@cspotcode/source-map-support@0.8.1", + "dependsOn": [ + "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9" + ] + }, + { + "ref": "@cspotcode/source-map-support@0.8.1|@jridgewell/trace-mapping@0.3.9", + "dependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.4.15" + ] + }, + { + "ref": "@tsconfig/node10@1.0.11" + }, + { + "ref": "@tsconfig/node12@1.0.11" + }, + { + "ref": "@tsconfig/node14@1.0.3" + }, + { + "ref": "@tsconfig/node16@1.0.4" + }, + { + "ref": "acorn-walk@8.3.2" + }, + { + "ref": "create-require@1.1.1" + }, + { + "ref": "diff@4.0.2" + }, + { + "ref": "v8-compile-cache-lib@3.0.1" + }, + { + "ref": "yn@3.1.1" + }, + { + "ref": "tsimportlib@0.0.5" + }, + { + "ref": "@colors/colors@1.6.0" + }, + { + "ref": "@dabh/diagnostics@2.0.3", + "dependsOn": [ + "colorspace@1.1.4", + "enabled@2.0.0", + "kuler@2.0.0" + ] + }, + { + "ref": "colorspace@1.1.4", + "dependsOn": [ + "colorspace@1.1.4|color@3.2.1", + "text-hex@1.0.0" + ] + }, + { + "ref": "colorspace@1.1.4|color@3.2.1", + "dependsOn": [ + "colorspace@1.1.4|color-convert@1.9.3", + "color-string@1.9.1" + ] + }, + { + "ref": "colorspace@1.1.4|color-convert@1.9.3", + "dependsOn": [ + "colorspace@1.1.4|color-name@1.1.3" + ] + }, + { + "ref": "colorspace@1.1.4|color-name@1.1.3" + }, + { + "ref": "text-hex@1.0.0" + }, + { + "ref": "enabled@2.0.0" + }, + { + "ref": "kuler@2.0.0" + }, + { + "ref": "logform@2.6.0", + "dependsOn": [ + "@colors/colors@1.6.0", + "@types/triple-beam@1.3.5", + "fecha@4.2.3", + "ms@2.1.3", + "safe-stable-stringify@2.4.3", + "triple-beam@1.4.1" + ] + }, + { + "ref": "fecha@4.2.3" + }, + { + "ref": "safe-stable-stringify@2.4.3" + }, + { + "ref": "triple-beam@1.4.1" + }, + { + "ref": "one-time@1.0.0", + "dependsOn": [ + "fn.name@1.1.0" + ] + }, + { + "ref": "fn.name@1.1.0" + }, + { + "ref": "string_decoder@1.3.0", + "dependsOn": [ + "safe-buffer@5.2.1" + ] + }, + { + "ref": "stack-trace@0.0.10" + }, + { + "ref": "winston-transport@4.7.0", + "dependsOn": [ + "logform@2.6.0", + "readable-stream@3.6.2", + "triple-beam@1.4.1" + ] + }, + { + "ref": "xlsx-populate@1.21.0", + "dependsOn": [ + "cfb@1.2.2", + "jszip@3.10.1", + "lodash@4.17.21", + "xlsx-populate@1.21.0|sax@1.3.0" + ] + }, + { + "ref": "xlsx-populate@1.21.0|sax@1.3.0" + }, + { + "ref": "cfb@1.2.2", + "dependsOn": [ + "adler-32@1.3.1", + "crc-32@1.2.2" + ] + }, + { + "ref": "adler-32@1.3.1" + }, + { + "ref": "crc-32@1.2.2" + }, + { + "ref": "jszip@3.10.1", + "dependsOn": [ + "lie@3.3.0", + "pako@1.0.11", + "jszip@3.10.1|readable-stream@2.3.8", + "setimmediate@1.0.5" + ] + }, + { + "ref": "jszip@3.10.1|readable-stream@2.3.8", + "dependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "jszip@3.10.1|safe-buffer@5.1.2", + "jszip@3.10.1|string_decoder@1.1.1", + "util-deprecate@1.0.2" + ] + }, + { + "ref": "jszip@3.10.1|safe-buffer@5.1.2" + }, + { + "ref": "jszip@3.10.1|string_decoder@1.1.1", + "dependsOn": [ + "jszip@3.10.1|safe-buffer@5.1.2" + ] + }, + { + "ref": "lie@3.3.0", + "dependsOn": [ + "immediate@3.0.6" + ] + }, + { + "ref": "immediate@3.0.6" + }, + { + "ref": "pako@1.0.11" + }, + { + "ref": "core-util-is@1.0.3" + }, + { + "ref": "isarray@1.0.0" + }, + { + "ref": "process-nextick-args@2.0.1" + }, + { + "ref": "setimmediate@1.0.5" + }, + { + "ref": "sax@1.2.1" + }, + { + "ref": "xmlbuilder@11.0.1" + }, + { + "ref": "zip-lib@1.0.4", + "dependsOn": [ + "yauzl@3.1.3", + "yazl@2.5.1" + ] + }, + { + "ref": "yauzl@3.1.3", + "dependsOn": [ + "buffer-crc32@0.2.13", + "pend@1.2.0" + ] + }, + { + "ref": "buffer-crc32@0.2.13" + }, + { + "ref": "pend@1.2.0" + }, + { + "ref": "yazl@2.5.1", + "dependsOn": [ + "buffer-crc32@0.2.13" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "serialNumber": "urn:uuid:7103f08b-5c5e-4b5b-b2c7-d4be65fa19fe", + "metadata": { + "timestamp": "2024-07-08T18:08:55.978Z", + "tools": [ + { + "name": "npm", + "version": "10.7.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.19.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "6.10.0", + "externalReferences": [ + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "saf", + "group": "@mitre", + "version": "1.4.7", + "bom-ref": "@mitre/saf@1.4.7", + "author": "The MITRE Security Automation Framework", + "description": "The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines.", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/%40mitre/saf@1.4.7?vcs_url=git%2Bhttps%3A//github.com/mitre/saf.git", + "externalReferences": [ + { + "url": "git+https://github.com/mitre/saf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/mitre/saf", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + }, + { + "url": "https://github.com/mitre/saf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + } + ] + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json new file mode 100644 index 0000000000..32b1c6d73c --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json @@ -0,0 +1,3072 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: container/1d098408640ab242", + "title": "alpine CycloneDX BOM Report", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "f57879a123b5e7ca79958826037eca3b44402838eab9c4418280c4abc06ec12e" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + } + } + } + ], + "raw": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + }, + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json new file mode 100644 index 0000000000..9d793fb7c9 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json @@ -0,0 +1,1550 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.14" + }, + "version": "2.10.14", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report: container/1d098408640ab242", + "title": "alpine CycloneDX BOM Report", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [], + "sha256": "f57879a123b5e7ca79958826037eca3b44402838eab9c4418280c4abc06ec12e" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "components": [ + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "331776" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1zwvKMnYs1b6ZdPTBJ0Z7D5P3jyA=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "alpine-baselayout-data=3.4.3-r1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:size", + "value": "8914" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "description": "Alpine base dir structure and init scripts", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:alpine-baselayout-data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout-data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout_data:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_baselayout:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-baselayout-data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_baselayout_data:3.4.3-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "65502ca9379dd29d1ac4b0bf0dcf03a3dd1b324a" + }, + { + "name": "syft:metadata:installedSize", + "value": "77824" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-baselayout" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1YCAH7jdO2W816b85sUh9Z8av4Cc=" + }, + { + "name": "syft:metadata:size", + "value": "11705" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c3e1269ff75aa1d8", + "type": "library", + "publisher": "Natanael Copa ", + "name": "alpine-keys", + "version": "2.4-r1", + "description": "Public keys for Alpine Linux packages", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:alpine-keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine-keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine_keys:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine-keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:alpine:alpine_keys:2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "aab68f8c9ab434a46710de8e12fb3206e2930a59" + }, + { + "name": "syft:metadata:installedSize", + "value": "159744" + }, + { + "name": "syft:metadata:originPackage", + "value": "alpine-keys" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q17Do9XvTHoWjQlRYJe7MhnKd8FTQ=" + }, + { + "name": "syft:metadata:size", + "value": "13360" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "type": "library", + "publisher": "Natanael Copa ", + "name": "apk-tools", + "version": "2.14.0-r2", + "description": "Alpine Package Keeper - package manager for alpine", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:apk-tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/apk-tools", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk-tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk_tools:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk-tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:apk:apk_tools:2.14.0-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "cbaf845cd82388decc932885aa5b6d695bd8a306" + }, + { + "name": "syft:metadata:installedSize", + "value": "311296" + }, + { + "name": "syft:metadata:originPackage", + "value": "apk-tools" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libapk.so.2.14.0=2.14.0" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:apk=2.14.0-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1jN4l8jnr9pHNE1o5VOUZPBrCrhM=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl>=1.2.3_git20230424" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "ca-certificates-bundle" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:3", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:4", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:pullDependencies:5", + "value": "so:libz.so.1" + }, + { + "name": "syft:metadata:size", + "value": "125679" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox", + "version": "1.36.1-r2", + "description": "Size optimized toolbox of many common UNIX utilities", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox:busybox:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "946176" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1gQ/L3UBnSjgkFWEHQaUkUDubqdI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "510086" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "type": "library", + "publisher": "Sören Tempel ", + "name": "busybox-binsh", + "version": "1.36.1-r2", + "description": "busybox ash /bin/sh", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:busybox-binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox-binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox_binsh:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox-binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:busybox:busybox_binsh:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "8192" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "/bin/sh" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:sh=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1ng9K4zeuARW5It8leWhwxor0cRQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "busybox=1.36.1-r2" + }, + { + "name": "syft:metadata:size", + "value": "1543" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "type": "library", + "publisher": "Natanael Copa ", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "description": "Pre generated bundle of Mozilla certificates", + "licenses": [ + { + "expression": "MPL-2.0 AND MIT" + } + ], + "cpe": "cpe:2.3:a:ca-certificates-bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates-bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates_bundle:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca-certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca_certificates:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mozilla:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca-certificates-bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ca:ca_certificates_bundle:20230506-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "59534a02716a92a10d177a118c34066162eff4a6" + }, + { + "name": "syft:metadata:installedSize", + "value": "237568" + }, + { + "name": "syft:metadata:originPackage", + "value": "ca-certificates" + }, + { + "name": "syft:metadata:provides:0", + "value": "ca-certificates-cacert=20230506-r0" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1R/SF0IZwqesh6/EOcK5l3EOrbD0=" + }, + { + "name": "syft:metadata:size", + "value": "126311" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "type": "library", + "publisher": "Natanael Copa ", + "name": "libc-utils", + "version": "0.7.2-r5", + "description": "Meta package to pull in correct libc", + "licenses": [ + { + "expression": "BSD-2-Clause AND BSD-3-Clause" + } + ], + "cpe": "cpe:2.3:a:libc-utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://alpinelinux.org", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc-utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc_utils:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc-utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libc:libc_utils:0.7.2-r5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "988f183cc9d6699930c3e18ccf4a9e36010afb56" + }, + { + "name": "syft:metadata:installedSize", + "value": "4096" + }, + { + "name": "syft:metadata:originPackage", + "value": "libc-dev" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1Llna/ri8oHhlQIRsaG8SGug0ikI=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "musl-utils" + }, + { + "name": "syft:metadata:size", + "value": "1484" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libcrypto3", + "version": "3.1.2-r0", + "description": "Crypto library from openssl", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libcrypto3:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto3:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libcrypto:libcrypto:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "4575232" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libcrypto.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1NsXXS8muNMooXArl1YhRLj5Rvno=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "1740170" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "type": "library", + "publisher": "Ariadne Conill ", + "name": "libssl3", + "version": "3.1.2-r0", + "description": "SSL shared libraries", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "cpe": "cpe:2.3:a:libssl3:libssl3:3.1.2-r0:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://www.openssl.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl3:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl3:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libssl:libssl:3.1.2-r0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "b68a32f25ba44f406e02c2ca8f323a76f167d924" + }, + { + "name": "syft:metadata:installedSize", + "value": "565248" + }, + { + "name": "syft:metadata:originPackage", + "value": "openssl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libssl.so.3=3" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q16d3kU5nHnWY7SeXMWOWZGiQjKcg=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:size", + "value": "236713" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "cpe": "cpe:2.3:a:musl-libc:musl:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_libc:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "634880" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libc.musl-x86_64.so.1=1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q12qHLEadu7QpBuz8kHB5EDF3mKB4=" + }, + { + "name": "syft:metadata:size", + "value": "390477" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "type": "library", + "publisher": "Timo Teräs ", + "name": "musl-utils", + "version": "1.2.4-r1", + "description": "the musl c library (libc) implementation", + "licenses": [ + { + "expression": "MIT AND BSD-2-Clause AND GPL-2.0-or-later" + } + ], + "cpe": "cpe:2.3:a:musl-utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://musl.libc.org/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl_utils:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl-libc:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl-utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:musl:musl_utils:1.2.4-r1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "a6e14d1837131339f85ff337fbd4ecb8886945ae" + }, + { + "name": "syft:metadata:installedSize", + "value": "135168" + }, + { + "name": "syft:metadata:originPackage", + "value": "musl" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:getconf=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:1", + "value": "cmd:getent=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:2", + "value": "cmd:iconv=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:3", + "value": "cmd:ldconfig=1.2.4-r1" + }, + { + "name": "syft:metadata:provides:4", + "value": "cmd:ldd=1.2.4-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1x4sUHXjWjUzYP5FPvJL1HWBjL1M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "scanelf" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "36691" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "type": "library", + "publisher": "Natanael Copa ", + "name": "scanelf", + "version": "1.3.7-r1", + "description": "Scan ELF binaries for stuff", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:scanelf:scanelf:1.3.7-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "90112" + }, + { + "name": "syft:metadata:originPackage", + "value": "pax-utils" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:scanelf=1.3.7-r1" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q14nq9o4+uo2NaLbTVDQB3UeooC0M=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "35664" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "type": "library", + "publisher": "Sören Tempel ", + "name": "ssl_client", + "version": "1.36.1-r2", + "description": "EXternal ssl_client for busybox wget", + "licenses": [ + { + "license": { + "id": "GPL-2.0-only" + } + } + ], + "cpe": "cpe:2.3:a:ssl-client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://busybox.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl-client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl_client:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl-client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ssl:ssl_client:1.36.1-r2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "2684a6593b10051f8f9fcb01e4734e2d9533b0ea" + }, + { + "name": "syft:metadata:installedSize", + "value": "28672" + }, + { + "name": "syft:metadata:originPackage", + "value": "busybox" + }, + { + "name": "syft:metadata:provides:0", + "value": "cmd:ssl_client=1.36.1-r2" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1j6LHWpavmnFtpYjzQkH7apSIVOc=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:pullDependencies:1", + "value": "so:libcrypto.so.3" + }, + { + "name": "syft:metadata:pullDependencies:2", + "value": "so:libssl.so.3" + }, + { + "name": "syft:metadata:size", + "value": "4944" + } + ] + }, + { + "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "type": "library", + "publisher": "Natanael Copa ", + "name": "zlib", + "version": "1.2.13-r1", + "description": "A compression/decompression Library", + "licenses": [ + { + "license": { + "id": "Zlib" + } + } + ], + "cpe": "cpe:2.3:a:zlib:zlib:1.2.13-r1:*:*:*:*:*:*:*", + "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3", + "externalReferences": [ + { + "url": "https://zlib.net/", + "type": "distribution" + } + ], + "properties": [ + { + "name": "syft:package:foundBy", + "value": "apk-db-cataloger" + }, + { + "name": "syft:package:type", + "value": "apk" + }, + { + "name": "syft:package:metadataType", + "value": "apk-db-entry" + }, + { + "name": "syft:location:0:layerID", + "value": "sha256:4693057ce2364720d39e57e85a5b8e0bd9ac3573716237736d6470ec5b7b7230" + }, + { + "name": "syft:location:0:path", + "value": "/lib/apk/db/installed" + }, + { + "name": "syft:metadata:gitCommitOfApkPort", + "value": "84a227baf001b6e0208e3352b294e4d7a40e93de" + }, + { + "name": "syft:metadata:installedSize", + "value": "110592" + }, + { + "name": "syft:metadata:originPackage", + "value": "zlib" + }, + { + "name": "syft:metadata:provides:0", + "value": "so:libz.so.1=1.2.13" + }, + { + "name": "syft:metadata:pullChecksum", + "value": "Q1JlboSJkrN4qkDcokr4zenpcWEXQ=" + }, + { + "name": "syft:metadata:pullDependencies:0", + "value": "so:libc.musl-x86_64.so.1" + }, + { + "name": "syft:metadata:size", + "value": "54253" + } + ] + }, + { + "bom-ref": "os:alpine@3.18.3", + "type": "operating-system", + "name": "alpine", + "version": "3.18.3", + "description": "Alpine Linux v3.18", + "swid": { + "tagId": "alpine", + "name": "alpine", + "version": "3.18.3" + }, + "externalReferences": [ + { + "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues", + "type": "issue-tracker" + }, + { + "url": "https://alpinelinux.org/", + "type": "website" + } + ], + "properties": [ + { + "name": "syft:distro:id", + "value": "alpine" + }, + { + "name": "syft:distro:prettyName", + "value": "Alpine Linux v3.18" + }, + { + "name": "syft:distro:versionID", + "value": "3.18.3" + } + ] + } + ], + "dependencies": [ + { + "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=alpine-3.18.3&package-id=baca676b3df82a63", + "dependsOn": [ + "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&upstream=alpine-baselayout&distro=alpine-3.18.3&package-id=85e34641ddeca26c", + "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca" + ] + }, + { + "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=alpine-3.18.3&package-id=e54b9e6921a9482e", + "dependsOn": [ + "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&upstream=ca-certificates&distro=alpine-3.18.3&package-id=e6d1b63d5a046c55", + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc" + ] + }, + { + "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=b8384340b5c5b8ca", + "dependsOn": [ + "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5" + ] + }, + { + "ref": "pkg:apk/alpine/busybox@1.36.1-r2?arch=x86_64&distro=alpine-3.18.3&package-id=c4df3b964f3b98b5", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&upstream=libc-dev&distro=alpine-3.18.3&package-id=caef79f1fe0b500a", + "dependsOn": [ + "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6" + ] + }, + { + "ref": "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/musl-utils@1.2.4-r1?arch=x86_64&upstream=musl&distro=alpine-3.18.3&package-id=d4ae8261cf0671f6", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3", + "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970" + ] + }, + { + "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&upstream=pax-utils&distro=alpine-3.18.3&package-id=701300eef0967970", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/ssl_client@1.36.1-r2?arch=x86_64&upstream=busybox&distro=alpine-3.18.3&package-id=bdbab9ee97709e2f", + "dependsOn": [ + "pkg:apk/alpine/libcrypto3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=8ef465fdfe63fe6b", + "pkg:apk/alpine/libssl3@3.1.2-r0?arch=x86_64&upstream=openssl&distro=alpine-3.18.3&package-id=011c57b5dbefaa2d", + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + }, + { + "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=alpine-3.18.3&package-id=c8e7fc9f117e52bc", + "dependsOn": [ + "pkg:apk/alpine/musl@1.2.4-r1?arch=x86_64&distro=alpine-3.18.3&package-id=cb940afce7c7e0d3" + ] + } + ], + "data": { + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:600bf98a-94fb-4a9c-b7b5-0bae4f32aeb7", + "version": 1, + "metadata": { + "timestamp": "2024-08-19T08:25:05-04:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.11.0" + } + ] + }, + "component": { + "bom-ref": "1d098408640ab242", + "type": "container", + "name": "alpine", + "version": "sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33" + } + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json new file mode 100644 index 0000000000..1a5a3561de --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json @@ -0,0 +1,213 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.15" + }, + "version": "2.10.15", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski", + "analysis.state": "not_affected", + "analysis.justification": "code_not_reachable", + "analysis.response": "will_not_fix, update", + "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "descriptions": [ + { + "data": "Recommendation: Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" + } + ], + "refs": [ + { + "ref": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + } + }, + { + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } + } + ] + }, + { + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ] + } + ] + } + ], + "source_location": {}, + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "id": "CVE-2020-25649", + "desc": "Description: com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nDetail: XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "impact": 0.82, + "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", + "start_time": "" + } + ] + } + ], + "sha256": "11edd9546478812825f507e52fd640da19bd27f7370f43bfb90b455dbbe03fed" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1 + } + } + ], + "raw": { + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "vulnerabilities": [ + { + "id": "CVE-2020-25649", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + }, + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } + } + ], + "ratings": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1" + }, + "score": 7.5, + "severity": "high", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + { + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + }, + "score": 8.2, + "severity": "high", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + { + "source": { + "name": "Acme Inc", + "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" + }, + "score": 0, + "severity": "none", + "method": "CVSSv31", + "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" + } + ], + "cwes": [ + 611 + ], + "description": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "detail": "XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "recommendation": "Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ], + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "credits": { + "individuals": [ + { + "name": "Bartosz Baranowski" + } + ] + }, + "analysis": { + "state": "not_affected", + "justification": "code_not_reachable", + "response": [ + "will_not_fix", + "update" + ], + "detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "affects": [ + { + "ref": "urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar" + } + ] + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json new file mode 100644 index 0000000000..94caad9fdc --- /dev/null +++ b/libs/hdf-converters/sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json @@ -0,0 +1,114 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.15" + }, + "version": "2.10.15", + "statistics": {}, + "profiles": [ + { + "name": "CycloneDX BOM Report", + "title": "CycloneDX BOM Report", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SI-10" + ], + "cci": [ + "CCI-001310" + ], + "cwe": [ + "CWE-611" + ], + "ratings": "NVD - high, SNYK - high, Acme Inc - none", + "created": "2020-12-03T00:00:00.000Z", + "published": "2020-12-03T00:00:00.000Z", + "updated": "2021-10-26T00:00:00.000Z", + "credits": "Bartosz Baranowski", + "analysis.state": "not_affected", + "analysis.justification": "code_not_reachable", + "analysis.response": "will_not_fix, update", + "analysis.detail": "Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly." + }, + "descriptions": [ + { + "data": "Recommendation: Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.", + "label": "fix" + } + ], + "refs": [ + { + "ref": [ + { + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649" + } + }, + { + "references": [ + { + "id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302", + "source": { + "name": "SNYK", + "url": "https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302" + } + } + ] + }, + { + "advisories": [ + { + "title": "GitHub Commit", + "url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59" + }, + { + "title": "GitHub Issue", + "url": "https://github.com/FasterXML/jackson-databind/issues/2589" + }, + { + "title": "RedHat Bugzilla Bug", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664" + } + ] + } + ] + } + ], + "source_location": {}, + "title": "com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.", + "id": "CVE-2020-25649", + "desc": "Description: com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\n\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\n\nDetail: XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\n\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.", + "impact": 0.82, + "code": "{\n \"id\": \"CVE-2020-25649\",\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2020-25649\"\n },\n \"references\": [\n {\n \"id\": \"SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\",\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n }\n }\n ],\n \"ratings\": [\n {\n \"source\": {\n \"name\": \"NVD\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N&version=3.1\"\n },\n \"score\": 7.5,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"SNYK\",\n \"url\": \"https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302\"\n },\n \"score\": 8.2,\n \"severity\": \"high\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\"\n },\n {\n \"source\": {\n \"name\": \"Acme Inc\",\n \"url\": \"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1\"\n },\n \"score\": 0,\n \"severity\": \"none\",\n \"method\": \"CVSSv31\",\n \"vector\": \"AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N\"\n }\n ],\n \"cwes\": [\n 611\n ],\n \"description\": \"com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.\\n\\nAffected versions of this package are vulnerable to XML External Entity (XXE) Injection. A flaw was found in FasterXML Jackson Databind, where it does not have entity expansion secured properly in the DOMDeserializer class. The highest threat from this vulnerability is data integrity.\",\n \"detail\": \"XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\\n\\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\",\n \"recommendation\": \"Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.7, 2.10.5.1 or higher.\",\n \"advisories\": [\n {\n \"title\": \"GitHub Commit\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59\"\n },\n {\n \"title\": \"GitHub Issue\",\n \"url\": \"https://github.com/FasterXML/jackson-databind/issues/2589\"\n },\n {\n \"title\": \"RedHat Bugzilla Bug\",\n \"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\"\n }\n ],\n \"created\": \"2020-12-03T00:00:00.000Z\",\n \"published\": \"2020-12-03T00:00:00.000Z\",\n \"updated\": \"2021-10-26T00:00:00.000Z\",\n \"credits\": {\n \"individuals\": [\n {\n \"name\": \"Bartosz Baranowski\"\n }\n ]\n },\n \"analysis\": {\n \"state\": \"not_affected\",\n \"justification\": \"code_not_reachable\",\n \"response\": [\n \"will_not_fix\",\n \"update\"\n ],\n \"detail\": \"Automated dataflow analysis and manual code review indicates that the vulnerable code is not reachable, either directly or indirectly.\"\n },\n \"affects\": [\n {\n \"ref\": \"urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\"\n }\n ]\n}", + "results": [ + { + "status": "failed", + "code_desc": "Component urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar is vulnerable", + "message": "-Component Summary-\n\n- Type: application\n\n- Bom-ref: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar\n\n- Name: urn:cdx:3e671687-395b-41f5-a30f-a58921a69b79/1#pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.0?type=jar", + "start_time": "" + } + ] + } + ], + "sha256": "11edd9546478812825f507e52fd640da19bd27f7370f43bfb90b455dbbe03fed" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "SBOM", + "data": { + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1 + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json new file mode 100644 index 0000000000..d146b40210 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json @@ -0,0 +1,4034 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-13" + ], + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "id": "G404", + "desc": "", + "impact": 0.7, + "results": [ + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 91\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 85\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 84\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 83\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go\nLine: 67\nColumn: 13", + "message": "MEDIUM confidence of rule violation at:\n66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 53\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go\nLine: 221\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 162\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 142\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)\nGlobally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)\nGlobally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 133\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 99\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Errors unhandled.", + "id": "G104", + "desc": "", + "impact": 0.3, + "results": [ + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 243\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 242\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 943\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 808\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go\nLine: 55\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 555\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 553\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 508\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 316\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 310\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 131\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 126\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 121\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 75\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 74\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 73\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 63\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 62\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 78\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 71\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 64\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 57\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 47\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 27\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 19\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go\nLine: 13\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 143\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 142\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go\nLine: 411\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go\nLine: 98\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1697\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1689\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1675\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1502\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1134\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1112\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 709\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 408\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 156\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n155: \t}\n156: \treplacement.Close()\n157: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 150\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go\nLine: 73\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1413\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1281\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1058\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 699\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 546\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 416\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 393\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 55\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 54\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 45\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 44\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 379\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 377\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 904\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 566\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 673\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 568\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 620\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 577\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 366\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 365\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 361\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go\nLine: 373\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 234\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 232\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 211\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 182\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 180\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 456\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 448\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 426\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 209\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 186\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 177\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 159\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 94\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n93: \t}\n94: \tf.Close()\n95: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 91\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 108-110\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 103\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go\nLine: 65\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 64\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 58\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 43\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 41\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 923\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 682\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 680\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 669\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 667\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 658\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 310\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 189\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 183\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 146\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 144\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 128\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 126\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go\nLine: 417\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 312\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 310-315\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 309\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 306\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 305\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 301\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 299-304\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 271\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 269-276\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 255\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 254\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 251\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 242\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 241\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 225\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 224\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 140\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 139\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 135\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 133-138\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 58\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 57\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 53\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 51-56\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 263\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 262\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 261\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 260\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 258-265\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go\nLine: 176\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 574-583\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 514-523\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 448-459\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 431-440\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 338-349\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 39-46\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 522\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 513\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 484\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1536\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1524\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true) // #nosec G104\n1525: \t\t\tbc.lastWrite = chosen\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1505\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1491\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1148\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 458\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104 -- False positive\n459: \t\t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 456\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 413\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "start_time": "" + } + ] + } + ], + "sha256": "ffd164852c13af0396819224624bceb4873791b403a217d145c00c7b0f39fe0f" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 8, + "found": 161 + } + } + } + ], + "raw": { + "Golang errors": {}, + "Issues": [ + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "line": "91", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "line": "85", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "line": "84", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "line": "83", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go", + "code": "66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "line": "67", + "column": "13", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "line": "53", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go", + "code": "220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "line": "221", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "line": "162", + "column": "15", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "line": "142", + "column": "22", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + }, + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + }, + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "line": "133", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "line": "99", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "line": "243", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "line": "242", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "line": "943", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "line": "808", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go", + "code": "54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "line": "55", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "line": "555", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "line": "553", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "line": "508", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "line": "316", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "line": "310", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "line": "131", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "line": "126", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "line": "121", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "line": "75", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "line": "74", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "line": "73", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "line": "63", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "line": "62", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "line": "78", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "line": "71", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "line": "64", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "line": "57", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "line": "47", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "line": "27", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "line": "19", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go", + "code": "12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "line": "13", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "line": "143", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "line": "142", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go", + "code": "410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "line": "411", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go", + "code": "97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "line": "98", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "line": "1697", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "line": "1689", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "line": "1675", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "line": "1502", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "line": "1134", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "line": "1112", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "line": "709", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "line": "408", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "155: \t}\n156: \treplacement.Close()\n157: \n", + "line": "156", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "line": "150", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go", + "code": "72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "line": "73", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "line": "1413", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "line": "1281", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "line": "1058", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "line": "699", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "line": "546", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "line": "416", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "line": "393", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "line": "55", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "line": "54", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "line": "45", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "line": "44", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "line": "379", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "line": "377", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "line": "904", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "line": "566", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "line": "673", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "line": "568", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "line": "620", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "line": "577", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "line": "366", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "line": "365", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "line": "361", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go", + "code": "372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "line": "373", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "line": "234", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "232", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "211", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "line": "182", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "180", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "line": "456", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "line": "448", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "line": "426", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "line": "209", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "line": "186", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "line": "177", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "line": "159", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "93: \t}\n94: \tf.Close()\n95: \n", + "line": "94", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "line": "91", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "line": "108-110", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "line": "103", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go", + "code": "64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "line": "65", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "line": "64", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "line": "58", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "line": "43", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "line": "41", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "line": "923", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "line": "682", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "line": "680", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "line": "669", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "line": "667", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "line": "658", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "line": "310", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "line": "189", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "line": "183", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "line": "146", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "line": "144", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "line": "128", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "line": "126", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go", + "code": "416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "line": "417", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "line": "312", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "line": "310-315", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "309", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "line": "306", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "line": "305", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "line": "301", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "line": "299-304", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "line": "271", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "line": "269-276", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "line": "255", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "254", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "251", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "line": "242", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "241", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "line": "225", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "224", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "line": "140", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "line": "139", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "line": "135", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "line": "133-138", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "line": "58", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "line": "57", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "line": "53", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "line": "51-56", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "line": "263", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "line": "262", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "line": "261", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "line": "260", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "line": "258-265", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go", + "code": "175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "line": "176", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "line": "574-583", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "line": "514-523", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "line": "448-459", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "line": "431-440", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "line": "338-349", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "line": "39-46", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "line": "522", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "line": "513", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "line": "484", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go", + "code": "69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "line": "1536", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true) // #nosec G104\n1525: \t\t\tbc.lastWrite = chosen\n", + "line": "1524", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "line": "1505", + "column": "3", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "line": "1491", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "line": "1148", + "column": "5", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104 -- False positive\n459: \t\t}\n", + "line": "458", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "line": "456", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "line": "413", + "column": "2", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + } + ], + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 8, + "found": 161 + }, + "GosecVersion": "dev" + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json new file mode 100644 index 0000000000..33008ec10d --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json @@ -0,0 +1,1186 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-13" + ], + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "id": "G404", + "desc": "", + "impact": 0.7, + "results": [ + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 91\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 85\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 84\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 83\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go\nLine: 67\nColumn: 13", + "message": "MEDIUM confidence of rule violation at:\n66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 53\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go\nLine: 221\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 162\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 142\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)\nGlobally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)\nGlobally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 133\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 99\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Errors unhandled.", + "id": "G104", + "desc": "", + "impact": 0.3, + "results": [ + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 243\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 242\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 943\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 808\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go\nLine: 55\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 555\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 553\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 508\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 316\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 310\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 131\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 126\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 121\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 75\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 74\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 73\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 63\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 62\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 78\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 71\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 64\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 57\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 47\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 27\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 19\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go\nLine: 13\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 143\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 142\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go\nLine: 411\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go\nLine: 98\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1697\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1689\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1675\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1502\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1134\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1112\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 709\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 408\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 156\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n155: \t}\n156: \treplacement.Close()\n157: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 150\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go\nLine: 73\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1413\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1281\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1058\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 699\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 546\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 416\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 393\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 55\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 54\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 45\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 44\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 379\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 377\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 904\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 566\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 673\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 568\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 620\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 577\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 366\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 365\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 361\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go\nLine: 373\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 234\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 232\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 211\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 182\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 180\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 456\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 448\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 426\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 209\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 186\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 177\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 159\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 94\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n93: \t}\n94: \tf.Close()\n95: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 91\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 108-110\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 103\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go\nLine: 65\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 64\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 58\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 43\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 41\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 923\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 682\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 680\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 669\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 667\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 658\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 310\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 189\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 183\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 146\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 144\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 128\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 126\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go\nLine: 417\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 312\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 310-315\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 309\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 306\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 305\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 301\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 299-304\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 271\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 269-276\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 255\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 254\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 251\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 242\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 241\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 225\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 224\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 140\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 139\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 135\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 133-138\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 58\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 57\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 53\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 51-56\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 263\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 262\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 261\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 260\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 258-265\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go\nLine: 176\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 574-583\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 514-523\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 448-459\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 431-440\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 338-349\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 39-46\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 522\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 513\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 484\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1536\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1524\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true) // #nosec G104\n1525: \t\t\tbc.lastWrite = chosen\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1505\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1491\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "No justification provided (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1148\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 458\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104 -- False positive\n459: \t\t}\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 456\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "False positive (inSource)", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 413\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "start_time": "" + } + ] + } + ], + "sha256": "ffd164852c13af0396819224624bceb4873791b403a217d145c00c7b0f39fe0f" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 8, + "found": 161 + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json new file mode 100644 index 0000000000..bf41b5b05e --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json @@ -0,0 +1,3966 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-13" + ], + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "id": "G404", + "desc": "", + "impact": 0.7, + "results": [ + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 91\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 85\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 84\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 83\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go\nLine: 67\nColumn: 13", + "message": "MEDIUM confidence of rule violation at:\n66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 53\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go\nLine: 221\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 162\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 142\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 133\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 99\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Errors unhandled.", + "id": "G104", + "desc": "", + "impact": 0.3, + "results": [ + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 243\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 242\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 943\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 808\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go\nLine: 55\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 555\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 553\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 508\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 316\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 310\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 131\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 126\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 121\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 75\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 74\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 73\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 63\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 62\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 78\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 71\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 64\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 57\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 47\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 27\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 19\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go\nLine: 13\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 143\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 142\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go\nLine: 411\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go\nLine: 98\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1697\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1689\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1675\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1502\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1134\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1112\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 709\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 408\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 156\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n155: \t}\n156: \treplacement.Close()\n157: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 150\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go\nLine: 73\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1413\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1281\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1058\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 699\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 546\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 416\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 393\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 55\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 54\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 45\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 44\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 379\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 377\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 904\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 566\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 673\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 568\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 620\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 577\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 366\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 365\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 361\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go\nLine: 373\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 234\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 232\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 211\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 182\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 180\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 456\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 448\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 426\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 209\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 186\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 177\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 159\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 94\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n93: \t}\n94: \tf.Close()\n95: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 91\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 108-110\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 103\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go\nLine: 65\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 64\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 58\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 43\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 41\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 923\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 682\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 680\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 669\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 667\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 658\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 310\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 189\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 183\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 146\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 144\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 128\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 126\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go\nLine: 417\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 312\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 310-315\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 309\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 306\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 305\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 301\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 299-304\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 271\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 269-276\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 255\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 254\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 251\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 242\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 241\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 225\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 224\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 140\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 139\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 135\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 133-138\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 58\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 57\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 53\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 51-56\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 263\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 262\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 261\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 260\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 258-265\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go\nLine: 176\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 574-583\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 514-523\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 448-459\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 431-440\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 338-349\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 39-46\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 522\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 513\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 484\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1536\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1524\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true)\n1525: \t\t\tbc.lastWrite = chosen\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1505\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1491\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1148\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 458\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104\n459: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 456\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 413\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "start_time": "" + } + ] + } + ], + "sha256": "736017b8efc98273389b7d8f26900321a13d86b0d8aefccf8c0ec1217d8a4b93" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 0, + "found": 171 + } + } + } + ], + "raw": { + "Golang errors": {}, + "Issues": [ + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "line": "91", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "line": "85", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "line": "84", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "line": "83", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go", + "code": "66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "line": "67", + "column": "13", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "line": "53", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go", + "code": "220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "line": "221", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "line": "162", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "line": "142", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "line": "133", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "line": "99", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "line": "243", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "line": "242", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "line": "943", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "line": "808", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go", + "code": "54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "line": "55", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "line": "555", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "line": "553", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "line": "508", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "line": "316", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "line": "310", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "line": "131", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "line": "126", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "line": "121", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "line": "75", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "line": "74", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "line": "73", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "line": "63", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "line": "62", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "line": "78", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "line": "71", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "line": "64", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "line": "57", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "line": "47", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "line": "27", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "line": "19", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go", + "code": "12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "line": "13", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "line": "143", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "line": "142", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go", + "code": "410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "line": "411", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go", + "code": "97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "line": "98", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "line": "1697", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "line": "1689", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "line": "1675", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "line": "1502", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "line": "1134", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "line": "1112", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "line": "709", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "line": "408", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "155: \t}\n156: \treplacement.Close()\n157: \n", + "line": "156", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "line": "150", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go", + "code": "72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "line": "73", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "line": "1413", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "line": "1281", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "line": "1058", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "line": "699", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "line": "546", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "line": "416", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "line": "393", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "line": "55", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "line": "54", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "line": "45", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "line": "44", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "line": "379", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "line": "377", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "line": "904", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "line": "566", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "line": "673", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "line": "568", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "line": "620", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "line": "577", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "line": "366", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "line": "365", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "line": "361", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go", + "code": "372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "line": "373", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "line": "234", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "232", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "211", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "line": "182", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "line": "180", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "line": "456", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "line": "448", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "line": "426", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "line": "209", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "line": "186", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "line": "177", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "line": "159", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "93: \t}\n94: \tf.Close()\n95: \n", + "line": "94", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "line": "91", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "line": "108-110", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "line": "103", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go", + "code": "64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "line": "65", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "line": "64", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "line": "58", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "line": "43", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "line": "41", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "line": "923", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "line": "682", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "line": "680", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "line": "669", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "line": "667", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "line": "658", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "line": "310", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "line": "189", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "line": "183", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "line": "146", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "line": "144", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "line": "128", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "line": "126", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go", + "code": "416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "line": "417", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "line": "312", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "line": "310-315", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "309", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "line": "306", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "line": "305", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "line": "301", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "line": "299-304", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "line": "271", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "line": "269-276", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "line": "255", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "254", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "251", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "line": "242", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "241", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "line": "225", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "224", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "line": "140", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "line": "139", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "line": "135", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "line": "133-138", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "line": "58", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "line": "57", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "line": "53", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "line": "51-56", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "line": "263", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "line": "262", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "line": "261", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "line": "260", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "line": "258-265", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go", + "code": "175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "line": "176", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "line": "574-583", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "line": "514-523", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "line": "448-459", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "line": "431-440", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "line": "338-349", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "line": "39-46", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "line": "522", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "line": "513", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "line": "484", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go", + "code": "69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "line": "1536", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true)\n1525: \t\t\tbc.lastWrite = chosen\n", + "line": "1524", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "line": "1505", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "line": "1491", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "line": "1148", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104\n459: \t\t}\n", + "line": "458", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "line": "456", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "line": "413", + "column": "2", + "nosec": false, + "suppressions": null + } + ], + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 0, + "found": 171 + }, + "GosecVersion": "dev" + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json new file mode 100644 index 0000000000..e9fce312fb --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json @@ -0,0 +1,1176 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SC-13" + ], + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "id": "G404", + "desc": "", + "impact": 0.7, + "results": [ + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 91\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 85\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 84\nColumn: 29", + "message": "MEDIUM confidence of rule violation at:\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go\nLine: 83\nColumn: 30", + "message": "MEDIUM confidence of rule violation at:\n82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G404 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go\nLine: 67\nColumn: 13", + "message": "MEDIUM confidence of rule violation at:\n66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 53\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go\nLine: 221\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 162\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 142\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 86\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 102\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 97\nColumn: 9", + "message": "HIGH confidence of rule violation at:\n96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 84\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 133\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "skipped", + "skip_message": "Globally suppressed. (external)", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 99\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Errors unhandled.", + "id": "G104", + "desc": "", + "impact": 0.3, + "results": [ + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 243\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go\nLine: 242\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 943\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go\nLine: 808\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go\nLine: 55\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 555\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 553\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go\nLine: 508\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n507: \tc := writeCounter(0)\n508: \trlp.Encode(&c, &tx.inner)\n509: \tsize := uint64(c)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 316\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go\nLine: 310\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 131\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 126\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 121\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 75\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 74\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 73\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 63\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go\nLine: 62\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 78\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 71\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 64\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 57\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 47\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 27\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go\nLine: 19\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go\nLine: 13\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 143\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go\nLine: 142\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go\nLine: 411\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n410: \tc := writeCounter(0)\n411: \trlp.Encode(&c, b)\n412: \tb.size.Store(uint64(c))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go\nLine: 98\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n97: \t\t\tfor j := i - 1; j >= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1697\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1689\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1675\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1502\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1134\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 1112\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1111: \t\t\tif !hasPending && !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 709\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go\nLine: 408\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 156\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n155: \t}\n156: \treplacement.Close()\n157: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go\nLine: 150\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go\nLine: 73\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1413\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1281\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 1058\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 699\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 546\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 416\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go\nLine: 393\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 55\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 54\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 45\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go\nLine: 44\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 379\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go\nLine: 377\nColumn: 6", + "message": "HIGH confidence of rule violation at:\n376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 904\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go\nLine: 566\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 673\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go\nLine: 568\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 620\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 577\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 366\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 365\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go\nLine: 361\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go\nLine: 373\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 234\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 232\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 211\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 182\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go\nLine: 180\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() > ethdb.IdealBatchSize {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 456\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 448\nColumn: 7", + "message": "HIGH confidence of rule violation at:\n447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 426\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 209\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 186\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n185: \tif batch.ValueSize() > 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 177\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n176: \t\t\tif batch.ValueSize() >= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go\nLine: 159\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 94\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n93: \t}\n94: \tf.Close()\n95: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go\nLine: 91\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 108-110\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go\nLine: 103\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go\nLine: 65\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n64: \t\tfor i := 0; i < len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 64\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 58\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 43\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go\nLine: 41\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 923\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 682\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 680\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 669\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 667\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 658\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 310\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 189\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go\nLine: 183\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 146\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 144\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 128\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go\nLine: 126\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go\nLine: 417\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 312\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 310-315\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i < 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 309\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 306\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 305\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 301\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 299-304\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i < 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 271\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 269-276\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 255\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 254\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n253: \t\tfor i := 0; i < 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 251\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 242\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 241\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n240: \t\tfor i := 90; i < 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 238\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 225\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 224\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n223: \t\tfor i := 0; i < 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 213\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n212: \t\tfor i := 0; i < 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 140\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 139\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 135\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 133-138\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i < 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 58\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 57\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 53\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go\nLine: 51-56\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i < len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 263\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 262\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 261\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 260\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 259\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go\nLine: 258-265\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go\nLine: 176\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 574-583\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 514-523\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 448-459\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) > 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 431-440\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 338-349\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) > 0 && crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go\nLine: 39-46\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 522\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 513\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go\nLine: 484\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go\nLine: 70\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1536\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1524\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true)\n1525: \t\t\tbc.lastWrite = chosen\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1505\nColumn: 3", + "message": "HIGH confidence of rule violation at:\n1504: \tif nodes > limit || imgs > 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1491\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 1148\nColumn: 5", + "message": "HIGH confidence of rule violation at:\n1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 458\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104\n459: \t\t}\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 456\nColumn: 4", + "message": "HIGH confidence of rule violation at:\n455: \t\tif compat.RewindToTime > 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G104 violation detected at:\nFile: C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go\nLine: 413\nColumn: 2", + "message": "HIGH confidence of rule violation at:\n412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "start_time": "" + } + ] + } + ], + "sha256": "736017b8efc98273389b7d8f26900321a13d86b0d8aefccf8c0ec1217d8a4b93" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 0, + "found": 171 + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json deleted file mode 100644 index 5861051a8d..0000000000 --- a/libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json +++ /dev/null @@ -1,145 +0,0 @@ -{ - "passthrough": { - "auxiliary_data": [ - { - "name": "Gosec", - "data": { - "Golang errors": {} - } - } - ] - }, - "platform": { - "name": "Heimdall Tools", - "release": "2.6.32" - }, - "version": "2.6.32", - "statistics": {}, - "profiles": [ - { - "name": "Gosec scanner", - "title": "gosec", - "version": "dev", - "supports": [], - "attributes": [], - "groups": [], - "status": "loaded", - "controls": [ - { - "tags": { - "nist": [ - "SI-10" - ], - "cwe": { - "id": "22", - "url": "https://cwe.mitre.org/data/definitions/22.html" - }, - "nosec": "", - "suppressions": "", - "severity": "MEDIUM", - "confidence": "HIGH" - }, - "refs": [], - "source_location": {}, - "title": "Potential file inclusion via variable", - "id": "G304", - "desc": "", - "impact": 0.5, - "results": [ - { - "status": "failed", - "code_desc": "82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:83, column:14", - "start_time": "" - }, - { - "status": "failed", - "code_desc": "51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go, line:52, column:27", - "start_time": "" - }, - { - "status": "failed", - "code_desc": "95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:96, column:12", - "start_time": "" - }, - { - "status": "failed", - "code_desc": "86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:87, column:15", - "start_time": "" - }, - { - "status": "failed", - "code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22", - "start_time": "" - } - ] - }, - { - "tags": { - "nist": [ - "SI-2", - "RA-5" - ], - "cwe": { - "id": "276", - "url": "https://cwe.mitre.org/data/definitions/276.html" - }, - "nosec": "", - "suppressions": "", - "severity": "MEDIUM", - "confidence": "HIGH" - }, - "refs": [], - "source_location": {}, - "title": "Expect file permissions to be 0600 or less", - "id": "G302", - "desc": "", - "impact": 0.5, - "results": [ - { - "status": "failed", - "code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22", - "start_time": "" - } - ] - }, - { - "tags": { - "nist": [ - "SI-2", - "RA-5" - ], - "cwe": { - "id": "276", - "url": "https://cwe.mitre.org/data/definitions/276.html" - }, - "nosec": "", - "suppressions": "", - "severity": "MEDIUM", - "confidence": "HIGH" - }, - "refs": [], - "source_location": {}, - "title": "Expect directory permissions to be 0750 or less", - "id": "G301", - "desc": "", - "impact": 0.5, - "results": [ - { - "status": "failed", - "code_desc": "76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n", - "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:77, column:15", - "start_time": "" - } - ] - } - ], - "sha256": "b849a262dbb19f2c8f950a75c551aa50b97c76967cd092d6ac5585cabe3fbbc4" - } - ] -} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json b/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json new file mode 100644 index 0000000000..81ea4c2e29 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json @@ -0,0 +1,263 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 83\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go\nLine: 52\nColumn: 27", + "message": "HIGH confidence of rule violation at:\n51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 96\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 87\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 77\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n", + "start_time": "" + } + ] + } + ], + "sha256": "3968d46e62c53b3dc1977f9598d9ad93192f9ae13237d0c493b945e7bd27c28d" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 199, + "lines": 12401, + "nosec": 0, + "found": 7 + } + } + } + ], + "raw": { + "Golang errors": {}, + "Issues": [ + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go", + "code": "82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n", + "line": "83", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go", + "code": "51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n", + "line": "52", + "column": "27", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go", + "code": "95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n", + "line": "96", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go", + "code": "86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n", + "line": "87", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go", + "code": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "line": "19", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go", + "code": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "line": "19", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go", + "code": "76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n", + "line": "77", + "column": "15", + "nosec": false, + "suppressions": null + } + ], + "Stats": { + "files": 199, + "lines": 12401, + "nosec": 0, + "found": 7 + }, + "GosecVersion": "dev" + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf.json new file mode 100644 index 0000000000..421d85d5c5 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf.json @@ -0,0 +1,139 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "gosec Scan", + "title": "gosec Scan", + "version": "dev", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "SI-10" + ], + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Potential file inclusion via variable", + "id": "G304", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 83\nColumn: 14", + "message": "HIGH confidence of rule violation at:\n82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go\nLine: 52\nColumn: 27", + "message": "HIGH confidence of rule violation at:\n51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 96\nColumn: 12", + "message": "HIGH confidence of rule violation at:\n95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 87\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect file permissions to be 0600 or less", + "id": "G302", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22", + "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "SI-2", + "RA-5" + ], + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + } + }, + "refs": [], + "source_location": {}, + "title": "Expect directory permissions to be 0750 or less", + "id": "G301", + "desc": "", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 77\nColumn: 15", + "message": "HIGH confidence of rule violation at:\n76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n", + "start_time": "" + } + ] + } + ], + "sha256": "3968d46e62c53b3dc1977f9598d9ad93192f9ae13237d0c493b945e7bd27c28d" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "gosec", + "data": { + "Golang errors": {}, + "Stats": { + "files": 199, + "lines": 12401, + "nosec": 0, + "found": 7 + } + } + } + ] + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_all_suppressed.json b/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_all_suppressed.json new file mode 100644 index 0000000000..52ee57b09d --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_all_suppressed.json @@ -0,0 +1,2848 @@ +{ + "Golang errors": {}, + "Issues": [ + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "line": "91", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "line": "85", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "line": "84", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "line": "83", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go", + "code": "66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "line": "67", + "column": "13", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "line": "53", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go", + "code": "220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "line": "221", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "line": "162", + "column": "15", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "line": "142", + "column": "22", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + }, + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + }, + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "line": "133", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "line": "99", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "line": "243", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "line": "242", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "line": "943", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "line": "808", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go", + "code": "54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "line": "55", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "line": "555", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "line": "553", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "507: \tc := writeCounter(0)\n508: \trlp.Encode(\u0026c, \u0026tx.inner)\n509: \tsize := uint64(c)\n", + "line": "508", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "line": "316", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "line": "310", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "line": "131", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "line": "126", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "line": "121", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "line": "75", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "line": "74", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "line": "73", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "line": "63", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "line": "62", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "line": "78", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "line": "71", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "line": "64", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "line": "57", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "line": "47", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "line": "27", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "line": "19", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go", + "code": "12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "line": "13", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "line": "143", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "line": "142", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go", + "code": "410: \tc := writeCounter(0)\n411: \trlp.Encode(\u0026c, b)\n412: \tb.size.Store(uint64(c))\n", + "line": "411", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go", + "code": "97: \t\t\tfor j := i - 1; j \u003e= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "line": "98", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "line": "1697", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "line": "1689", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "line": "1675", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "line": "1502", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "line": "1134", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1111: \t\t\tif !hasPending \u0026\u0026 !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "line": "1112", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "line": "709", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "line": "408", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "155: \t}\n156: \treplacement.Close()\n157: \n", + "line": "156", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "line": "150", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go", + "code": "72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "line": "73", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "line": "1413", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "line": "1281", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "line": "1058", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "line": "699", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "line": "546", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "line": "416", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "line": "393", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "line": "55", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "line": "54", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "line": "45", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "line": "44", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "line": "379", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "line": "377", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "line": "904", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "line": "566", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "line": "673", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "line": "568", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "line": "620", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "line": "577", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "line": "366", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "line": "365", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "line": "361", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go", + "code": "372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "line": "373", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "233: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "line": "234", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "232", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "212: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "211", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "181: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "line": "182", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "180", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "line": "456", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "line": "448", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "line": "426", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "line": "209", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "185: \tif batch.ValueSize() \u003e 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "line": "186", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "176: \t\t\tif batch.ValueSize() \u003e= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "line": "177", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "line": "159", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "93: \t}\n94: \tf.Close()\n95: \n", + "line": "94", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "line": "91", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "line": "108-110", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "line": "103", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go", + "code": "64: \t\tfor i := 0; i \u003c len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "line": "65", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "line": "64", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "line": "58", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "line": "43", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "line": "41", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "line": "923", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "line": "682", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "line": "680", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "line": "669", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "line": "667", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "line": "658", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "line": "310", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "line": "189", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "line": "183", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "line": "146", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "line": "144", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "line": "128", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "line": "126", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go", + "code": "416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "line": "417", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "311: \t\t\tfor i := 0; i \u003c 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "line": "312", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i \u003c 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "line": "310-315", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "309", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "line": "306", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "line": "305", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "300: \t\t\tfor i := 0; i \u003c 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "line": "301", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i \u003c 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "line": "299-304", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "line": "271", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "line": "269-276", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "line": "255", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "253: \t\tfor i := 0; i \u003c 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "254", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "251", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "line": "242", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "240: \t\tfor i := 90; i \u003c 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "241", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "line": "225", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "223: \t\tfor i := 0; i \u003c 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "224", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "212: \t\tfor i := 0; i \u003c 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "line": "140", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "line": "139", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "134: \t\tfor i := 0; i \u003c 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "line": "135", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i \u003c 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "line": "133-138", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "line": "58", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "line": "57", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "52: \t\tfor i := 0; i \u003c len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "line": "53", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i \u003c len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "line": "51-56", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "line": "263", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "line": "262", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "line": "261", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "line": "260", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "line": "258-265", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go", + "code": "175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "line": "176", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "line": "574-583", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "line": "514-523", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) \u003e 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "line": "448-459", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "line": "431-440", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) \u003e 0 \u0026\u0026 crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "line": "338-349", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "line": "39-46", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "line": "522", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "line": "513", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "line": "484", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go", + "code": "69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "line": "1536", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true) // #nosec G104\n1525: \t\t\tbc.lastWrite = chosen\n", + "line": "1524", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1504: \tif nodes \u003e limit || imgs \u003e 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "line": "1505", + "column": "3", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "line": "1491", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "line": "1148", + "column": "5", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104 -- False positive\n459: \t\t}\n", + "line": "458", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "455: \t\tif compat.RewindToTime \u003e 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "line": "456", + "column": "4", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "line": "413", + "column": "2", + "nosec": false, + "suppressions": [ + { + "kind": "inSource", + "justification": "False positive" + } + ] + } + ], + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 8, + "found": 161 + }, + "GosecVersion": "dev" +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_external_suppressed.json b/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_external_suppressed.json new file mode 100644 index 0000000000..6b16ad3b50 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_external_suppressed.json @@ -0,0 +1,2790 @@ +{ + "Golang errors": {}, + "Issues": [ + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "90: \tfor bloomAccountHasherOffset == bloomDestructHasherOffset {\n91: \t\tbloomAccountHasherOffset = rand.Intn(25)\n92: \t}\n", + "line": "91", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n86: \n", + "line": "85", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n85: \tbloomStorageHasherOffset = rand.Intn(25)\n", + "line": "84", + "column": "29", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\difflayer.go", + "code": "82: \t// Init the bloom offsets in the range [0:24] (requires 8 bytes)\n83: \tbloomDestructHasherOffset = rand.Intn(25)\n84: \tbloomAccountHasherOffset = rand.Intn(25)\n", + "line": "83", + "column": "30", + "nosec": false, + "suppressions": null + }, + { + "severity": "HIGH", + "confidence": "MEDIUM", + "cwe": { + "id": "338", + "url": "https://cwe.mitre.org/data/definitions/338.html" + }, + "rule_id": "G404", + "details": "Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand)", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\forkchoice.go", + "code": "66: \t\tchain: chainReader,\n67: \t\trand: mrand.New(mrand.NewSource(seed.Int64())),\n68: \t\tpreserve: preserve,\n", + "line": "67", + "column": "13", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "52: \t// Open the source file\n53: \tsrc, err := os.Open(srcPath)\n54: \tif err != nil {\n", + "line": "53", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "22", + "url": "https://cwe.mitre.org/data/definitions/22.html" + }, + "rule_id": "G304", + "details": "Potential file inclusion via variable", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_resettable.go", + "code": "220: \t}\n221: \tdir, err := os.Open(parent)\n222: \tif err != nil {\n", + "line": "221", + "column": "14", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "161: \t}\n162: \tsink, err := os.OpenFile(journal.path, os.O_WRONLY|os.O_APPEND, 0644)\n163: \tif err != nil {\n", + "line": "162", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "141: \t// Generate a new journal with the contents of the current pool\n142: \treplacement, err := os.OpenFile(journal.path+\".new\", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)\n143: \tif err != nil {\n", + "line": "142", + "column": "22", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "85: \t// Ensure the file is synced to disk\n86: \tf, err := os.OpenFile(tempname, os.O_RDWR, 0666)\n87: \tif err != nil {\n", + "line": "86", + "column": "12", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n", + "line": "102", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n", + "line": "97", + "column": "9", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G302", + "details": "Expect file permissions to be 0600 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "83: \t// on different OS's\n84: \tfile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0644)\n85: \tif err != nil {\n", + "line": "84", + "column": "15", + "nosec": false, + "suppressions": null + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "132: \t// Ensure the containing directory exists and open the indexEntry file\n133: \tif err := os.MkdirAll(path, 0755); err != nil {\n134: \t\treturn nil, err\n", + "line": "133", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "MEDIUM", + "confidence": "HIGH", + "cwe": { + "id": "276", + "url": "https://cwe.mitre.org/data/definitions/276.html" + }, + "rule_id": "G301", + "details": "Expect directory permissions to be 0750 or less", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "98: \tflockFile := filepath.Join(datadir, \"FLOCK\")\n99: \tif err := os.MkdirAll(filepath.Dir(flockFile), 0755); err != nil {\n100: \t\treturn nil, err\n", + "line": "99", + "column": "12", + "nosec": false, + "suppressions": [ + { + "kind": "external", + "justification": "Globally suppressed." + } + ] + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n244: \n", + "line": "243", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\instructions.go", + "code": "241: \t}\n242: \tinterpreter.hasher.Write(data)\n243: \tinterpreter.hasher.Read(interpreter.hasherBuf[:])\n", + "line": "242", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "942: \tr := new(bls12381.G2Affine)\n943: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n944: \n", + "line": "943", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\vm\\contracts.go", + "code": "807: \tr := new(bls12381.G1Affine)\n808: \tr.MultiExp(points, scalars, ecc.MultiExpConfig{})\n809: \n", + "line": "808", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\withdrawal.go", + "code": "54: func (s Withdrawals) EncodeIndex(i int, w *bytes.Buffer) {\n55: \trlp.Encode(w, s[i])\n56: }\n", + "line": "55", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "554: \t} else {\n555: \t\ttx.encodeTyped(w)\n556: \t}\n", + "line": "555", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "552: \tif tx.Type() == LegacyTxType {\n553: \t\trlp.Encode(w, tx.inner)\n554: \t} else {\n", + "line": "553", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\transaction.go", + "code": "507: \tc := writeCounter(0)\n508: \trlp.Encode(\u0026c, \u0026tx.inner)\n509: \tsize := uint64(c)\n", + "line": "508", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "315: \tcase AccessListTxType, DynamicFeeTxType, BlobTxType:\n316: \t\trlp.Encode(w, data)\n317: \tdefault:\n", + "line": "316", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\receipt.go", + "code": "309: \tif r.Type == LegacyTxType {\n310: \t\trlp.Encode(w, data)\n311: \t\treturn\n", + "line": "310", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "130: \t\tvalue := encodeForDerive(list, i, valueBuf)\n131: \t\thasher.Update(indexBuf, value)\n132: \t}\n", + "line": "131", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "125: \t\tvalue := encodeForDerive(list, 0, valueBuf)\n126: \t\thasher.Update(indexBuf, value)\n127: \t}\n", + "line": "126", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "120: \t\tvalue := encodeForDerive(list, i, valueBuf)\n121: \t\thasher.Update(indexBuf, value)\n122: \t}\n", + "line": "121", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n76: \treturn h\n", + "line": "75", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n75: \tsha.Read(h[:])\n", + "line": "74", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "72: \tsha.Reset()\n73: \tsha.Write([]byte{prefix})\n74: \trlp.Encode(sha, x)\n", + "line": "73", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n64: \treturn h\n", + "line": "63", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\hashing.go", + "code": "61: \tsha.Reset()\n62: \trlp.Encode(sha, x)\n63: \tsha.Read(h[:])\n", + "line": "62", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "77: \t\tif obj.ParentBeaconRoot == nil {\n78: \t\t\tw.Write([]byte{0x80})\n79: \t\t} else {\n", + "line": "78", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "70: \t\tif obj.ExcessBlobGas == nil {\n71: \t\t\tw.Write([]byte{0x80})\n72: \t\t} else {\n", + "line": "71", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "63: \t\tif obj.BlobGasUsed == nil {\n64: \t\t\tw.Write([]byte{0x80})\n65: \t\t} else {\n", + "line": "64", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "56: \t\tif obj.WithdrawalsHash == nil {\n57: \t\t\tw.Write([]byte{0x80})\n58: \t\t} else {\n", + "line": "57", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "46: \t\tif obj.BaseFee == nil {\n47: \t\t\tw.Write(rlp.EmptyString)\n48: \t\t} else {\n", + "line": "47", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "26: \tif obj.Number == nil {\n27: \t\tw.Write(rlp.EmptyString)\n28: \t} else {\n", + "line": "27", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_header_rlp.go", + "code": "18: \tif obj.Difficulty == nil {\n19: \t\tw.Write(rlp.EmptyString)\n20: \t} else {\n", + "line": "19", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\gen_account_rlp.go", + "code": "12: \tif obj.Balance == nil {\n13: \t\tw.Write(rlp.EmptyString)\n14: \t} else {\n", + "line": "13", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n144: \thasherPool.Put(sha)\n", + "line": "143", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\bloom9.go", + "code": "141: \tsha.Reset()\n142: \tsha.Write(data)\n143: \tsha.Read(hashbuf)\n", + "line": "142", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\types\\block.go", + "code": "410: \tc := writeCounter(0)\n411: \trlp.Encode(\u0026c, b)\n412: \tb.size.Store(uint64(c))\n", + "line": "411", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\txpool.go", + "code": "97: \t\t\tfor j := i - 1; j \u003e= 0; j-- {\n98: \t\t\t\tsubpools[j].Close()\n99: \t\t\t}\n", + "line": "98", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1696: \t\t\tif _, ok := pool.queue[addr]; !ok {\n1697: \t\t\t\tpool.reserve(addr, false)\n1698: \t\t\t}\n", + "line": "1697", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1688: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1689: \t\t\t\tpool.enqueueTx(hash, tx, false, false)\n1690: \t\t\t}\n", + "line": "1689", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1674: \t\t\t// Internal shuffle shouldn't touch the lookup set.\n1675: \t\t\tpool.enqueueTx(hash, tx, false, false)\n1676: \t\t}\n", + "line": "1675", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1501: \t\t\tif _, ok := pool.pending[addr]; !ok {\n1502: \t\t\t\tpool.reserve(addr, false)\n1503: \t\t\t}\n", + "line": "1502", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1133: \t\t\t\t// Internal shuffle shouldn't touch the lookup set.\n1134: \t\t\t\tpool.enqueueTx(tx.Hash(), tx, false, false)\n1135: \t\t\t}\n", + "line": "1134", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "1111: \t\t\tif !hasPending \u0026\u0026 !hasQueued {\n1112: \t\t\t\tpool.reserve(addr, false)\n1113: \t\t\t}\n", + "line": "1112", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "708: \t\t\tif err != nil {\n709: \t\t\t\tpool.reserve(from, false)\n710: \t\t\t}\n", + "line": "709", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\legacypool.go", + "code": "407: \tif pool.journal != nil {\n408: \t\tpool.journal.close()\n409: \t}\n", + "line": "408", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "155: \t}\n156: \treplacement.Close()\n157: \n", + "line": "156", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\legacypool\\journal.go", + "code": "149: \t\t\tif err = rlp.Encode(replacement, tx); err != nil {\n150: \t\t\t\treplacement.Close()\n151: \t\t\t\treturn err\n", + "line": "150", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\limbo.go", + "code": "72: \t\t\tif err := l.store.Delete(id); err != nil {\n73: \t\t\t\tl.Close()\n74: \t\t\t\treturn nil, err\n", + "line": "73", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1412: \t\tdelete(p.spent, from)\n1413: \t\tp.reserve(from, false)\n1414: \t} else {\n", + "line": "1413", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1280: \t\t\tif err != nil {\n1281: \t\t\t\tp.reserve(from, false)\n1282: \t\t\t}\n", + "line": "1281", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "1057: \t\t\t\t\t\theap.Remove(p.evict, p.evict.index[addr])\n1058: \t\t\t\t\t\tp.reserve(addr, false)\n1059: \t\t\t\t\t}\n", + "line": "1058", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "698: \t\t\t}\n699: \t\t\tp.reserve(addr, false)\n700: \t\t} else {\n", + "line": "699", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "545: \t\t}\n546: \t\tp.reserve(addr, false)\n547: \n", + "line": "546", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "415: \tif err != nil {\n416: \t\tp.Close()\n417: \t\treturn err\n", + "line": "416", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\txpool\\blobpool\\blobpool.go", + "code": "392: \t\t\tif err := p.store.Delete(id); err != nil {\n393: \t\t\t\tp.Close()\n394: \t\t\t\treturn err\n", + "line": "393", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n56: \n", + "line": "55", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "53: \t\thasher.Reset()\n54: \t\thasher.Write(blob)\n55: \t\thasher.Read(hash)\n", + "line": "54", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n46: \n", + "line": "45", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\stateless\\database.go", + "code": "43: \t\thasher.Reset()\n44: \t\thasher.Write(blob)\n45: \t\thasher.Read(hash)\n", + "line": "44", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "378: \t\t\t\t} else {\n379: \t\t\t\t\tsf.trie.GetStorage(sf.addr, task.key)\n380: \t\t\t\t}\n", + "line": "379", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\trie_prefetcher.go", + "code": "376: \t\t\t\tif len(task.key) == common.AddressLength {\n377: \t\t\t\t\tsf.trie.GetAccount(common.BytesToAddress(task.key))\n378: \t\t\t\t} else {\n", + "line": "377", + "column": "6", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "903: \t}\n904: \tworkers.Wait()\n905: \ts.StorageUpdates += time.Since(start)\n", + "line": "904", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\statedb.go", + "code": "565: \tif obj.dirtyCode {\n566: \t\ts.trie.UpdateContractCode(obj.Address(), common.BytesToHash(obj.CodeHash()), obj.code)\n567: \t}\n", + "line": "566", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "672: \tif dl := t.disklayer(); dl != nil {\n673: \t\tdl.Release()\n674: \t}\n", + "line": "673", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\snapshot.go", + "code": "567: \t\t\tkey := it.Key()\n568: \t\t\tbatch.Delete(key)\n569: \t\t\tbase.cache.Del(key[1:])\n", + "line": "568", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "619: \t\tif acc.Root == types.EmptyRootHash {\n620: \t\t\tctx.removeStorageAt(account)\n621: \t\t} else {\n", + "line": "620", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "576: \n577: \t\t\tctx.removeStorageAt(account)\n578: \t\t\treturn nil\n", + "line": "577", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n367: \t\t}\n", + "line": "366", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "364: \t\tif nodes != nil {\n365: \t\t\ttdb.Update(root, types.EmptyRootHash, 0, trienode.NewWithNodeSet(nodes), nil)\n366: \t\t\ttdb.Commit(root, false)\n", + "line": "365", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\generate.go", + "code": "360: \t\tfor i, key := range result.keys {\n361: \t\t\tsnapTrie.Update(key, result.vals[i])\n362: \t\t}\n", + "line": "361", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\conversion.go", + "code": "372: \tfor leaf := range in {\n373: \t\tt.Update(leaf.key[:], leaf.value)\n374: \t}\n", + "line": "373", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "233: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n234: \t\t\tctx.batch.Write()\n235: \t\t\tctx.batch.Reset()\n", + "line": "234", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "231: \t\tcount++\n232: \t\tctx.batch.Delete(iter.Key())\n233: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "232", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "212: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n213: \t\t\tctx.batch.Write()\n214: \t\t\tctx.batch.Reset()\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "210: \t\tcount++\n211: \t\tctx.batch.Delete(key)\n212: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "211", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "181: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n182: \t\t\tctx.batch.Write()\n183: \t\t\tctx.batch.Reset()\n", + "line": "182", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\snapshot\\context.go", + "code": "179: \t\tcount++\n180: \t\tctx.batch.Delete(key)\n181: \t\tif ctx.batch.ValueSize() \u003e ethdb.IdealBatchSize {\n", + "line": "180", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "455: \t\t\tif !bytes.Equal(acc.CodeHash, types.EmptyCodeHash.Bytes()) {\n456: \t\t\t\tstateBloom.Put(acc.CodeHash, nil)\n457: \t\t\t}\n", + "line": "456", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "447: \t\t\t\t\tif hash != (common.Hash{}) {\n448: \t\t\t\t\t\tstateBloom.Put(hash.Bytes(), nil)\n449: \t\t\t\t\t}\n", + "line": "448", + "column": "7", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "425: \t\tif hash != (common.Hash{}) {\n426: \t\t\tstateBloom.Put(hash.Bytes(), nil)\n427: \t\t}\n", + "line": "426", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "208: \t// the things.\n209: \tos.RemoveAll(bloomPath)\n210: \n", + "line": "209", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "185: \tif batch.ValueSize() \u003e 0 {\n186: \t\tbatch.Write()\n187: \t\tbatch.Reset()\n", + "line": "186", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "176: \t\t\tif batch.ValueSize() \u003e= ethdb.IdealBatchSize {\n177: \t\t\t\tbatch.Write()\n178: \t\t\t\tbatch.Reset()\n", + "line": "177", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\pruner.go", + "code": "158: \t\t\tsize += common.StorageSize(len(key) + len(iter.Value()))\n159: \t\t\tbatch.Delete(key)\n160: \n", + "line": "159", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "93: \t}\n94: \tf.Close()\n95: \n", + "line": "94", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\pruner\\bloom.go", + "code": "90: \tif err := f.Sync(); err != nil {\n91: \t\tf.Close()\n92: \t\treturn err\n", + "line": "91", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "107: func (d iterativeDump) OnRoot(root common.Hash) {\n108: \td.Encode(struct {\n109: \t\tRoot common.Hash `json:\"root\"`\n110: \t}{root})\n111: }\n", + "line": "108-110", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\state\\dump.go", + "code": "102: \t}\n103: \td.Encode(dumpAccount)\n104: }\n", + "line": "103", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\sender_cacher.go", + "code": "64: \t\tfor i := 0; i \u003c len(task.txs); i += task.inc {\n65: \t\t\ttypes.Sender(task.signer, task.txs[i])\n66: \t\t}\n", + "line": "65", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "69: \t// we do the final move.\n70: \tsrc.Close()\n71: \n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "63: \tif err != nil {\n64: \t\tsrc.Close()\n65: \t\treturn err\n", + "line": "64", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "57: \tif _, err = src.Seek(int64(offset), 0); err != nil {\n58: \t\tsrc.Close()\n59: \t\treturn err\n", + "line": "58", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "42: \t\t}\n43: \t\tos.Remove(fname)\n44: \t}()\n", + "line": "43", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go", + "code": "40: \t\tif f != nil {\n41: \t\t\tf.Close()\n42: \t\t}\n", + "line": "41", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "922: \tt.releaseFile(t.headId)\n923: \tt.openFile(t.headId, openFreezerFileForReadOnly)\n924: \n", + "line": "923", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "681: \t\t\tif remove {\n682: \t\t\t\tos.Remove(f.Name())\n683: \t\t\t}\n", + "line": "682", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "679: \t\t\tdelete(t.files, fnum)\n680: \t\t\tf.Close()\n681: \t\t\tif remove {\n", + "line": "680", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "668: \t\t\tif remove {\n669: \t\t\t\tos.Remove(f.Name())\n670: \t\t\t}\n", + "line": "669", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "666: \t\t\tdelete(t.files, fnum)\n667: \t\t\tf.Close()\n668: \t\t\tif remove {\n", + "line": "667", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "657: \t\tdelete(t.files, num)\n658: \t\tf.Close()\n659: \t}\n", + "line": "658", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "309: \t\t\t} else {\n310: \t\t\t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n311: \t\t\t\tnewLastIndex.unmarshalBinary(buffer)\n", + "line": "310", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "258: \t} else {\n259: \t\tt.index.ReadAt(buffer, offsetsSize-indexEntrySize)\n260: \t\tlastIndex.unmarshalBinary(buffer)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "237: \t// and what item offset to use\n238: \tt.index.ReadAt(buffer, 0)\n239: \tfirstIndex.unmarshalBinary(buffer)\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "188: \tif err != nil {\n189: \t\ttab.Close()\n190: \t\treturn nil, err\n", + "line": "189", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_table.go", + "code": "182: \tif err := tab.repair(); err != nil {\n183: \t\ttab.Close()\n184: \t\treturn nil, err\n", + "line": "183", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "145: \t\t}\n146: \t\tlock.Unlock()\n147: \t\treturn nil, err\n", + "line": "146", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "143: \t\tfor _, table := range freezer.tables {\n144: \t\t\ttable.Close()\n145: \t\t}\n", + "line": "144", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "127: \t\t\t}\n128: \t\t\tlock.Unlock()\n129: \t\t\treturn nil, err\n", + "line": "128", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer.go", + "code": "125: \t\t\tfor _, table := range freezer.tables {\n126: \t\t\t\ttable.Close()\n127: \t\t\t}\n", + "line": "126", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\database.go", + "code": "416: \tif err != nil {\n417: \t\tkvdb.Close()\n418: \t\treturn nil, err\n", + "line": "417", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "311: \t\t\tfor i := 0; i \u003c 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n", + "line": "312", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n311: \t\t\tfor i := 0; i \u003c 100; i++ {\n312: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n313: \t\t\t}\n314: \t\t\treturn nil\n315: \t\t})\n316: \t})\n", + "line": "310-315", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "308: \t\t// Ancient write should work after resetting\n309: \t\tdb.Reset()\n310: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "309", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n307: \n", + "line": "306", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "304: \t\t})\n305: \t\tdb.TruncateTail(10)\n306: \t\tdb.TruncateHead(90)\n", + "line": "305", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "300: \t\t\tfor i := 0; i \u003c 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n", + "line": "301", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "298: \n299: \t\tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n300: \t\t\tfor i := 0; i \u003c 100; i++ {\n301: \t\t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n302: \t\t\t}\n303: \t\t\treturn nil\n304: \t\t})\n305: \t\tdb.TruncateTail(10)\n", + "line": "299-304", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n", + "line": "271", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "268: \t// We write 100 zero-bytes to the freezer and immediately mutate the slice\n269: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n270: \t\tdata := make([]byte, 100)\n271: \t\top.AppendRaw(\"a\", uint64(0), data)\n272: \t\tfor i := range data {\n273: \t\t\tdata[i] = 0xff\n274: \t\t}\n275: \t\treturn nil\n276: \t})\n277: \t// Now read it.\n", + "line": "269-276", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n256: \t\t}\n", + "line": "255", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "253: \t\tfor i := 0; i \u003c 100; i++ {\n254: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n255: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "254", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "250: \t// Write should work after truncating everything\n251: \tdb.TruncateTail(0)\n252: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "251", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n243: \t\t}\n", + "line": "242", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "240: \t\tfor i := 90; i \u003c 100; i++ {\n241: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n242: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "241", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "237: \t// Write should work after head truncating\n238: \tdb.TruncateHead(90)\n239: \t_, err = db.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n", + "line": "238", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n226: \t\t}\n", + "line": "225", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "223: \t\tfor i := 0; i \u003c 100; i++ {\n224: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n225: \t\t\top.AppendRaw(\"b\", uint64(i), dataB[i])\n", + "line": "224", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "212: \t\tfor i := 0; i \u003c 100; i++ {\n213: \t\t\top.AppendRaw(\"a\", uint64(i), dataA[i])\n214: \t\t}\n", + "line": "213", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n141: \n", + "line": "140", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "138: \t})\n139: \tdb.TruncateTail(10)\n140: \tdb.TruncateHead(90)\n", + "line": "139", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "134: \t\tfor i := 0; i \u003c 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n", + "line": "135", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "132: \n133: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n134: \t\tfor i := 0; i \u003c 100; i++ {\n135: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n136: \t\t}\n137: \t\treturn nil\n138: \t})\n139: \tdb.TruncateTail(10)\n", + "line": "133-138", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n59: \n", + "line": "58", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "56: \t})\n57: \tdb.TruncateTail(10)\n58: \tdb.TruncateHead(90)\n", + "line": "57", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "52: \t\tfor i := 0; i \u003c len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n", + "line": "53", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\ancienttest\\testsuite.go", + "code": "50: \n51: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n52: \t\tfor i := 0; i \u003c len(data); i++ {\n53: \t\t\top.AppendRaw(\"a\", uint64(i), data[i])\n54: \t\t}\n55: \t\treturn nil\n56: \t})\n57: \tdb.TruncateTail(10)\n", + "line": "51-56", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n", + "line": "263", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n", + "line": "262", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n", + "line": "261", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n", + "line": "260", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n", + "line": "259", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_state.go", + "code": "257: func WriteStateHistory(db ethdb.AncientWriter, id uint64, meta []byte, accountIndex []byte, storageIndex []byte, accounts []byte, storages []byte) {\n258: \tdb.ModifyAncients(func(op ethdb.AncientWriteOp) error {\n259: \t\top.AppendRaw(stateHistoryMeta, id-1, meta)\n260: \t\top.AppendRaw(stateHistoryAccountIndex, id-1, accountIndex)\n261: \t\top.AppendRaw(stateHistoryStorageIndex, id-1, storageIndex)\n262: \t\top.AppendRaw(stateHistoryAccountData, id-1, accounts)\n263: \t\top.AppendRaw(stateHistoryStorageData, id-1, storages)\n264: \t\treturn nil\n265: \t})\n266: }\n", + "line": "258-265", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_indexes.go", + "code": "175: \t\t}\n176: \t\tdb.Delete(it.Key())\n177: \t}\n", + "line": "176", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "573: \tvar data []byte\n574: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n575: \t\t// Check if the data is in ancients\n576: \t\tif isCanon(reader, number, hash) {\n577: \t\t\tdata, _ = reader.Ancient(ChainFreezerReceiptTable, number)\n578: \t\t\treturn nil\n579: \t\t}\n580: \t\t// If not, try reading from leveldb\n581: \t\tdata, _ = db.Get(blockReceiptsKey(number, hash))\n582: \t\treturn nil\n583: \t})\n584: \treturn data\n", + "line": "574-583", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "513: \tvar data []byte\n514: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n515: \t\t// Check if the data is in ancients\n516: \t\tif isCanon(reader, number, hash) {\n517: \t\t\tdata, _ = reader.Ancient(ChainFreezerDifficultyTable, number)\n518: \t\t\treturn nil\n519: \t\t}\n520: \t\t// If not, try reading from leveldb\n521: \t\tdata, _ = db.Get(headerTDKey(number, hash))\n522: \t\treturn nil\n523: \t})\n524: \treturn data\n", + "line": "514-523", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "447: \tvar data []byte\n448: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n449: \t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n450: \t\tif len(data) \u003e 0 {\n451: \t\t\treturn nil\n452: \t\t}\n453: \t\t// Block is not in ancients, read from leveldb by hash and number.\n454: \t\t// Note: ReadCanonicalHash cannot be used here because it also\n455: \t\t// calls ReadAncients internally.\n456: \t\thash, _ := db.Get(headerHashKey(number))\n457: \t\tdata, _ = db.Get(blockBodyKey(number, common.BytesToHash(hash)))\n458: \t\treturn nil\n459: \t})\n460: \treturn data\n", + "line": "448-459", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "430: \tvar data []byte\n431: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n432: \t\t// Check if the data is in ancients\n433: \t\tif isCanon(reader, number, hash) {\n434: \t\t\tdata, _ = reader.Ancient(ChainFreezerBodiesTable, number)\n435: \t\t\treturn nil\n436: \t\t}\n437: \t\t// If not, try reading from leveldb\n438: \t\tdata, _ = db.Get(blockBodyKey(number, hash))\n439: \t\treturn nil\n440: \t})\n441: \treturn data\n", + "line": "431-440", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "337: \tvar data []byte\n338: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n339: \t\t// First try to look up the data in ancient database. Extra hash\n340: \t\t// comparison is necessary since ancient database only maintains\n341: \t\t// the canonical data.\n342: \t\tdata, _ = reader.Ancient(ChainFreezerHeaderTable, number)\n343: \t\tif len(data) \u003e 0 \u0026\u0026 crypto.Keccak256Hash(data) == hash {\n344: \t\t\treturn nil\n345: \t\t}\n346: \t\t// If not, try reading from leveldb\n347: \t\tdata, _ = db.Get(headerKey(number, hash))\n348: \t\treturn nil\n349: \t})\n350: \treturn data\n", + "line": "338-349", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\accessors_chain.go", + "code": "38: \tvar data []byte\n39: \tdb.ReadAncients(func(reader ethdb.AncientReaderOp) error {\n40: \t\tdata, _ = reader.Ancient(ChainFreezerHashTable, number)\n41: \t\tif len(data) == 0 {\n42: \t\t\t// Get it by hash from leveldb\n43: \t\t\tdata, _ = db.Get(headerHashKey(number))\n44: \t\t}\n45: \t\treturn nil\n46: \t})\n47: \treturn common.BytesToHash(data)\n", + "line": "39-46", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "521: \n522: \tc.indexDb.Delete(append([]byte(\"shead\"), data[:]...))\n523: }\n", + "line": "522", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "512: \n513: \tc.indexDb.Put(append([]byte(\"shead\"), data[:]...), hash.Bytes())\n514: }\n", + "line": "513", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\chain_indexer.go", + "code": "483: \tbinary.BigEndian.PutUint64(data[:], sections)\n484: \tc.indexDb.Put([]byte(\"count\"), data[:])\n485: \n", + "line": "484", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\bloom_indexer.go", + "code": "69: func (b *BloomIndexer) Process(ctx context.Context, header *types.Header) error {\n70: \tb.gen.AddBloom(uint(header.Number.Uint64()-b.section*b.size), header.Bloom)\n71: \tb.head = header.Hash()\n", + "line": "70", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1535: \t\t}\n1536: \t\tbc.triedb.Dereference(root)\n1537: \t}\n", + "line": "1536", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true)\n1525: \t\t\tbc.lastWrite = chosen\n", + "line": "1524", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1504: \tif nodes \u003e limit || imgs \u003e 4*1024*1024 {\n1505: \t\tbc.triedb.Cap(limit - ethdb.IdealBatchSize) // #nosec G104\n1506: \t}\n", + "line": "1505", + "column": "3", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1490: \t// Full but not archive node, do proper garbage collection\n1491: \tbc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive\n1492: \tbc.triegc.Push(root, -int64(block.NumberU64()))\n", + "line": "1491", + "column": "2", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "1147: \t\t\tfor !bc.triegc.Empty() {\n1148: \t\t\t\ttriedb.Dereference(bc.triegc.PopItem()) // #nosec G104\n1149: \t\t\t}\n", + "line": "1148", + "column": "5", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104\n459: \t\t}\n", + "line": "458", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "455: \t\tif compat.RewindToTime \u003e 0 {\n456: \t\t\tbc.SetHeadWithTimestamp(compat.RewindToTime) // #nosec G104 -- False positive\n457: \t\t} else {\n", + "line": "456", + "column": "4", + "nosec": false, + "suppressions": null + }, + { + "severity": "LOW", + "confidence": "HIGH", + "cwe": { + "id": "703", + "url": "https://cwe.mitre.org/data/definitions/703.html" + }, + "rule_id": "G104", + "details": "Errors unhandled.", + "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go", + "code": "412: \t// it in advance.\n413: \tbc.engine.VerifyHeader(bc, bc.CurrentHeader()) // #nosec G104 -- False positive\n414: \n", + "line": "413", + "column": "2", + "nosec": false, + "suppressions": null + } + ], + "Stats": { + "files": 156, + "lines": 46219, + "nosec": 0, + "found": 171 + }, + "GosecVersion": "dev" +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json new file mode 100644 index 0000000000..592b2cd6e7 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json @@ -0,0 +1,8230 @@ +{ + "secureScore": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores", + "value": [ + { + "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "activeUserCount": 1, + "createdDateTime": "2024-01-01T00:00:00Z", + "currentScore": 128, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "licensedUserCount": 0, + "maxScore": 274, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "controlScores": [ + { + "controlCategory": "Apps", + "controlName": "spo_idle_session_timeout", + "description": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "spo_legacy_auth", + "description": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasFirewallLogUpload", + "description": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCutomActivityPolicy", + "description": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCloudAppNotification", + "description": "App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasOAuthAppNotification", + "description": "OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "AATP_DefenderForIdentityIsNotInstalled", + "description": "Installing Microsoft Defender for Identity sensors provides you with the ability to detect advanced threats in your entire identity infrastructure. Actionable security alerts are generated through the analysis of network traffic and security events.", + "score": 0, + "lastSynced": "2024-01-01T14:59:53Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_atpprotection", + "description": "Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Data", + "controlName": "dlp_datalossprevention", + "description": "Data Loss Prevention (DLP) policies allows content in multiple locations, such as, devices, Exchange online and Teams chats to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_individualsharing", + "description": "Users should not be allowed to share the full details of their calendars with external users.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safedocuments", + "description": "Safe Documents uses Microsoft Defender for Endpoint to scan documents and files for malicious content. To keep you protected, Safe Documents sends files to the Defender for Endpoint cloud for analysis. Files sent by Safe Documents are not retained in Defender for Endpoint beyond the time needed for analysis (typically, less than 24 hours).", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_connectionfilter", + "description": "

    If you're a Microsoft 365 customer with mailboxes in Exchange Online or a standalone Exchange Online Protection (EOP) customer without Exchange Online mailboxes, EOP offers multiple ways of ensuring that users will receive email from trusted senders. These options include Exchange mail flow rules (also known as transport rules), Outlook Safe Senders, the IP Allow List (connection filtering), and allowed sender lists or allowed domain lists in anti-spam policies. Collectively, you can think of these options as safe sender lists.

    The available safe sender lists are described in the following list in order from most recommended to least recommended:
    1. Mail flow rules
    2. Outlook Safe Senders
    3. IP Allow List (connection filtering)
    4. Allowed sender lists or allowed domain lists (anti-spam policies)

    Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. Since the IP Allow List doesn't prevent malware or high confidence phishing messages from being filtered, this creates a high risk of attackers successfully delivering email to an inbox that would otherwise be filtered.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The allowed IP addresses list in the connection filter policy is empty ", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_purviewlabelconsent", + "description": "\n To get work done, people in your organization collaborate with others both inside and outside the organization. Data doesn't always stay in your cloud, and often roams everywhere—across devices, apps, and services. When your data roams, you still want it to be secure in a way that meets your organization's business and compliance policies.\n
    \n
    \n Applying sensitivity labels to your content helps you keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, letting you track the type of data without exposing sensitive data on other platforms.\n
    \n
    \n For example, applying the sensitivity label ‘highly confidential’ to a document that contains social security numbers and credit card numbers helps you identify the sensitivity of the document without knowing the actual data in the document.\n
    \n
    \n The sensitivity labels created in Microsoft Purview Information Protection can also be extended to the Microsoft Purview data map. When you apply a label on an office document and then scan it into the Microsoft Purview data map, the label will be applied to the data asset.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The setting was not enabled.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "CustomerLockBoxEnabled", + "description": "Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_oauth2clientprofileenabled", + "description": "Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use modern authentication to log in 'to Microsoft 365 mailboxes. When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.

    When users initially configure certain email clients, like Outlook 2013 and Outlook 2016, they may be required to authenticate using enhanced authentication mechanisms, such as multifactor authentication. Other Outlook clients that are available in Microsoft 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern uthentication to log in to Microsoft 365 mailboxes", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Modern authentication for Exchange Online is enabled", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailtipsenabled", + "description": "MailTips assist end users with identifying strange patterns to emails they send.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "MailTips for end users are disabled.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_transportrulesallowlistdomains", + "description": "You should set Spam confidence level (SCL) in your Exchange Online mail transport rules with specific domains. Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain. \n\t

    Note: In order to get a score for this security control, all the active transport rule that applies to specific domains must have a Spam Confidence Level (SCL) of 0 or higher.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Spam confidence level (SCL) is not configured in mail transport rules with specific domain", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mip_search_auditlog", + "description": "When audit log search in the Microsoft Purview compliance portal is enabled, user and admin activity from your organization is recorded in the audit log and retained for 90 days. However, your organization might be using a third-party security information and event management (SIEM) application to access your auditing data. In that case, a global admin can turn off audit log search in Microsoft 365.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Microsoft 365 audit log search is enabled disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailboxaudit", + "description": "

    By turning on mailbox auditing, Microsoft 365 back office teams can track logons to a mailbox as well as what actions are taken while the user is logged on. After you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

    Rationale:

    Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations.

    This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log. When mailbox auditing on by default is turned on for the organization, the AuditEnabled property for affected mailboxes won't be changed from False to True. In other words, mailbox auditing on by default ignores the AuditEnabled property on mailboxes.

    However, only certain mailbox types support default auditing setting 'On': User Mailboxes, Shared Mailboxes, and Microsoft 365 Group Mailboxes. The remaining mailbox types require auditing to be turned on at the mailbox level: Resource Mailboxes, Public Folder Mailboxes, and DiscoverySearch Mailbox.

    Whether it is for regulatory compliance or for tracking unauthorized configuration changes in Microsoft 365, enabling mailbox auditing allows for Microsoft 365 back office teams to run security operations, forensics or general investigations on mailbox activities.

    NOTE: Without advanced auditing (E5 function) the logs are limited to 90 days.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Mailbox auditing for all users is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_storageproviderrestricted", + "description": "

    This setting allows users to open certain external files while working in Outlook on the
    web. If allowed, keep in mind that Microsoft doesn't control the use terms or privacy
    policies of those third-party services.

    Ensure AdditionalStorageProvidersAvailable is restricted.

    Rationale:

    By default additional storage providers are allowed in Office on the Web (such as Box,
    Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to
    information leakage and additional risk of infection from organizational non-trusted
    storage providers. Restricting this will inherently reduce risk as it will narrow
    opportunities for infection and data leakage.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Additional storage providers are restricted in Outlook on the web is not configured correctly. Please follow next steps to correctly configure the control.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_outlookaddins", + "description": "

    Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.

    Rationale:
    Attackers exploit vulnerable or custom add-ins to access user data. Disabling user installed add-ins in Microsoft Outlook reduces this threat surface.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Installing Outlook add-ins configuration is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapspam", + "description": "

    For unread messages that are identified as spam after delivery, the ZAP outcome depends on the action that's configured for the Spam filtering verdict in the applicable anti-spam policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapphish", + "description": "

    For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapmalware", + "description": "

    Zero-hour auto purge (ZAP) quarantines the message that contains malware attachment for both read, as well as unread, messages that are found to contain malware after delivery. Only admins can view and manage messages that have been quarantined.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 6, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachments", + "description": "Safe Attachments in block mode prevents messages with detected malware attachments from being delivered. These messages are quarantined and only admins (not regular users) can review, release, or delete them. This will also automatically block future malware attachments.\n\t

    \n\tMDO Built-in protection policy provides safe attachments protection for everyone by default. You could also create additional Safe Attachment policies for customized Safe Attachment operations.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforemail", + "description": "MDO Built-in protection policy will provide base level safe links protection for everyone by default. You could also create additional Safe Links policies for enhanced or customized Safe Links operations.", + "score": 9, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_commonattachmentsfilter", + "description": "There are certain types of files that are risker to send and receive via email due to the likelihood that they contain malware (for example, executable files). To make sure these file types don't get through, enable the common attachment filter. You can use the default list of file types or customize it. The default file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs. Messages with the specified attachments types are treated as malware and are automatically quarantined.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_sensitivitylabelspolicies", + "description": "Set up and use data classification policies on data stored in your users' Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups.\n
    \n
    \nThe policies will help categorize your most important data so you can effectively protect it from illicit access and will help make it easier to investigate discovered breaches.\n
    \n
    \nCreation of data classification policies will not cause a significant impact to an organization. However, ensuring long term adherence with policies can potentially be a significant training and ongoing compliance effort across an organization. Organizations should ensure that training and compliance planning is part of the classification policy creation process.\n
    \n
    \nThis information was taken from Center for Internet Security (CIS).\n ", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 1 of the 1 users", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_autosensitivitylabelspolicies", + "description": "\n Create auto-labeling policies to automatically apply sensitivity labels to email messages or OneDrive and SharePoint files that contain sensitive info.\n
    \n This ability to apply sensitivity labels to content automatically is important because:\n
    \n You don't need to train your users on the appropriate way to use each of your classifications.\n
    \n You don't need to rely on users to classify all content correctly.\n
    \n Users no longer need to know about your policies—they can instead focus on their work.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 0 of the 1 users", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencespamaction", + "description": "Set the action that will be taken on high confidence spam detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phisspamacation", + "description": "Set the action that will be taken on phishing detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencephishaction", + "description": "Set the action that will be taken on high confidence phishing detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkspamaction", + "description": "Set the action that will be taken on bulk spam detection.", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_quarantineretentionperiod", + "description": "Specifies how long to keep the message in quarantine if you selected “Quarantine message” as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_allowedsenderscombined", + "description": "Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkthreshold", + "description": "Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the bulk spam filtering verdict that you configure on the next page. A higher value indicates that the message is less desirable (more likely to resemble spam). While the default value is 7, 6 or lower is the recommended value.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spamaction", + "description": "Set the action that will be taken on spam detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_autoforwardingmode", + "description": "", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientexternallimitperhour", + "description": "Configure the maximum number of external recipients that a user can email per hour. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientinternallimitperhour", + "description": "Configure the maximum number of recipients that a user can send to per hour for internal recipients. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientlimitperday", + "description": "Configure the maximum number of recipients that a user can send to within a day. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_thresholdreachedaction", + "description": "Configure action to take when any of the limits specified in the outbound anti-spam policy are reached. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enablemailboxintelligence", + "description": "\n Turns on artificial intelligence (AI) that identifies users’ email patterns with their frequent contacts to spot potential phishing attempts.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotection", + "description": "\n Enables enhanced impersonation results based on each user's individual sender map and allows you to define specific actions for impersonated messages.\n
    \n
    \n This setting is available only if ‘Enable mailbox intelligence’ is selected.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotectionaction", + "description": "\n This setting specifies what to do with messages for impersonation detections from mailbox intelligence results.\n
    \n
    \n If a message is detected to be an impersonated user by mailbox intelligence, no action will be applied by default. We recommend moving the message to the recipients’ junk email folder and strongly recommend quarantining it.\n
    \n
    \n This setting is available only if the ‘Ensure that intelligence for impersonation protection is enabled’ setting is properly configured.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enabledomainstoprotect", + "description": "\n Prevents specified domains from being impersonated by the message sender's domain.\n
    \n
    \n When you add domains to the ‘Enable domains to protect’ list, messages from senders in those domains are subject to impersonation protection checks. The message is checked for impersonation if it’s sent to a recipient that the policy applies to.\n
    \n
    \n If impersonation is detected in the sender's domain, the impersonation protection actions for domains are applied to the message.\n
    \n
    \n By default, no sender domains are covered by impersonation protection, either in the default policy or in custom policies.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phishthresholdlevel", + "description": "\n The threshold controls the sensitivity with which machine learning models are applied to email messages to determine whether a phishing attempt has occurred.\n
    \n A higher value indicates greater sensitivity. The default value is 1, but 2 or 3 are the recommended values.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similardomainssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for domain impersonation detections.\n
    \n
    \n When the ‘Show domain impersonation safety tip’ is enabled, the tip “This sender might be impersonating a domain that's associated with your organization” is shown to recipients in messages where the sender's email domain is included in domain impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similaruserssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation safety tip’ is enabled, the tip “This sender appears to be similar to someone who previously sent you email but may not be that person” is shown to recipients in messages where the sender's email address is included in user impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteddomainprotectionaction", + "description": "\n This setting specifies the action to take on detected domain impersonation messages.\n
    \n
    \n If a message is detected from an impersonated domain, no action is taken by default. We recommend quarantining the message.\n
    \n
    \n This setting is available only if ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteduserprotectionaction", + "description": "\n This setting specifies the action to take on detected user impersonation messages.\n
    \n
    \n If a message is detected from an impersonated user, no default action will be taken. We recommend quarantining the message.\n
    \n
    \n Whenever you select ‘Quarantine the message’, a ‘Select quarantine policy’ box is available.\n
    \n Quarantine policies define who is allowed to do to quarantined messages.\n
    \n
    \n This setting is available only if ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targetedusersprotection", + "description": "\n Prevents specified internal or external email addresses from being impersonated as message senders in phishing attempts.\n
    \n By default, impersonated user protection is disabled, and no sender email addresses are covered by impersonation protection, whether in the default policy or in custom policies.\n
    \n
    \n We highly recommend adding users (message senders) in key roles. Internally, protected senders might be your CEO, CFO, and other senior leaders. Externally, protected senders could include council members or your board of directors.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_unusualcharacterssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for unusual characters in domain and user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation unusual safety tip’ is enabled, the tip is shown to recipients in messages where the sender's name or email address contains characters that are not typically used together, such as a mix of mathematical symbols and plain text or a mix of uppercase and lowercase letters.\n
    \n
    \n Example tip:\n
    \n ‘The email address MARY@CoNTᴏSO.CᴏM includes unexpected letters or numbers. We recommend you do not interact with this message.’\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spam_notifications_only_for_admins", + "description": "In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP. Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails.

    Note: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant, then ensure the setting is set as
    outlined in the highest priority policy listed.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachmentpolicy", + "description": "

    The Safe Attachments policy helps protect users from malware in email attachments by
    scanning attachments for viruses, malware, and other malicious content. When an email
    attachment is received by a user, Safe Attachments will scan the attachment in a secure
    environment and provide a verdict on whether the attachment is safe or not.

    Rationale:
    Enabling Safe Attachments policy helps protect against malware threats in email
    attachments by analyzing suspicious attachments in a secure, cloud-based environment
    before they are delivered to the user's inbox. This provides an additional layer of
    security and can prevent new or unseen types of malware from infiltrating the
    organization's network.

    ", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforOfficeApps", + "description": "Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_antiphishingpolicies", + "description": "By default, Office 365 includes built-in features that help protect users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view to fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

    Rationale: Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_blockmailforward", + "description": "

    Exchange Online offers several methods of managing the flow of email messages.
    These are Remote domain, Transport Rules, and Anti-spam outbound policies. These
    methods work together to provide comprehensive coverage for potential automatic
    forwarding channels:

    • Outlook forwarding using inbox rules
    • Outlook forwarding configured using OOF rule
    • OWA forwarding setting (ForwardingSmtpAddress)
    • Forwarding set by the admin using EAC (ForwardingAddress)
    • Forwarding using Power Automate / Flow

    NOTE:

    • In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically.
    • Any exclusions should be implemented based on organizational policy.

    Rationale:
    Attackers often create these rules to exfiltrate data from your tenancy, this could be
    accomplished via access to an end-user account or otherwise. An insider could also use
    one of these methods as an secondary channel to exfiltrate sensitive data.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "IntegratedApps", + "description": "To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have no user consent policy in place.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "PWAgePolicyNew", + "description": "Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "Your current policy is set to let passwords expire.", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SelfServicePasswordReset", + "description": "With self-service password reset in Microsoft Entra ID, users no longer need to engage help desk to reset passwords. This feature works well with Microsoft Entra ID dynamically banned passwords, which prevents easily guessable passwords from being used.", + "score": 1, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 0 users who don't have self-service password reset enabled.", + "count": "0", + "total": "0", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "BlockLegacyAuthentication", + "description": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multifactor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have legacy authentication blocked.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "MFARegistrationV2", + "description": "Multifactor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.", + "score": 9, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users that aren’t registered with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "AdminMFAV2", + "description": "

    Requiring multifactor authentication (MFA) for administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, your entire organization is exposed. At a minimum, protect the following roles: 

    • Global administrator 
    • Authentication administrator 
    • Billing administrator 
    • Conditional Access administrator 
    • Exchange administrator 
    • Helpdesk administrator 
    • Security administrator 
    • SharePoint administrator 
    • User administrator 
    ", + "score": 10, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users with administrative roles that aren’t registered and protected with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SigninRiskPolicy", + "description": "Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multifactor authentication (MFA).", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have the sign-in risky policy turned on.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "UserRiskPolicy", + "description": "With the user risk policy turned on, Microsoft Entra ID detects the probability that a user account has been compromised. As an administrator, you can configure a user risk Conditional Access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users out of 1 that do not have user risk policy enabled.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "OneAdmin", + "description": "

    Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.

    Note:

    According to CIS O365 Benchmark 2.0.0, the suggestion is to have between two to four global admins. Currently, the condition to comply is to have more than one global administrator - This security recommendation will be updated accordingly to CIS benchmark in the future.

    Rationale:

    If there is only one global tenant administrator, he or she can perform malicious activity without the possibility of being discovered by another admin. If there are numerous global tenant administrators, the more likely it is that one of their accounts will be successfully breached by an external attacker.

    ", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You currently have 1 global admins.", + "count": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "RoleOverlap", + "description": "Ensure that your administrators can accomplish their work with the least amount of privilege assigned to their account. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users with least privileged administrative roles.", + "count": "0", + "scoreInPercentage": 0 + } + ] + } + ] + }, + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + } +} diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json new file mode 100644 index 0000000000..0834fc37b1 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json @@ -0,0 +1,7106 @@ +{ + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Password Cracking", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Password Cracking", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Password Cracking", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": ["Password Cracking", "Account Breach"], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": ["Data Exfiltration", "Data Deletion", "Data Spillage"], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": ["Data Exfiltration", "Data Spillage"], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": ["Account breach"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": ["Data Exfiltration"], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": ["Data Exfiltration"], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": ["Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": ["Password cracking", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": ["Account breach", "Data Exfiltration", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": ["Account breach", "Data Exfiltration"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": ["Data Exfiltration", "Account breach", "Password Cracking"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": ["Data Exfiltration", "Account breach"], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] +} diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json new file mode 100644 index 0000000000..1f32e6009b --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json @@ -0,0 +1,161 @@ +{ + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores", + "value": [ + { + "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "activeUserCount": 1, + "createdDateTime": "2024-01-01T00:00:00Z", + "currentScore": 128, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "licensedUserCount": 100, + "maxScore": 1000, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "controlScores": [ + { + "controlCategory": "Apps", + "controlName": "spo_idle_session_timeout", + "description": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "spo_legacy_auth", + "description": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + } + ] + }, + { + "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-02", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "activeUserCount": 1, + "createdDateTime": "2024-01-01T00:00:00Z", + "currentScore": 128, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "licensedUserCount": 0, + "maxScore": 274, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "controlScores": [ + { + "controlCategory": "Apps", + "controlName": "McasFirewallLogUpload", + "description": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCutomActivityPolicy", + "description": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + } + ] + } + ] +} diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore.json new file mode 100644 index 0000000000..c8ea94b058 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore.json @@ -0,0 +1,779 @@ +{ + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores", + "value": [ + { + "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "activeUserCount": 1, + "createdDateTime": "2024-01-01T00:00:00Z", + "currentScore": 128, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "licensedUserCount": 0, + "maxScore": 274, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "controlScores": [ + { + "controlCategory": "Apps", + "controlName": "spo_idle_session_timeout", + "description": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "spo_legacy_auth", + "description": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasFirewallLogUpload", + "description": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCutomActivityPolicy", + "description": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCloudAppNotification", + "description": "App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasOAuthAppNotification", + "description": "OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "AATP_DefenderForIdentityIsNotInstalled", + "description": "Installing Microsoft Defender for Identity sensors provides you with the ability to detect advanced threats in your entire identity infrastructure. Actionable security alerts are generated through the analysis of network traffic and security events.", + "score": 0, + "lastSynced": "2024-01-01T14:59:53Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_atpprotection", + "description": "Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Data", + "controlName": "dlp_datalossprevention", + "description": "Data Loss Prevention (DLP) policies allows content in multiple locations, such as, devices, Exchange online and Teams chats to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_individualsharing", + "description": "Users should not be allowed to share the full details of their calendars with external users.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safedocuments", + "description": "Safe Documents uses Microsoft Defender for Endpoint to scan documents and files for malicious content. To keep you protected, Safe Documents sends files to the Defender for Endpoint cloud for analysis. Files sent by Safe Documents are not retained in Defender for Endpoint beyond the time needed for analysis (typically, less than 24 hours).", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_connectionfilter", + "description": "

    If you're a Microsoft 365 customer with mailboxes in Exchange Online or a standalone Exchange Online Protection (EOP) customer without Exchange Online mailboxes, EOP offers multiple ways of ensuring that users will receive email from trusted senders. These options include Exchange mail flow rules (also known as transport rules), Outlook Safe Senders, the IP Allow List (connection filtering), and allowed sender lists or allowed domain lists in anti-spam policies. Collectively, you can think of these options as safe sender lists.

    The available safe sender lists are described in the following list in order from most recommended to least recommended:
    1. Mail flow rules
    2. Outlook Safe Senders
    3. IP Allow List (connection filtering)
    4. Allowed sender lists or allowed domain lists (anti-spam policies)

    Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. Since the IP Allow List doesn't prevent malware or high confidence phishing messages from being filtered, this creates a high risk of attackers successfully delivering email to an inbox that would otherwise be filtered.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The allowed IP addresses list in the connection filter policy is empty ", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_purviewlabelconsent", + "description": "\n To get work done, people in your organization collaborate with others both inside and outside the organization. Data doesn't always stay in your cloud, and often roams everywhere—across devices, apps, and services. When your data roams, you still want it to be secure in a way that meets your organization's business and compliance policies.\n
    \n
    \n Applying sensitivity labels to your content helps you keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, letting you track the type of data without exposing sensitive data on other platforms.\n
    \n
    \n For example, applying the sensitivity label ‘highly confidential’ to a document that contains social security numbers and credit card numbers helps you identify the sensitivity of the document without knowing the actual data in the document.\n
    \n
    \n The sensitivity labels created in Microsoft Purview Information Protection can also be extended to the Microsoft Purview data map. When you apply a label on an office document and then scan it into the Microsoft Purview data map, the label will be applied to the data asset.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The setting was not enabled.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "CustomerLockBoxEnabled", + "description": "Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_oauth2clientprofileenabled", + "description": "Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use modern authentication to log in 'to Microsoft 365 mailboxes. When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.

    When users initially configure certain email clients, like Outlook 2013 and Outlook 2016, they may be required to authenticate using enhanced authentication mechanisms, such as multifactor authentication. Other Outlook clients that are available in Microsoft 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern uthentication to log in to Microsoft 365 mailboxes", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Modern authentication for Exchange Online is enabled", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailtipsenabled", + "description": "MailTips assist end users with identifying strange patterns to emails they send.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "MailTips for end users are disabled.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_transportrulesallowlistdomains", + "description": "You should set Spam confidence level (SCL) in your Exchange Online mail transport rules with specific domains. Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain. \n\t

    Note: In order to get a score for this security control, all the active transport rule that applies to specific domains must have a Spam Confidence Level (SCL) of 0 or higher.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Spam confidence level (SCL) is not configured in mail transport rules with specific domain", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mip_search_auditlog", + "description": "When audit log search in the Microsoft Purview compliance portal is enabled, user and admin activity from your organization is recorded in the audit log and retained for 90 days. However, your organization might be using a third-party security information and event management (SIEM) application to access your auditing data. In that case, a global admin can turn off audit log search in Microsoft 365.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Microsoft 365 audit log search is enabled disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailboxaudit", + "description": "

    By turning on mailbox auditing, Microsoft 365 back office teams can track logons to a mailbox as well as what actions are taken while the user is logged on. After you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

    Rationale:

    Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations.

    This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log. When mailbox auditing on by default is turned on for the organization, the AuditEnabled property for affected mailboxes won't be changed from False to True. In other words, mailbox auditing on by default ignores the AuditEnabled property on mailboxes.

    However, only certain mailbox types support default auditing setting 'On': User Mailboxes, Shared Mailboxes, and Microsoft 365 Group Mailboxes. The remaining mailbox types require auditing to be turned on at the mailbox level: Resource Mailboxes, Public Folder Mailboxes, and DiscoverySearch Mailbox.

    Whether it is for regulatory compliance or for tracking unauthorized configuration changes in Microsoft 365, enabling mailbox auditing allows for Microsoft 365 back office teams to run security operations, forensics or general investigations on mailbox activities.

    NOTE: Without advanced auditing (E5 function) the logs are limited to 90 days.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Mailbox auditing for all users is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_storageproviderrestricted", + "description": "

    This setting allows users to open certain external files while working in Outlook on the
    web. If allowed, keep in mind that Microsoft doesn't control the use terms or privacy
    policies of those third-party services.

    Ensure AdditionalStorageProvidersAvailable is restricted.

    Rationale:

    By default additional storage providers are allowed in Office on the Web (such as Box,
    Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to
    information leakage and additional risk of infection from organizational non-trusted
    storage providers. Restricting this will inherently reduce risk as it will narrow
    opportunities for infection and data leakage.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Additional storage providers are restricted in Outlook on the web is not configured correctly. Please follow next steps to correctly configure the control.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_outlookaddins", + "description": "

    Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.

    Rationale:
    Attackers exploit vulnerable or custom add-ins to access user data. Disabling user installed add-ins in Microsoft Outlook reduces this threat surface.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Installing Outlook add-ins configuration is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapspam", + "description": "

    For unread messages that are identified as spam after delivery, the ZAP outcome depends on the action that's configured for the Spam filtering verdict in the applicable anti-spam policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapphish", + "description": "

    For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapmalware", + "description": "

    Zero-hour auto purge (ZAP) quarantines the message that contains malware attachment for both read, as well as unread, messages that are found to contain malware after delivery. Only admins can view and manage messages that have been quarantined.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 6, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachments", + "description": "Safe Attachments in block mode prevents messages with detected malware attachments from being delivered. These messages are quarantined and only admins (not regular users) can review, release, or delete them. This will also automatically block future malware attachments.\n\t

    \n\tMDO Built-in protection policy provides safe attachments protection for everyone by default. You could also create additional Safe Attachment policies for customized Safe Attachment operations.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforemail", + "description": "MDO Built-in protection policy will provide base level safe links protection for everyone by default. You could also create additional Safe Links policies for enhanced or customized Safe Links operations.", + "score": 9, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_commonattachmentsfilter", + "description": "There are certain types of files that are risker to send and receive via email due to the likelihood that they contain malware (for example, executable files). To make sure these file types don't get through, enable the common attachment filter. You can use the default list of file types or customize it. The default file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs. Messages with the specified attachments types are treated as malware and are automatically quarantined.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_sensitivitylabelspolicies", + "description": "Set up and use data classification policies on data stored in your users' Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups.\n
    \n
    \nThe policies will help categorize your most important data so you can effectively protect it from illicit access and will help make it easier to investigate discovered breaches.\n
    \n
    \nCreation of data classification policies will not cause a significant impact to an organization. However, ensuring long term adherence with policies can potentially be a significant training and ongoing compliance effort across an organization. Organizations should ensure that training and compliance planning is part of the classification policy creation process.\n
    \n
    \nThis information was taken from Center for Internet Security (CIS).\n ", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 1 of the 1 users", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_autosensitivitylabelspolicies", + "description": "\n Create auto-labeling policies to automatically apply sensitivity labels to email messages or OneDrive and SharePoint files that contain sensitive info.\n
    \n This ability to apply sensitivity labels to content automatically is important because:\n
    \n You don't need to train your users on the appropriate way to use each of your classifications.\n
    \n You don't need to rely on users to classify all content correctly.\n
    \n Users no longer need to know about your policies—they can instead focus on their work.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 0 of the 1 users", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencespamaction", + "description": "Set the action that will be taken on high confidence spam detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phisspamacation", + "description": "Set the action that will be taken on phishing detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencephishaction", + "description": "Set the action that will be taken on high confidence phishing detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkspamaction", + "description": "Set the action that will be taken on bulk spam detection.", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_quarantineretentionperiod", + "description": "Specifies how long to keep the message in quarantine if you selected “Quarantine message” as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_allowedsenderscombined", + "description": "Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkthreshold", + "description": "Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the bulk spam filtering verdict that you configure on the next page. A higher value indicates that the message is less desirable (more likely to resemble spam). While the default value is 7, 6 or lower is the recommended value.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spamaction", + "description": "Set the action that will be taken on spam detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_autoforwardingmode", + "description": "", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientexternallimitperhour", + "description": "Configure the maximum number of external recipients that a user can email per hour. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientinternallimitperhour", + "description": "Configure the maximum number of recipients that a user can send to per hour for internal recipients. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientlimitperday", + "description": "Configure the maximum number of recipients that a user can send to within a day. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_thresholdreachedaction", + "description": "Configure action to take when any of the limits specified in the outbound anti-spam policy are reached. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enablemailboxintelligence", + "description": "\n Turns on artificial intelligence (AI) that identifies users’ email patterns with their frequent contacts to spot potential phishing attempts.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotection", + "description": "\n Enables enhanced impersonation results based on each user's individual sender map and allows you to define specific actions for impersonated messages.\n
    \n
    \n This setting is available only if ‘Enable mailbox intelligence’ is selected.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotectionaction", + "description": "\n This setting specifies what to do with messages for impersonation detections from mailbox intelligence results.\n
    \n
    \n If a message is detected to be an impersonated user by mailbox intelligence, no action will be applied by default. We recommend moving the message to the recipients’ junk email folder and strongly recommend quarantining it.\n
    \n
    \n This setting is available only if the ‘Ensure that intelligence for impersonation protection is enabled’ setting is properly configured.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enabledomainstoprotect", + "description": "\n Prevents specified domains from being impersonated by the message sender's domain.\n
    \n
    \n When you add domains to the ‘Enable domains to protect’ list, messages from senders in those domains are subject to impersonation protection checks. The message is checked for impersonation if it’s sent to a recipient that the policy applies to.\n
    \n
    \n If impersonation is detected in the sender's domain, the impersonation protection actions for domains are applied to the message.\n
    \n
    \n By default, no sender domains are covered by impersonation protection, either in the default policy or in custom policies.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phishthresholdlevel", + "description": "\n The threshold controls the sensitivity with which machine learning models are applied to email messages to determine whether a phishing attempt has occurred.\n
    \n A higher value indicates greater sensitivity. The default value is 1, but 2 or 3 are the recommended values.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similardomainssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for domain impersonation detections.\n
    \n
    \n When the ‘Show domain impersonation safety tip’ is enabled, the tip “This sender might be impersonating a domain that's associated with your organization” is shown to recipients in messages where the sender's email domain is included in domain impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similaruserssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation safety tip’ is enabled, the tip “This sender appears to be similar to someone who previously sent you email but may not be that person” is shown to recipients in messages where the sender's email address is included in user impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteddomainprotectionaction", + "description": "\n This setting specifies the action to take on detected domain impersonation messages.\n
    \n
    \n If a message is detected from an impersonated domain, no action is taken by default. We recommend quarantining the message.\n
    \n
    \n This setting is available only if ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteduserprotectionaction", + "description": "\n This setting specifies the action to take on detected user impersonation messages.\n
    \n
    \n If a message is detected from an impersonated user, no default action will be taken. We recommend quarantining the message.\n
    \n
    \n Whenever you select ‘Quarantine the message’, a ‘Select quarantine policy’ box is available.\n
    \n Quarantine policies define who is allowed to do to quarantined messages.\n
    \n
    \n This setting is available only if ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targetedusersprotection", + "description": "\n Prevents specified internal or external email addresses from being impersonated as message senders in phishing attempts.\n
    \n By default, impersonated user protection is disabled, and no sender email addresses are covered by impersonation protection, whether in the default policy or in custom policies.\n
    \n
    \n We highly recommend adding users (message senders) in key roles. Internally, protected senders might be your CEO, CFO, and other senior leaders. Externally, protected senders could include council members or your board of directors.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_unusualcharacterssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for unusual characters in domain and user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation unusual safety tip’ is enabled, the tip is shown to recipients in messages where the sender's name or email address contains characters that are not typically used together, such as a mix of mathematical symbols and plain text or a mix of uppercase and lowercase letters.\n
    \n
    \n Example tip:\n
    \n ‘The email address MARY@CoNTᴏSO.CᴏM includes unexpected letters or numbers. We recommend you do not interact with this message.’\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spam_notifications_only_for_admins", + "description": "In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP. Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails.

    Note: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant, then ensure the setting is set as
    outlined in the highest priority policy listed.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachmentpolicy", + "description": "

    The Safe Attachments policy helps protect users from malware in email attachments by
    scanning attachments for viruses, malware, and other malicious content. When an email
    attachment is received by a user, Safe Attachments will scan the attachment in a secure
    environment and provide a verdict on whether the attachment is safe or not.

    Rationale:
    Enabling Safe Attachments policy helps protect against malware threats in email
    attachments by analyzing suspicious attachments in a secure, cloud-based environment
    before they are delivered to the user's inbox. This provides an additional layer of
    security and can prevent new or unseen types of malware from infiltrating the
    organization's network.

    ", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforOfficeApps", + "description": "Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_antiphishingpolicies", + "description": "By default, Office 365 includes built-in features that help protect users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view to fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

    Rationale: Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_blockmailforward", + "description": "

    Exchange Online offers several methods of managing the flow of email messages.
    These are Remote domain, Transport Rules, and Anti-spam outbound policies. These
    methods work together to provide comprehensive coverage for potential automatic
    forwarding channels:

    • Outlook forwarding using inbox rules
    • Outlook forwarding configured using OOF rule
    • OWA forwarding setting (ForwardingSmtpAddress)
    • Forwarding set by the admin using EAC (ForwardingAddress)
    • Forwarding using Power Automate / Flow

    NOTE:

    • In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically.
    • Any exclusions should be implemented based on organizational policy.

    Rationale:
    Attackers often create these rules to exfiltrate data from your tenancy, this could be
    accomplished via access to an end-user account or otherwise. An insider could also use
    one of these methods as an secondary channel to exfiltrate sensitive data.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "IntegratedApps", + "description": "To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have no user consent policy in place.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "PWAgePolicyNew", + "description": "Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "Your current policy is set to let passwords expire.", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SelfServicePasswordReset", + "description": "With self-service password reset in Microsoft Entra ID, users no longer need to engage help desk to reset passwords. This feature works well with Microsoft Entra ID dynamically banned passwords, which prevents easily guessable passwords from being used.", + "score": 1, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 0 users who don't have self-service password reset enabled.", + "count": "0", + "total": "0", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "BlockLegacyAuthentication", + "description": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multifactor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have legacy authentication blocked.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "MFARegistrationV2", + "description": "Multifactor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.", + "score": 9, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users that aren’t registered with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "AdminMFAV2", + "description": "

    Requiring multifactor authentication (MFA) for administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, your entire organization is exposed. At a minimum, protect the following roles: 

    • Global administrator 
    • Authentication administrator 
    • Billing administrator 
    • Conditional Access administrator 
    • Exchange administrator 
    • Helpdesk administrator 
    • Security administrator 
    • SharePoint administrator 
    • User administrator 
    ", + "score": 10, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users with administrative roles that aren’t registered and protected with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SigninRiskPolicy", + "description": "Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multifactor authentication (MFA).", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have the sign-in risky policy turned on.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "UserRiskPolicy", + "description": "With the user risk policy turned on, Microsoft Entra ID detects the probability that a user account has been compromised. As an administrator, you can configure a user risk Conditional Access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users out of 1 that do not have user risk policy enabled.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "OneAdmin", + "description": "

    Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.

    Note:

    According to CIS O365 Benchmark 2.0.0, the suggestion is to have between two to four global admins. Currently, the condition to comply is to have more than one global administrator - This security recommendation will be updated accordingly to CIS benchmark in the future.

    Rationale:

    If there is only one global tenant administrator, he or she can perform malicious activity without the possibility of being discovered by another admin. If there are numerous global tenant administrators, the more likely it is that one of their accounts will be successfully breached by an external attacker.

    ", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You currently have 1 global admins.", + "count": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "RoleOverlap", + "description": "Ensure that your administrators can accomplish their work with the least amount of privilege assigned to their account. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users with least privileged administrative roles.", + "count": "0", + "scoreInPercentage": 0 + } + ] + } + ] +} diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-multi.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-multi.json new file mode 100644 index 0000000000..a60996bb8d --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-multi.json @@ -0,0 +1,15228 @@ +[ + { + "platform": { + "name": "Heimdall Tools", + "release": "2.10.12" + }, + "version": "2.10.12", + "statistics": {}, + "profiles": [ + { + "name": "Microsoft Secure Score Scan", + "title": "Azure Secure Score report - Tenant ID: 12345678-1234-1234-1234-1234567890abcd - Run ID: 12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "id": "Apps:spo_idle_session_timeout", + "title": "Apps:spo_idle_session_timeout", + "desc": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:spo_legacy_auth", + "title": "Apps:spo_legacy_auth", + "desc": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + } + ], + "sha256": "f33e5712f27a63e9150745c8a2ccea0463a8b2b42962f5fffd38743d6c7f47ab" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "Microsoft Secure Score", + "data": { + "reportId": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "tenantId": "12345678-1234-1234-1234-1234567890abcd", + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + }, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "currentScore": 128, + "maxScore": 1000, + "secureScores": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores" + } + } + } + ] + } + }, + { + "platform": { + "name": "Heimdall Tools", + "release": "2.10.12" + }, + "version": "2.10.12", + "statistics": {}, + "profiles": [ + { + "name": "Microsoft Secure Score Scan", + "title": "Azure Secure Score report - Tenant ID: 12345678-1234-1234-1234-1234567890abcd - Run ID: 12345678-1234-1234-1234-1234567890abcd_2024-01-02", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "id": "Apps:McasFirewallLogUpload", + "title": "Deploy a log collector to discover shadow IT activity", + "desc": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 82 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "label": "fix" + }, + { + "data": "This change has no known impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasCutomActivityPolicy", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "desc": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "impact": 0.2, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 2 + ], + "rank": [ + 80 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policy in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + } + ], + "sha256": "6fca1d41d6840f9beccb7ca15cdb393acd342366067da6ff6f9631e5bd0370e3" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "Microsoft Secure Score", + "data": { + "reportId": "12345678-1234-1234-1234-1234567890abcd_2024-01-02", + "tenantId": "12345678-1234-1234-1234-1234567890abcd", + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + }, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "currentScore": 128, + "maxScore": 274, + "secureScores": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores" + } + } + } + ] + } + } +] \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-withraws.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-withraws.json new file mode 100644 index 0000000000..67b21e9c9a --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdf-withraws.json @@ -0,0 +1,18778 @@ +[ + { + "platform": { + "name": "Heimdall Tools", + "release": "2.10.13" + }, + "version": "2.10.13", + "statistics": {}, + "profiles": [ + { + "name": "Microsoft Secure Score Scan", + "title": "Azure Secure Score report - Tenant ID: 12345678-1234-1234-1234-1234567890abcd - Run ID: 12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "id": "Apps:spo_idle_session_timeout", + "title": "Apps:spo_idle_session_timeout", + "desc": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:spo_legacy_auth", + "title": "Apps:spo_legacy_auth", + "desc": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasFirewallLogUpload", + "title": "Deploy a log collector to discover shadow IT activity", + "desc": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 82 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "label": "fix" + }, + { + "data": "This change has no known impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasCutomActivityPolicy", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "desc": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "impact": 0.2, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 2 + ], + "rank": [ + 80 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policy in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasCloudAppNotification", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "desc": "App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 75 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policy in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasOAuthAppNotification", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "desc": "OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.", + "impact": 0.4, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 4 + ], + "rank": [ + 57 + ], + "tiers": [ + "Defense In Depth" + ], + "threats": [ + [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:AATP_DefenderForIdentityIsNotInstalled", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "desc": "Installing Microsoft Defender for Identity sensors provides you with the ability to detect advanced threats in your entire identity infrastructure. Actionable security alerts are generated through the analysis of network traffic and security events.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 5 + ], + "rank": [ + 59 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "Azure ATP" + ], + "userImpacts": [ + "low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_atpprotection", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "desc": "Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:dlp_datalossprevention", + "title": "Ensure DLP policies are enabled", + "desc": "Data Loss Prevention (DLP) policies allows content in multiple locations, such as, devices, Exchange online and Teams chats to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Data" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MIP" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_individualsharing", + "title": "Ensure 'External sharing' of calendars is not available", + "desc": "Users should not be allowed to share the full details of their calendars with external users.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safedocuments", + "title": "Turn on Safe Documents for Office Clients", + "desc": "Safe Documents uses Microsoft Defender for Endpoint to scan documents and files for malicious content. To keep you protected, Safe Documents sends files to the Defender for Endpoint cloud for analysis. Files sent by Safe Documents are not retained in Defender for Endpoint beyond the time needed for analysis (typically, less than 24 hours).", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_connectionfilter", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "desc": "

    If you're a Microsoft 365 customer with mailboxes in Exchange Online or a standalone Exchange Online Protection (EOP) customer without Exchange Online mailboxes, EOP offers multiple ways of ensuring that users will receive email from trusted senders. These options include Exchange mail flow rules (also known as transport rules), Outlook Safe Senders, the IP Allow List (connection filtering), and allowed sender lists or allowed domain lists in anti-spam policies. Collectively, you can think of these options as safe sender lists.

    The available safe sender lists are described in the following list in order from most recommended to least recommended:
    1. Mail flow rules
    2. Outlook Safe Senders
    3. IP Allow List (connection filtering)
    4. Allowed sender lists or allowed domain lists (anti-spam policies)

    Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. Since the IP Allow List doesn't prevent malware or high confidence phishing messages from being filtered, this creates a high risk of attackers successfully delivering email to an inbox that would otherwise be filtered.

    ", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "The allowed IP addresses list in the connection filter policy is empty ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_purviewlabelconsent", + "title": "Data:mip_purviewlabelconsent", + "desc": "\n To get work done, people in your organization collaborate with others both inside and outside the organization. Data doesn't always stay in your cloud, and often roams everywhere—across devices, apps, and services. When your data roams, you still want it to be secure in a way that meets your organization's business and compliance policies.\n
    \n
    \n Applying sensitivity labels to your content helps you keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, letting you track the type of data without exposing sensitive data on other platforms.\n
    \n
    \n For example, applying the sensitivity label ‘highly confidential’ to a document that contains social security numbers and credit card numbers helps you identify the sensitivity of the document without knowing the actual data in the document.\n
    \n
    \n The sensitivity labels created in Microsoft Purview Information Protection can also be extended to the Microsoft Purview data map. When you apply a label on an office document and then scan it into the Microsoft Purview data map, the label will be applied to the data asset.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting was not enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:CustomerLockBoxEnabled", + "title": "Ensure the customer lockbox feature is enabled", + "desc": "Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 127 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "label": "fix" + }, + { + "data": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_oauth2clientprofileenabled", + "title": "Ensure modern authentication for Exchange Online is enabled", + "desc": "Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use modern authentication to log in 'to Microsoft 365 mailboxes. When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.

    When users initially configure certain email clients, like Outlook 2013 and Outlook 2016, they may be required to authenticate using enhanced authentication mechanisms, such as multifactor authentication. Other Outlook clients that are available in Microsoft 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern uthentication to log in to Microsoft 365 mailboxes", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Account breach", + "Data Exfiltration" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "label": "fix" + }, + { + "data": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Modern authentication for Exchange Online is enabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_mailtipsenabled", + "title": "Ensure MailTips are enabled for end users", + "desc": "MailTips assist end users with identifying strange patterns to emails they send.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "label": "fix" + }, + { + "data": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "MailTips for end users are disabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_transportrulesallowlistdomains", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "desc": "You should set Spam confidence level (SCL) in your Exchange Online mail transport rules with specific domains. Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain. \n\t

    Note: In order to get a score for this security control, all the active transport rule that applies to specific domains must have a Spam Confidence Level (SCL) of 0 or higher.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "label": "fix" + }, + { + "data": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Spam confidence level (SCL) is not configured in mail transport rules with specific domain", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mip_search_auditlog", + "title": "Apps:mip_search_auditlog", + "desc": "When audit log search in the Microsoft Purview compliance portal is enabled, user and admin activity from your organization is recorded in the audit log and retained for 90 days. However, your organization might be using a third-party security information and event management (SIEM) application to access your auditing data. In that case, a global admin can turn off audit log search in Microsoft 365.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Microsoft 365 audit log search is enabled disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_mailboxaudit", + "title": "Ensure mailbox auditing for all users is Enabled", + "desc": "

    By turning on mailbox auditing, Microsoft 365 back office teams can track logons to a mailbox as well as what actions are taken while the user is logged on. After you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

    Rationale:

    Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations.

    This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log. When mailbox auditing on by default is turned on for the organization, the AuditEnabled property for affected mailboxes won't be changed from False to True. In other words, mailbox auditing on by default ignores the AuditEnabled property on mailboxes.

    However, only certain mailbox types support default auditing setting 'On': User Mailboxes, Shared Mailboxes, and Microsoft 365 Group Mailboxes. The remaining mailbox types require auditing to be turned on at the mailbox level: Resource Mailboxes, Public Folder Mailboxes, and DiscoverySearch Mailbox.

    Whether it is for regulatory compliance or for tracking unauthorized configuration changes in Microsoft 365, enabling mailbox auditing allows for Microsoft 365 back office teams to run security operations, forensics or general investigations on mailbox activities.

    NOTE: Without advanced auditing (E5 function) the logs are limited to 90 days.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Mailbox auditing for all users is disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_storageproviderrestricted", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "desc": "

    This setting allows users to open certain external files while working in Outlook on the
    web. If allowed, keep in mind that Microsoft doesn't control the use terms or privacy
    policies of those third-party services.

    Ensure AdditionalStorageProvidersAvailable is restricted.

    Rationale:

    By default additional storage providers are allowed in Office on the Web (such as Box,
    Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to
    information leakage and additional risk of infection from organizational non-trusted
    storage providers. Restricting this will inherently reduce risk as it will narrow
    opportunities for infection and data leakage.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "label": "fix" + }, + { + "data": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Additional storage providers are restricted in Outlook on the web is not configured correctly. Please follow next steps to correctly configure the control.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_outlookaddins", + "title": "Ensure users installing Outlook add-ins is not allowed", + "desc": "

    Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.

    Rationale:
    Attackers exploit vulnerable or custom add-ins to access user data. Disabling user installed add-ins in Microsoft Outlook reduces this threat surface.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "label": "fix" + }, + { + "data": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Installing Outlook add-ins configuration is disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapspam", + "title": "Apps:mdo_zapspam", + "desc": "

    For unread messages that are identified as spam after delivery, the ZAP outcome depends on the action that's configured for the Spam filtering verdict in the applicable anti-spam policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapphish", + "title": "Apps:mdo_zapphish", + "desc": "

    For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapmalware", + "title": "Apps:mdo_zapmalware", + "desc": "

    Zero-hour auto purge (ZAP) quarantines the message that contains malware attachment for both read, as well as unread, messages that are found to contain malware after delivery. Only admins can view and manage messages that have been quarantined.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safeattachments", + "title": "Turn on Safe Attachments in block mode", + "desc": "Safe Attachments in block mode prevents messages with detected malware attachments from being delivered. These messages are quarantined and only admins (not regular users) can review, release, or delete them. This will also automatically block future malware attachments.\n\t

    \n\tMDO Built-in protection policy provides safe attachments protection for everyone by default. You could also create additional Safe Attachment policies for customized Safe Attachment operations.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safelinksforemail", + "title": "Apps:mdo_safelinksforemail", + "desc": "MDO Built-in protection policy will provide base level safe links protection for everyone by default. You could also create additional Safe Links policies for enhanced or customized Safe Links operations.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_commonattachmentsfilter", + "title": "Ensure the Common Attachment Types Filter is enabled", + "desc": "There are certain types of files that are risker to send and receive via email due to the likelihood that they contain malware (for example, executable files). To make sure these file types don't get through, enable the common attachment filter. You can use the default list of file types or customize it. The default file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs. Messages with the specified attachments types are treated as malware and are automatically quarantined.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_sensitivitylabelspolicies", + "title": "Data:mip_sensitivitylabelspolicies", + "desc": "Set up and use data classification policies on data stored in your users' Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups.\n
    \n
    \nThe policies will help categorize your most important data so you can effectively protect it from illicit access and will help make it easier to investigate discovered breaches.\n
    \n
    \nCreation of data classification policies will not cause a significant impact to an organization. However, ensuring long term adherence with policies can potentially be a significant training and ongoing compliance effort across an organization. Organizations should ensure that training and compliance planning is part of the classification policy creation process.\n
    \n
    \nThis information was taken from Center for Internet Security (CIS).\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Policies were published on 1 of the 1 users", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_autosensitivitylabelspolicies", + "title": "Data:mip_autosensitivitylabelspolicies", + "desc": "\n Create auto-labeling policies to automatically apply sensitivity labels to email messages or OneDrive and SharePoint files that contain sensitive info.\n
    \n This ability to apply sensitivity labels to content automatically is important because:\n
    \n You don't need to train your users on the appropriate way to use each of your classifications.\n
    \n You don't need to rely on users to classify all content correctly.\n
    \n Users no longer need to know about your policies—they can instead focus on their work.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policies were published on 0 of the 1 users", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_highconfidencespamaction", + "title": "Set action to take on high confidence spam detection", + "desc": "Set the action that will be taken on high confidence spam detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_phisspamacation", + "title": "Set action to take on phishing detection", + "desc": "Set the action that will be taken on phishing detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_highconfidencephishaction", + "title": "Set action to take on high confidence phishing detection", + "desc": "Set the action that will be taken on high confidence phishing detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_bulkspamaction", + "title": "Set action to take on bulk spam detection", + "desc": "Set the action that will be taken on bulk spam detection.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_quarantineretentionperiod", + "title": "Retain spam in quarantine for 30 days", + "desc": "Specifies how long to keep the message in quarantine if you selected “Quarantine message” as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_allowedsenderscombined", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "desc": "Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.", + "impact": 0.2, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 2 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_bulkthreshold", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "desc": "Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the bulk spam filtering verdict that you configure on the next page. A higher value indicates that the message is less desirable (more likely to resemble spam). While the default value is 7, 6 or lower is the recommended value.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_spamaction", + "title": "Apps:mdo_spamaction", + "desc": "Set the action that will be taken on spam detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_autoforwardingmode", + "title": "Set automatic email forwarding rules to be system controlled", + "desc": "", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientexternallimitperhour", + "title": "Set maximum number of external recipients that a user can email per hour", + "desc": "Configure the maximum number of external recipients that a user can email per hour. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientinternallimitperhour", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "desc": "Configure the maximum number of recipients that a user can send to per hour for internal recipients. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientlimitperday", + "title": "Set a daily message limit", + "desc": "Configure the maximum number of recipients that a user can send to within a day. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_thresholdreachedaction", + "title": "Apps:mdo_thresholdreachedaction", + "desc": "Configure action to take when any of the limits specified in the outbound anti-spam policy are reached. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_enablemailboxintelligence", + "title": "Ensure that mailbox intelligence is enabled", + "desc": "\n Turns on artificial intelligence (AI) that identifies users’ email patterns with their frequent contacts to spot potential phishing attempts.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_mailboxintelligenceprotection", + "title": "Ensure that intelligence for impersonation protection is enabled", + "desc": "\n Enables enhanced impersonation results based on each user's individual sender map and allows you to define specific actions for impersonated messages.\n
    \n
    \n This setting is available only if ‘Enable mailbox intelligence’ is selected.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_mailboxintelligenceprotectionaction", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "desc": "\n This setting specifies what to do with messages for impersonation detections from mailbox intelligence results.\n
    \n
    \n If a message is detected to be an impersonated user by mailbox intelligence, no action will be applied by default. We recommend moving the message to the recipients’ junk email folder and strongly recommend quarantining it.\n
    \n
    \n This setting is available only if the ‘Ensure that intelligence for impersonation protection is enabled’ setting is properly configured.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_enabledomainstoprotect", + "title": "Enable impersonated domain protection", + "desc": "\n Prevents specified domains from being impersonated by the message sender's domain.\n
    \n
    \n When you add domains to the ‘Enable domains to protect’ list, messages from senders in those domains are subject to impersonation protection checks. The message is checked for impersonation if it’s sent to a recipient that the policy applies to.\n
    \n
    \n If impersonation is detected in the sender's domain, the impersonation protection actions for domains are applied to the message.\n
    \n
    \n By default, no sender domains are covered by impersonation protection, either in the default policy or in custom policies.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_phishthresholdlevel", + "title": "Set the phishing email level threshold at 2 or higher", + "desc": "\n The threshold controls the sensitivity with which machine learning models are applied to email messages to determine whether a phishing attempt has occurred.\n
    \n A higher value indicates greater sensitivity. The default value is 1, but 2 or 3 are the recommended values.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_similardomainssafetytips", + "title": "Apps:mdo_similardomainssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for domain impersonation detections.\n
    \n
    \n When the ‘Show domain impersonation safety tip’ is enabled, the tip “This sender might be impersonating a domain that's associated with your organization” is shown to recipients in messages where the sender's email domain is included in domain impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_similaruserssafetytips", + "title": "Apps:mdo_similaruserssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation safety tip’ is enabled, the tip “This sender appears to be similar to someone who previously sent you email but may not be that person” is shown to recipients in messages where the sender's email address is included in user impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targeteddomainprotectionaction", + "title": "Apps:mdo_targeteddomainprotectionaction", + "desc": "\n This setting specifies the action to take on detected domain impersonation messages.\n
    \n
    \n If a message is detected from an impersonated domain, no action is taken by default. We recommend quarantining the message.\n
    \n
    \n This setting is available only if ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targeteduserprotectionaction", + "title": "Apps:mdo_targeteduserprotectionaction", + "desc": "\n This setting specifies the action to take on detected user impersonation messages.\n
    \n
    \n If a message is detected from an impersonated user, no default action will be taken. We recommend quarantining the message.\n
    \n
    \n Whenever you select ‘Quarantine the message’, a ‘Select quarantine policy’ box is available.\n
    \n Quarantine policies define who is allowed to do to quarantined messages.\n
    \n
    \n This setting is available only if ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targetedusersprotection", + "title": "Apps:mdo_targetedusersprotection", + "desc": "\n Prevents specified internal or external email addresses from being impersonated as message senders in phishing attempts.\n
    \n By default, impersonated user protection is disabled, and no sender email addresses are covered by impersonation protection, whether in the default policy or in custom policies.\n
    \n
    \n We highly recommend adding users (message senders) in key roles. Internally, protected senders might be your CEO, CFO, and other senior leaders. Externally, protected senders could include council members or your board of directors.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_unusualcharacterssafetytips", + "title": "Apps:mdo_unusualcharacterssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for unusual characters in domain and user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation unusual safety tip’ is enabled, the tip is shown to recipients in messages where the sender's name or email address contains characters that are not typically used together, such as a mix of mathematical symbols and plain text or a mix of uppercase and lowercase letters.\n
    \n
    \n Example tip:\n
    \n ‘The email address MARY@CoNTᴏSO.CᴏM includes unexpected letters or numbers. We recommend you do not interact with this message.’\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_spam_notifications_only_for_admins", + "title": "Apps:mdo_spam_notifications_only_for_admins", + "desc": "In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP. Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails.

    Note: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant, then ensure the setting is set as
    outlined in the highest priority policy listed.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safeattachmentpolicy", + "title": "Ensure Safe Attachments policy is enabled", + "desc": "

    The Safe Attachments policy helps protect users from malware in email attachments by
    scanning attachments for viruses, malware, and other malicious content. When an email
    attachment is received by a user, Safe Attachments will scan the attachment in a secure
    environment and provide a verdict on whether the attachment is safe or not.

    Rationale:
    Enabling Safe Attachments policy helps protect against malware threats in email
    attachments by analyzing suspicious attachments in a secure, cloud-based environment
    before they are delivered to the user's inbox. This provides an additional layer of
    security and can prevent new or unseen types of malware from infiltrating the
    organization's network.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "label": "fix" + }, + { + "data": "Delivery of email with attachments may be delayed while scanning is occurring.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safelinksforOfficeApps", + "title": "Apps:mdo_safelinksforOfficeApps", + "desc": "Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_antiphishingpolicies", + "title": "Ensure that an anti-phishing policy has been created", + "desc": "By default, Office 365 includes built-in features that help protect users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view to fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

    Rationale: Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "label": "fix" + }, + { + "data": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_blockmailforward", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "desc": "

    Exchange Online offers several methods of managing the flow of email messages.
    These are Remote domain, Transport Rules, and Anti-spam outbound policies. These
    methods work together to provide comprehensive coverage for potential automatic
    forwarding channels:

    • Outlook forwarding using inbox rules
    • Outlook forwarding configured using OOF rule
    • OWA forwarding setting (ForwardingSmtpAddress)
    • Forwarding set by the admin using EAC (ForwardingAddress)
    • Forwarding using Power Automate / Flow

    NOTE:

    • In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically.
    • Any exclusions should be implemented based on organizational policy.

    Rationale:
    Attackers often create these rules to exfiltrate data from your tenancy, this could be
    accomplished via access to an end-user account or otherwise. An insider could also use
    one of these methods as an secondary channel to exfiltrate sensitive data.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "label": "fix" + }, + { + "data": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:IntegratedApps", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "desc": "To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher.", + "impact": 0.4, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 4 + ], + "rank": [ + 35 + ], + "tiers": [ + "Defense In Depth" + ], + "threats": [ + [ + "Data Exfiltration", + "Data Spillage" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "label": "fix" + }, + { + "data": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You have no user consent policy in place.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:PWAgePolicyNew", + "title": "Identity:PWAgePolicyNew", + "desc": "Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Your current policy is set to let passwords expire.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:SelfServicePasswordReset", + "title": "Identity:SelfServicePasswordReset", + "desc": "With self-service password reset in Microsoft Entra ID, users no longer need to engage help desk to reset passwords. This feature works well with Microsoft Entra ID dynamically banned passwords, which prevents easily guessable passwords from being used.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 0 users who don't have self-service password reset enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:BlockLegacyAuthentication", + "title": "Enable Conditional Access policies to block legacy authentication", + "desc": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multifactor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 8 + ], + "rank": [ + 68 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Password Cracking", + "Account Breach" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "label": "fix" + }, + { + "data": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 1 users that don't have legacy authentication blocked.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:MFARegistrationV2", + "title": "Identity:MFARegistrationV2", + "desc": "Multifactor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 out of 1 users that aren’t registered with MFA.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:AdminMFAV2", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "desc": "

    Requiring multifactor authentication (MFA) for administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, your entire organization is exposed. At a minimum, protect the following roles: 

    • Global administrator 
    • Authentication administrator 
    • Billing administrator 
    • Conditional Access administrator 
    • Exchange administrator 
    • Helpdesk administrator 
    • Security administrator 
    • SharePoint administrator 
    • User administrator 
    ", + "impact": 1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 10 + ], + "rank": [ + 1 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "label": "fix" + }, + { + "data": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 out of 1 users with administrative roles that aren’t registered and protected with MFA.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:SigninRiskPolicy", + "title": "Identity:SigninRiskPolicy", + "desc": "Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multifactor authentication (MFA).", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 1 users that don't have the sign-in risky policy turned on.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:UserRiskPolicy", + "title": "Identity:UserRiskPolicy", + "desc": "With the user risk policy turned on, Microsoft Entra ID detects the probability that a user account has been compromised. As an administrator, you can configure a user risk Conditional Access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 users out of 1 that do not have user risk policy enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:OneAdmin", + "title": "Identity:OneAdmin", + "desc": "

    Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.

    Note:

    According to CIS O365 Benchmark 2.0.0, the suggestion is to have between two to four global admins. Currently, the condition to comply is to have more than one global administrator - This security recommendation will be updated accordingly to CIS benchmark in the future.

    Rationale:

    If there is only one global tenant administrator, he or she can perform malicious activity without the possibility of being discovered by another admin. If there are numerous global tenant administrators, the more likely it is that one of their accounts will be successfully breached by an external attacker.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You currently have 1 global admins.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:RoleOverlap", + "title": "Identity:RoleOverlap", + "desc": "Ensure that your administrators can accomplish their work with the least amount of privilege assigned to their account. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You have 0 users with least privileged administrative roles.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + } + ], + "sha256": "e34570699cb31e407b8e8444d1db0d5b0a12614b69ee9b5ba5e8b1068b556907" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "Microsoft Secure Score", + "data": { + "reportId": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "tenantId": "12345678-1234-1234-1234-1234567890abcd", + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + }, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "currentScore": 128, + "maxScore": 274, + "secureScores": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores" + } + } + } + ], + "raw": { + "secureScore": { + "value": [ + { + "id": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "activeUserCount": 1, + "createdDateTime": "2024-01-01T00:00:00Z", + "currentScore": 128, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "licensedUserCount": 0, + "maxScore": 274, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "controlScores": [ + { + "controlCategory": "Apps", + "controlName": "spo_idle_session_timeout", + "description": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "spo_legacy_auth", + "description": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "score": 0, + "lastSynced": "2024-01-01T17:12:14Z", + "implementationStatus": "The setting is not compliant.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasFirewallLogUpload", + "description": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCutomActivityPolicy", + "description": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasCloudAppNotification", + "description": "App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Policy in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "McasOAuthAppNotification", + "description": "OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.", + "score": 0, + "lastSynced": "2024-01-01T04:34:13Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "AATP_DefenderForIdentityIsNotInstalled", + "description": "Installing Microsoft Defender for Identity sensors provides you with the ability to detect advanced threats in your entire identity infrastructure. Actionable security alerts are generated through the analysis of network traffic and security events.", + "score": 0, + "lastSynced": "2024-01-01T14:59:53Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_atpprotection", + "description": "Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Data", + "controlName": "dlp_datalossprevention", + "description": "Data Loss Prevention (DLP) policies allows content in multiple locations, such as, devices, Exchange online and Teams chats to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_individualsharing", + "description": "Users should not be allowed to share the full details of their calendars with external users.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safedocuments", + "description": "Safe Documents uses Microsoft Defender for Endpoint to scan documents and files for malicious content. To keep you protected, Safe Documents sends files to the Defender for Endpoint cloud for analysis. Files sent by Safe Documents are not retained in Defender for Endpoint beyond the time needed for analysis (typically, less than 24 hours).", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_connectionfilter", + "description": "

    If you're a Microsoft 365 customer with mailboxes in Exchange Online or a standalone Exchange Online Protection (EOP) customer without Exchange Online mailboxes, EOP offers multiple ways of ensuring that users will receive email from trusted senders. These options include Exchange mail flow rules (also known as transport rules), Outlook Safe Senders, the IP Allow List (connection filtering), and allowed sender lists or allowed domain lists in anti-spam policies. Collectively, you can think of these options as safe sender lists.

    The available safe sender lists are described in the following list in order from most recommended to least recommended:
    1. Mail flow rules
    2. Outlook Safe Senders
    3. IP Allow List (connection filtering)
    4. Allowed sender lists or allowed domain lists (anti-spam policies)

    Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. Since the IP Allow List doesn't prevent malware or high confidence phishing messages from being filtered, this creates a high risk of attackers successfully delivering email to an inbox that would otherwise be filtered.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The allowed IP addresses list in the connection filter policy is empty ", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_purviewlabelconsent", + "description": "\n To get work done, people in your organization collaborate with others both inside and outside the organization. Data doesn't always stay in your cloud, and often roams everywhere—across devices, apps, and services. When your data roams, you still want it to be secure in a way that meets your organization's business and compliance policies.\n
    \n
    \n Applying sensitivity labels to your content helps you keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, letting you track the type of data without exposing sensitive data on other platforms.\n
    \n
    \n For example, applying the sensitivity label ‘highly confidential’ to a document that contains social security numbers and credit card numbers helps you identify the sensitivity of the document without knowing the actual data in the document.\n
    \n
    \n The sensitivity labels created in Microsoft Purview Information Protection can also be extended to the Microsoft Purview data map. When you apply a label on an office document and then scan it into the Microsoft Purview data map, the label will be applied to the data asset.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "The setting was not enabled.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "CustomerLockBoxEnabled", + "description": "Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Feature in place: false.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_oauth2clientprofileenabled", + "description": "Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use modern authentication to log in 'to Microsoft 365 mailboxes. When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.

    When users initially configure certain email clients, like Outlook 2013 and Outlook 2016, they may be required to authenticate using enhanced authentication mechanisms, such as multifactor authentication. Other Outlook clients that are available in Microsoft 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern uthentication to log in to Microsoft 365 mailboxes", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Modern authentication for Exchange Online is enabled", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailtipsenabled", + "description": "MailTips assist end users with identifying strange patterns to emails they send.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "MailTips for end users are disabled.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_transportrulesallowlistdomains", + "description": "You should set Spam confidence level (SCL) in your Exchange Online mail transport rules with specific domains. Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain. \n\t

    Note: In order to get a score for this security control, all the active transport rule that applies to specific domains must have a Spam Confidence Level (SCL) of 0 or higher.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Spam confidence level (SCL) is not configured in mail transport rules with specific domain", + "on": "true", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mip_search_auditlog", + "description": "When audit log search in the Microsoft Purview compliance portal is enabled, user and admin activity from your organization is recorded in the audit log and retained for 90 days. However, your organization might be using a third-party security information and event management (SIEM) application to access your auditing data. In that case, a global admin can turn off audit log search in Microsoft 365.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Microsoft 365 audit log search is enabled disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_mailboxaudit", + "description": "

    By turning on mailbox auditing, Microsoft 365 back office teams can track logons to a mailbox as well as what actions are taken while the user is logged on. After you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

    Rationale:

    Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations.

    This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log. When mailbox auditing on by default is turned on for the organization, the AuditEnabled property for affected mailboxes won't be changed from False to True. In other words, mailbox auditing on by default ignores the AuditEnabled property on mailboxes.

    However, only certain mailbox types support default auditing setting 'On': User Mailboxes, Shared Mailboxes, and Microsoft 365 Group Mailboxes. The remaining mailbox types require auditing to be turned on at the mailbox level: Resource Mailboxes, Public Folder Mailboxes, and DiscoverySearch Mailbox.

    Whether it is for regulatory compliance or for tracking unauthorized configuration changes in Microsoft 365, enabling mailbox auditing allows for Microsoft 365 back office teams to run security operations, forensics or general investigations on mailbox activities.

    NOTE: Without advanced auditing (E5 function) the logs are limited to 90 days.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Mailbox auditing for all users is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_storageproviderrestricted", + "description": "

    This setting allows users to open certain external files while working in Outlook on the
    web. If allowed, keep in mind that Microsoft doesn't control the use terms or privacy
    policies of those third-party services.

    Ensure AdditionalStorageProvidersAvailable is restricted.

    Rationale:

    By default additional storage providers are allowed in Office on the Web (such as Box,
    Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to
    information leakage and additional risk of infection from organizational non-trusted
    storage providers. Restricting this will inherently reduce risk as it will narrow
    opportunities for infection and data leakage.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Additional storage providers are restricted in Outlook on the web is not configured correctly. Please follow next steps to correctly configure the control.", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "exo_outlookaddins", + "description": "

    Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.

    Rationale:
    Attackers exploit vulnerable or custom add-ins to access user data. Disabling user installed add-ins in Microsoft Outlook reduces this threat surface.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Installing Outlook add-ins configuration is disabled", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapspam", + "description": "

    For unread messages that are identified as spam after delivery, the ZAP outcome depends on the action that's configured for the Spam filtering verdict in the applicable anti-spam policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapphish", + "description": "

    For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_zapmalware", + "description": "

    Zero-hour auto purge (ZAP) quarantines the message that contains malware attachment for both read, as well as unread, messages that are found to contain malware after delivery. Only admins can view and manage messages that have been quarantined.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "score": 6, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachments", + "description": "Safe Attachments in block mode prevents messages with detected malware attachments from being delivered. These messages are quarantined and only admins (not regular users) can review, release, or delete them. This will also automatically block future malware attachments.\n\t

    \n\tMDO Built-in protection policy provides safe attachments protection for everyone by default. You could also create additional Safe Attachment policies for customized Safe Attachment operations.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforemail", + "description": "MDO Built-in protection policy will provide base level safe links protection for everyone by default. You could also create additional Safe Links policies for enhanced or customized Safe Links operations.", + "score": 9, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_commonattachmentsfilter", + "description": "There are certain types of files that are risker to send and receive via email due to the likelihood that they contain malware (for example, executable files). To make sure these file types don't get through, enable the common attachment filter. You can use the default list of file types or customize it. The default file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs. Messages with the specified attachments types are treated as malware and are automatically quarantined.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_sensitivitylabelspolicies", + "description": "Set up and use data classification policies on data stored in your users' Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups.\n
    \n
    \nThe policies will help categorize your most important data so you can effectively protect it from illicit access and will help make it easier to investigate discovered breaches.\n
    \n
    \nCreation of data classification policies will not cause a significant impact to an organization. However, ensuring long term adherence with policies can potentially be a significant training and ongoing compliance effort across an organization. Organizations should ensure that training and compliance planning is part of the classification policy creation process.\n
    \n
    \nThis information was taken from Center for Internet Security (CIS).\n ", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 1 of the 1 users", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Data", + "controlName": "mip_autosensitivitylabelspolicies", + "description": "\n Create auto-labeling policies to automatically apply sensitivity labels to email messages or OneDrive and SharePoint files that contain sensitive info.\n
    \n This ability to apply sensitivity labels to content automatically is important because:\n
    \n You don't need to train your users on the appropriate way to use each of your classifications.\n
    \n You don't need to rely on users to classify all content correctly.\n
    \n Users no longer need to know about your policies—they can instead focus on their work.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "Policies were published on 0 of the 1 users", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencespamaction", + "description": "Set the action that will be taken on high confidence spam detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phisspamacation", + "description": "Set the action that will be taken on phishing detection.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_highconfidencephishaction", + "description": "Set the action that will be taken on high confidence phishing detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkspamaction", + "description": "Set the action that will be taken on bulk spam detection.", + "score": 3, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_quarantineretentionperiod", + "description": "Specifies how long to keep the message in quarantine if you selected “Quarantine message” as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_allowedsenderscombined", + "description": "Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.", + "score": 2, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_bulkthreshold", + "description": "Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the bulk spam filtering verdict that you configure on the next page. A higher value indicates that the message is less desirable (more likely to resemble spam). While the default value is 7, 6 or lower is the recommended value.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spamaction", + "description": "Set the action that will be taken on spam detection.", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_autoforwardingmode", + "description": "", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientexternallimitperhour", + "description": "Configure the maximum number of external recipients that a user can email per hour. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientinternallimitperhour", + "description": "Configure the maximum number of recipients that a user can send to per hour for internal recipients. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_recipientlimitperday", + "description": "Configure the maximum number of recipients that a user can send to within a day. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "score": 1, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_thresholdreachedaction", + "description": "Configure action to take when any of the limits specified in the outbound anti-spam policy are reached. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enablemailboxintelligence", + "description": "\n Turns on artificial intelligence (AI) that identifies users’ email patterns with their frequent contacts to spot potential phishing attempts.\n ", + "score": 8, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotection", + "description": "\n Enables enhanced impersonation results based on each user's individual sender map and allows you to define specific actions for impersonated messages.\n
    \n
    \n This setting is available only if ‘Enable mailbox intelligence’ is selected.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_mailboxintelligenceprotectionaction", + "description": "\n This setting specifies what to do with messages for impersonation detections from mailbox intelligence results.\n
    \n
    \n If a message is detected to be an impersonated user by mailbox intelligence, no action will be applied by default. We recommend moving the message to the recipients’ junk email folder and strongly recommend quarantining it.\n
    \n
    \n This setting is available only if the ‘Ensure that intelligence for impersonation protection is enabled’ setting is properly configured.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_enabledomainstoprotect", + "description": "\n Prevents specified domains from being impersonated by the message sender's domain.\n
    \n
    \n When you add domains to the ‘Enable domains to protect’ list, messages from senders in those domains are subject to impersonation protection checks. The message is checked for impersonation if it’s sent to a recipient that the policy applies to.\n
    \n
    \n If impersonation is detected in the sender's domain, the impersonation protection actions for domains are applied to the message.\n
    \n
    \n By default, no sender domains are covered by impersonation protection, either in the default policy or in custom policies.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_phishthresholdlevel", + "description": "\n The threshold controls the sensitivity with which machine learning models are applied to email messages to determine whether a phishing attempt has occurred.\n
    \n A higher value indicates greater sensitivity. The default value is 1, but 2 or 3 are the recommended values.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similardomainssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for domain impersonation detections.\n
    \n
    \n When the ‘Show domain impersonation safety tip’ is enabled, the tip “This sender might be impersonating a domain that's associated with your organization” is shown to recipients in messages where the sender's email domain is included in domain impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_similaruserssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation safety tip’ is enabled, the tip “This sender appears to be similar to someone who previously sent you email but may not be that person” is shown to recipients in messages where the sender's email address is included in user impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteddomainprotectionaction", + "description": "\n This setting specifies the action to take on detected domain impersonation messages.\n
    \n
    \n If a message is detected from an impersonated domain, no action is taken by default. We recommend quarantining the message.\n
    \n
    \n This setting is available only if ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targeteduserprotectionaction", + "description": "\n This setting specifies the action to take on detected user impersonation messages.\n
    \n
    \n If a message is detected from an impersonated user, no default action will be taken. We recommend quarantining the message.\n
    \n
    \n Whenever you select ‘Quarantine the message’, a ‘Select quarantine policy’ box is available.\n
    \n Quarantine policies define who is allowed to do to quarantined messages.\n
    \n
    \n This setting is available only if ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_targetedusersprotection", + "description": "\n Prevents specified internal or external email addresses from being impersonated as message senders in phishing attempts.\n
    \n By default, impersonated user protection is disabled, and no sender email addresses are covered by impersonation protection, whether in the default policy or in custom policies.\n
    \n
    \n We highly recommend adding users (message senders) in key roles. Internally, protected senders might be your CEO, CFO, and other senior leaders. Externally, protected senders could include council members or your board of directors.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_unusualcharacterssafetytips", + "description": "\n This setting specifies whether to enable the safety tip that is shown to recipients for unusual characters in domain and user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation unusual safety tip’ is enabled, the tip is shown to recipients in messages where the sender's name or email address contains characters that are not typically used together, such as a mix of mathematical symbols and plain text or a mix of uppercase and lowercase letters.\n
    \n
    \n Example tip:\n
    \n ‘The email address MARY@CoNTᴏSO.CᴏM includes unexpected letters or numbers. We recommend you do not interact with this message.’\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_spam_notifications_only_for_admins", + "description": "In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP. Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails.

    Note: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant, then ensure the setting is set as
    outlined in the highest priority policy listed.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safeattachmentpolicy", + "description": "

    The Safe Attachments policy helps protect users from malware in email attachments by
    scanning attachments for viruses, malware, and other malicious content. When an email
    attachment is received by a user, Safe Attachments will scan the attachment in a secure
    environment and provide a verdict on whether the attachment is safe or not.

    Rationale:
    Enabling Safe Attachments policy helps protect against malware threats in email
    attachments by analyzing suspicious attachments in a secure, cloud-based environment
    before they are delivered to the user's inbox. This provides an additional layer of
    security and can prevent new or unseen types of malware from infiltrating the
    organization's network.

    ", + "score": 5, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_safelinksforOfficeApps", + "description": "Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_antiphishingpolicies", + "description": "By default, Office 365 includes built-in features that help protect users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view to fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

    Rationale: Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Apps", + "controlName": "mdo_blockmailforward", + "description": "

    Exchange Online offers several methods of managing the flow of email messages.
    These are Remote domain, Transport Rules, and Anti-spam outbound policies. These
    methods work together to provide comprehensive coverage for potential automatic
    forwarding channels:

    • Outlook forwarding using inbox rules
    • Outlook forwarding configured using OOF rule
    • OWA forwarding setting (ForwardingSmtpAddress)
    • Forwarding set by the admin using EAC (ForwardingAddress)
    • Forwarding using Power Automate / Flow

    NOTE:

    • In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically.
    • Any exclusions should be implemented based on organizational policy.

    Rationale:
    Attackers often create these rules to exfiltrate data from your tenancy, this could be
    accomplished via access to an end-user account or otherwise. An insider could also use
    one of these methods as an secondary channel to exfiltrate sensitive data.

    ", + "score": 0, + "lastSynced": "2024-01-01T13:58:47Z", + "implementationStatus": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "count": "0", + "total": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "IntegratedApps", + "description": "To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have no user consent policy in place.", + "on": "false", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "PWAgePolicyNew", + "description": "Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "Your current policy is set to let passwords expire.", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SelfServicePasswordReset", + "description": "With self-service password reset in Microsoft Entra ID, users no longer need to engage help desk to reset passwords. This feature works well with Microsoft Entra ID dynamically banned passwords, which prevents easily guessable passwords from being used.", + "score": 1, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 0 users who don't have self-service password reset enabled.", + "count": "0", + "total": "0", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "BlockLegacyAuthentication", + "description": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multifactor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.", + "score": 8, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have legacy authentication blocked.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "MFARegistrationV2", + "description": "Multifactor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.", + "score": 9, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users that aren’t registered with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "AdminMFAV2", + "description": "

    Requiring multifactor authentication (MFA) for administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, your entire organization is exposed. At a minimum, protect the following roles: 

    • Global administrator 
    • Authentication administrator 
    • Billing administrator 
    • Conditional Access administrator 
    • Exchange administrator 
    • Helpdesk administrator 
    • Security administrator 
    • SharePoint administrator 
    • User administrator 
    ", + "score": 10, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 out of 1 users with administrative roles that aren’t registered and protected with MFA.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "SigninRiskPolicy", + "description": "Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multifactor authentication (MFA).", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 of 1 users that don't have the sign-in risky policy turned on.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "UserRiskPolicy", + "description": "With the user risk policy turned on, Microsoft Entra ID detects the probability that a user account has been compromised. As an administrator, you can configure a user risk Conditional Access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.", + "score": 7, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users out of 1 that do not have user risk policy enabled.", + "count": "1", + "total": "1", + "scoreInPercentage": 100 + }, + { + "controlCategory": "Identity", + "controlName": "OneAdmin", + "description": "

    Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.

    Note:

    According to CIS O365 Benchmark 2.0.0, the suggestion is to have between two to four global admins. Currently, the condition to comply is to have more than one global administrator - This security recommendation will be updated accordingly to CIS benchmark in the future.

    Rationale:

    If there is only one global tenant administrator, he or she can perform malicious activity without the possibility of being discovered by another admin. If there are numerous global tenant administrators, the more likely it is that one of their accounts will be successfully breached by an external attacker.

    ", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You currently have 1 global admins.", + "count": "1", + "scoreInPercentage": 0 + }, + { + "controlCategory": "Identity", + "controlName": "RoleOverlap", + "description": "Ensure that your administrators can accomplish their work with the least amount of privilege assigned to their account. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.", + "score": 0, + "lastSynced": "2024-07-11T01:07:39Z", + "implementationStatus": "You have 0 users with least privileged administrative roles.", + "count": "0", + "scoreInPercentage": 0 + } + ] + } + ], + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores" + }, + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + } + } + } + } +] \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdfs.json b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdfs.json new file mode 100644 index 0000000000..bcc3333eba --- /dev/null +++ b/libs/hdf-converters/sample_jsons/msft_secure_score_mapper/secure_score-hdfs.json @@ -0,0 +1,10548 @@ +[ + { + "platform": { + "name": "Heimdall Tools", + "release": "2.10.12" + }, + "version": "2.10.12", + "statistics": {}, + "profiles": [ + { + "name": "Microsoft Secure Score Scan", + "title": "Azure Secure Score report - Tenant ID: 12345678-1234-1234-1234-1234567890abcd - Run ID: 12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "id": "Apps:spo_idle_session_timeout", + "title": "Apps:spo_idle_session_timeout", + "desc": "\n\t\t\tIdle session sign-out lets you specify a time at which users are warned and are later signed out of Microsoft 365 after a period of browser inactivity in SharePoint and OneDrive.\n
    \n\t\t\tThis policy is one of several you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe, regardless of where users access the data from, what device they're working on, and how secure their network connection is.\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:spo_legacy_auth", + "title": "Apps:spo_legacy_auth", + "desc": "\n\t\t\tModern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.\n\t\t\t
    \n\t\t\tStrong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.\n\t\t\t
    \n\t\t\tThis information was taken from Center for Internet Security (CIS).\n\t\t", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting is not compliant.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasFirewallLogUpload", + "title": "Deploy a log collector to discover shadow IT activity", + "desc": "Log collectors provide visibility into cloud app usage so you can identify if there are any apps that run without official approval, or if there is anomalous behavior. Log collectors automatically upload reports and parse the firewall/ proxy traffic logs to see if there is a match with your services in the Cloud App Catalog.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 82 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "label": "fix" + }, + { + "data": "This change has no known impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasCutomActivityPolicy", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "desc": "Activity policies help you monitor specific activities carried out by users, or follow unexpectedly high rates of certain types of activities. After you set an activity detection policy, it starts to generate alerts. Alerts are only generated on activities that occur after you create the policy.", + "impact": 0.2, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 2 + ], + "rank": [ + 80 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policy in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasCloudAppNotification", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "desc": "App discovery policies can notify you when new apps or abnormal usage is observed within your organization, based on traffic logs data.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 75 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policy in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:McasOAuthAppNotification", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "desc": "OAuth app policies can help you manage app permission and notify you when a user or an admin consents to a new Open Authorization (OAuth) app. With this information, you can investigate which permissions each app requested and which users authorized them.", + "impact": 0.4, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 4 + ], + "rank": [ + 57 + ], + "tiers": [ + "Defense In Depth" + ], + "threats": [ + [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ] + ], + "services": [ + "MCAS" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "label": "fix" + }, + { + "data": "This change will have a moderate impact on your users.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:AATP_DefenderForIdentityIsNotInstalled", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "desc": "Installing Microsoft Defender for Identity sensors provides you with the ability to detect advanced threats in your entire identity infrastructure. Actionable security alerts are generated through the analysis of network traffic and security events.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 5 + ], + "rank": [ + 59 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "Azure ATP" + ], + "userImpacts": [ + "low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_atpprotection", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "desc": "Microsoft Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:dlp_datalossprevention", + "title": "Ensure DLP policies are enabled", + "desc": "Data Loss Prevention (DLP) policies allows content in multiple locations, such as, devices, Exchange online and Teams chats to be scanned for specific types of data like social security numbers, credit card numbers, or passwords.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Data" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MIP" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_individualsharing", + "title": "Ensure 'External sharing' of calendars is not available", + "desc": "Users should not be allowed to share the full details of their calendars with external users.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safedocuments", + "title": "Turn on Safe Documents for Office Clients", + "desc": "Safe Documents uses Microsoft Defender for Endpoint to scan documents and files for malicious content. To keep you protected, Safe Documents sends files to the Defender for Endpoint cloud for analysis. Files sent by Safe Documents are not retained in Defender for Endpoint beyond the time needed for analysis (typically, less than 24 hours).", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_connectionfilter", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "desc": "

    If you're a Microsoft 365 customer with mailboxes in Exchange Online or a standalone Exchange Online Protection (EOP) customer without Exchange Online mailboxes, EOP offers multiple ways of ensuring that users will receive email from trusted senders. These options include Exchange mail flow rules (also known as transport rules), Outlook Safe Senders, the IP Allow List (connection filtering), and allowed sender lists or allowed domain lists in anti-spam policies. Collectively, you can think of these options as safe sender lists.

    The available safe sender lists are described in the following list in order from most recommended to least recommended:
    1. Mail flow rules
    2. Outlook Safe Senders
    3. IP Allow List (connection filtering)
    4. Allowed sender lists or allowed domain lists (anti-spam policies)

    Without additional verification like mail flow rules, email from sources in the IP Allow List skips spam filtering and sender authentication (SPF, DKIM, DMARC) checks. Since the IP Allow List doesn't prevent malware or high confidence phishing messages from being filtered, this creates a high risk of attackers successfully delivering email to an inbox that would otherwise be filtered.

    ", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "The allowed IP addresses list in the connection filter policy is empty ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_purviewlabelconsent", + "title": "Data:mip_purviewlabelconsent", + "desc": "\n To get work done, people in your organization collaborate with others both inside and outside the organization. Data doesn't always stay in your cloud, and often roams everywhere—across devices, apps, and services. When your data roams, you still want it to be secure in a way that meets your organization's business and compliance policies.\n
    \n
    \n Applying sensitivity labels to your content helps you keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, letting you track the type of data without exposing sensitive data on other platforms.\n
    \n
    \n For example, applying the sensitivity label ‘highly confidential’ to a document that contains social security numbers and credit card numbers helps you identify the sensitivity of the document without knowing the actual data in the document.\n
    \n
    \n The sensitivity labels created in Microsoft Purview Information Protection can also be extended to the Microsoft Purview data map. When you apply a label on an office document and then scan it into the Microsoft Purview data map, the label will be applied to the data asset.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "The setting was not enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:CustomerLockBoxEnabled", + "title": "Ensure the customer lockbox feature is enabled", + "desc": "Turning on the customer lockbox feature requires that approval is obtained for datacenter operations that grants a Microsoft employee direct access to your content. Access may be needed by Microsoft support engineers if an issue arises. There's an expiration time on the request and content access is removed after the support engineer has fixed the issue.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 127 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "label": "fix" + }, + { + "data": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Feature in place: false.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_oauth2clientprofileenabled", + "title": "Ensure modern authentication for Exchange Online is enabled", + "desc": "Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use modern authentication to log in 'to Microsoft 365 mailboxes. When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.

    When users initially configure certain email clients, like Outlook 2013 and Outlook 2016, they may be required to authenticate using enhanced authentication mechanisms, such as multifactor authentication. Other Outlook clients that are available in Microsoft 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern uthentication to log in to Microsoft 365 mailboxes", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Account breach", + "Data Exfiltration" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "label": "fix" + }, + { + "data": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Modern authentication for Exchange Online is enabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_mailtipsenabled", + "title": "Ensure MailTips are enabled for end users", + "desc": "MailTips assist end users with identifying strange patterns to emails they send.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "label": "fix" + }, + { + "data": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "MailTips for end users are disabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_transportrulesallowlistdomains", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "desc": "You should set Spam confidence level (SCL) in your Exchange Online mail transport rules with specific domains. Allow-listing domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain. \n\t

    Note: In order to get a score for this security control, all the active transport rule that applies to specific domains must have a Spam Confidence Level (SCL) of 0 or higher.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "label": "fix" + }, + { + "data": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Spam confidence level (SCL) is not configured in mail transport rules with specific domain", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mip_search_auditlog", + "title": "Apps:mip_search_auditlog", + "desc": "When audit log search in the Microsoft Purview compliance portal is enabled, user and admin activity from your organization is recorded in the audit log and retained for 90 days. However, your organization might be using a third-party security information and event management (SIEM) application to access your auditing data. In that case, a global admin can turn off audit log search in Microsoft 365.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Microsoft 365 audit log search is enabled disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_mailboxaudit", + "title": "Ensure mailbox auditing for all users is Enabled", + "desc": "

    By turning on mailbox auditing, Microsoft 365 back office teams can track logons to a mailbox as well as what actions are taken while the user is logged on. After you turn on mailbox audit logging for a mailbox, you can search the audit log for mailbox activity. Additionally, when mailbox audit logging is turned on, some actions performed by administrators, delegates, and owners are logged by default.

    Rationale:

    Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations.

    This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log. When mailbox auditing on by default is turned on for the organization, the AuditEnabled property for affected mailboxes won't be changed from False to True. In other words, mailbox auditing on by default ignores the AuditEnabled property on mailboxes.

    However, only certain mailbox types support default auditing setting 'On': User Mailboxes, Shared Mailboxes, and Microsoft 365 Group Mailboxes. The remaining mailbox types require auditing to be turned on at the mailbox level: Resource Mailboxes, Public Folder Mailboxes, and DiscoverySearch Mailbox.

    Whether it is for regulatory compliance or for tracking unauthorized configuration changes in Microsoft 365, enabling mailbox auditing allows for Microsoft 365 back office teams to run security operations, forensics or general investigations on mailbox activities.

    NOTE: Without advanced auditing (E5 function) the logs are limited to 90 days.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Mailbox auditing for all users is disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_storageproviderrestricted", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "desc": "

    This setting allows users to open certain external files while working in Outlook on the
    web. If allowed, keep in mind that Microsoft doesn't control the use terms or privacy
    policies of those third-party services.

    Ensure AdditionalStorageProvidersAvailable is restricted.

    Rationale:

    By default additional storage providers are allowed in Office on the Web (such as Box,
    Dropbox, Facebook, Google Drive, OneDrive Personal, etc.). This could lead to
    information leakage and additional risk of infection from organizational non-trusted
    storage providers. Restricting this will inherently reduce risk as it will narrow
    opportunities for infection and data leakage.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "label": "fix" + }, + { + "data": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Additional storage providers are restricted in Outlook on the web is not configured correctly. Please follow next steps to correctly configure the control.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:exo_outlookaddins", + "title": "Ensure users installing Outlook add-ins is not allowed", + "desc": "

    Specify the administrators and users who can install and manage add-ins for Outlook in Exchange Online By default, users can install add-ins in their Microsoft Outlook Desktop client, allowing data access within the client application.

    Rationale:
    Attackers exploit vulnerable or custom add-ins to access user data. Disabling user installed add-ins in Microsoft Outlook reduces this threat surface.

    ", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "EXO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "label": "fix" + }, + { + "data": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Installing Outlook add-ins configuration is disabled", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapspam", + "title": "Apps:mdo_zapspam", + "desc": "

    For unread messages that are identified as spam after delivery, the ZAP outcome depends on the action that's configured for the Spam filtering verdict in the applicable anti-spam policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapphish", + "title": "Apps:mdo_zapphish", + "desc": "

    For read or unread messages that are identified as phishing after delivery, the ZAP outcome depends on the action that's configured for a Phishing email filtering verdict in the applicable anti-phishing policy.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_zapmalware", + "title": "Apps:mdo_zapmalware", + "desc": "

    Zero-hour auto purge (ZAP) quarantines the message that contains malware attachment for both read, as well as unread, messages that are found to contain malware after delivery. Only admins can view and manage messages that have been quarantined.

    \n

    For additional information, see Zero-hour auto purge (ZAP) in Exchange Online.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safeattachments", + "title": "Turn on Safe Attachments in block mode", + "desc": "Safe Attachments in block mode prevents messages with detected malware attachments from being delivered. These messages are quarantined and only admins (not regular users) can review, release, or delete them. This will also automatically block future malware attachments.\n\t

    \n\tMDO Built-in protection policy provides safe attachments protection for everyone by default. You could also create additional Safe Attachment policies for customized Safe Attachment operations.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safelinksforemail", + "title": "Apps:mdo_safelinksforemail", + "desc": "MDO Built-in protection policy will provide base level safe links protection for everyone by default. You could also create additional Safe Links policies for enhanced or customized Safe Links operations.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_commonattachmentsfilter", + "title": "Ensure the Common Attachment Types Filter is enabled", + "desc": "There are certain types of files that are risker to send and receive via email due to the likelihood that they contain malware (for example, executable files). To make sure these file types don't get through, enable the common attachment filter. You can use the default list of file types or customize it. The default file types are: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, .vbs. Messages with the specified attachments types are treated as malware and are automatically quarantined.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "High" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_sensitivitylabelspolicies", + "title": "Data:mip_sensitivitylabelspolicies", + "desc": "Set up and use data classification policies on data stored in your users' Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups.\n
    \n
    \nThe policies will help categorize your most important data so you can effectively protect it from illicit access and will help make it easier to investigate discovered breaches.\n
    \n
    \nCreation of data classification policies will not cause a significant impact to an organization. However, ensuring long term adherence with policies can potentially be a significant training and ongoing compliance effort across an organization. Organizations should ensure that training and compliance planning is part of the classification policy creation process.\n
    \n
    \nThis information was taken from Center for Internet Security (CIS).\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Policies were published on 1 of the 1 users", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Data:mip_autosensitivitylabelspolicies", + "title": "Data:mip_autosensitivitylabelspolicies", + "desc": "\n Create auto-labeling policies to automatically apply sensitivity labels to email messages or OneDrive and SharePoint files that contain sensitive info.\n
    \n This ability to apply sensitivity labels to content automatically is important because:\n
    \n You don't need to train your users on the appropriate way to use each of your classifications.\n
    \n You don't need to rely on users to classify all content correctly.\n
    \n Users no longer need to know about your policies—they can instead focus on their work.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "Policies were published on 0 of the 1 users", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_highconfidencespamaction", + "title": "Set action to take on high confidence spam detection", + "desc": "Set the action that will be taken on high confidence spam detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_phisspamacation", + "title": "Set action to take on phishing detection", + "desc": "Set the action that will be taken on phishing detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_highconfidencephishaction", + "title": "Set action to take on high confidence phishing detection", + "desc": "Set the action that will be taken on high confidence phishing detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_bulkspamaction", + "title": "Set action to take on bulk spam detection", + "desc": "Set the action that will be taken on bulk spam detection.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_quarantineretentionperiod", + "title": "Retain spam in quarantine for 30 days", + "desc": "Specifies how long to keep the message in quarantine if you selected “Quarantine message” as the action for a spam filtering verdict. After the time period expires, the message is deleted, and is not recoverable.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_allowedsenderscombined", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "desc": "Never add your own accepted domains or common domains (for example, microsoft.com or office.com) to the allowed domains list. If these domains are allowed to bypass spam filtering, attackers can easily send messages that spoof these trusted domains to your organization. In addition, avoid adding specific senders that can bypass spam filtering.", + "impact": 0.2, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 2 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_bulkthreshold", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "desc": "Specifies the bulk complaint level (BCL) of a message that triggers the specified action for the bulk spam filtering verdict that you configure on the next page. A higher value indicates that the message is less desirable (more likely to resemble spam). While the default value is 7, 6 or lower is the recommended value.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_spamaction", + "title": "Apps:mdo_spamaction", + "desc": "Set the action that will be taken on spam detection.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_autoforwardingmode", + "title": "Set automatic email forwarding rules to be system controlled", + "desc": "", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientexternallimitperhour", + "title": "Set maximum number of external recipients that a user can email per hour", + "desc": "Configure the maximum number of external recipients that a user can email per hour. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientinternallimitperhour", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "desc": "Configure the maximum number of recipients that a user can send to per hour for internal recipients. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_recipientlimitperday", + "title": "Set a daily message limit", + "desc": "Configure the maximum number of recipients that a user can send to within a day. After an account is compromised, attackers commonly use the account to generate spam and phish. Configuring recommended values can reduce the amount of spam and phishing emails, while also allowing you to be notified when these thresholds have been reached.", + "impact": 0.1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 1 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_thresholdreachedaction", + "title": "Apps:mdo_thresholdreachedaction", + "desc": "Configure action to take when any of the limits specified in the outbound anti-spam policy are reached. It is common, after an account compromise incident, for an attacker to use the account to generate spam and phish. Configuring the recommended values can reduce the impact.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_enablemailboxintelligence", + "title": "Ensure that mailbox intelligence is enabled", + "desc": "\n Turns on artificial intelligence (AI) that identifies users’ email patterns with their frequent contacts to spot potential phishing attempts.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_mailboxintelligenceprotection", + "title": "Ensure that intelligence for impersonation protection is enabled", + "desc": "\n Enables enhanced impersonation results based on each user's individual sender map and allows you to define specific actions for impersonated messages.\n
    \n
    \n This setting is available only if ‘Enable mailbox intelligence’ is selected.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_mailboxintelligenceprotectionaction", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "desc": "\n This setting specifies what to do with messages for impersonation detections from mailbox intelligence results.\n
    \n
    \n If a message is detected to be an impersonated user by mailbox intelligence, no action will be applied by default. We recommend moving the message to the recipients’ junk email folder and strongly recommend quarantining it.\n
    \n
    \n This setting is available only if the ‘Ensure that intelligence for impersonation protection is enabled’ setting is properly configured.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_enabledomainstoprotect", + "title": "Enable impersonated domain protection", + "desc": "\n Prevents specified domains from being impersonated by the message sender's domain.\n
    \n
    \n When you add domains to the ‘Enable domains to protect’ list, messages from senders in those domains are subject to impersonation protection checks. The message is checked for impersonation if it’s sent to a recipient that the policy applies to.\n
    \n
    \n If impersonation is detected in the sender's domain, the impersonation protection actions for domains are applied to the message.\n
    \n
    \n By default, no sender domains are covered by impersonation protection, either in the default policy or in custom policies.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_phishthresholdlevel", + "title": "Set the phishing email level threshold at 2 or higher", + "desc": "\n The threshold controls the sensitivity with which machine learning models are applied to email messages to determine whether a phishing attempt has occurred.\n
    \n A higher value indicates greater sensitivity. The default value is 1, but 2 or 3 are the recommended values.\n ", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 8 + ], + "rank": [ + 128 + ], + "tiers": [ + "Core" + ], + "threats": [ + [] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "label": "fix" + }, + { + "data": "Unknown", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_similardomainssafetytips", + "title": "Apps:mdo_similardomainssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for domain impersonation detections.\n
    \n
    \n When the ‘Show domain impersonation safety tip’ is enabled, the tip “This sender might be impersonating a domain that's associated with your organization” is shown to recipients in messages where the sender's email domain is included in domain impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_similaruserssafetytips", + "title": "Apps:mdo_similaruserssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation safety tip’ is enabled, the tip “This sender appears to be similar to someone who previously sent you email but may not be that person” is shown to recipients in messages where the sender's email address is included in user impersonation protection.\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targeteddomainprotectionaction", + "title": "Apps:mdo_targeteddomainprotectionaction", + "desc": "\n This setting specifies the action to take on detected domain impersonation messages.\n
    \n
    \n If a message is detected from an impersonated domain, no action is taken by default. We recommend quarantining the message.\n
    \n
    \n This setting is available only if ‘Enable impersonated domain protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targeteduserprotectionaction", + "title": "Apps:mdo_targeteduserprotectionaction", + "desc": "\n This setting specifies the action to take on detected user impersonation messages.\n
    \n
    \n If a message is detected from an impersonated user, no default action will be taken. We recommend quarantining the message.\n
    \n
    \n Whenever you select ‘Quarantine the message’, a ‘Select quarantine policy’ box is available.\n
    \n Quarantine policies define who is allowed to do to quarantined messages.\n
    \n
    \n This setting is available only if ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_targetedusersprotection", + "title": "Apps:mdo_targetedusersprotection", + "desc": "\n Prevents specified internal or external email addresses from being impersonated as message senders in phishing attempts.\n
    \n By default, impersonated user protection is disabled, and no sender email addresses are covered by impersonation protection, whether in the default policy or in custom policies.\n
    \n
    \n We highly recommend adding users (message senders) in key roles. Internally, protected senders might be your CEO, CFO, and other senior leaders. Externally, protected senders could include council members or your board of directors.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_unusualcharacterssafetytips", + "title": "Apps:mdo_unusualcharacterssafetytips", + "desc": "\n This setting specifies whether to enable the safety tip that is shown to recipients for unusual characters in domain and user impersonation detections.\n
    \n
    \n When the ‘Show user impersonation unusual safety tip’ is enabled, the tip is shown to recipients in messages where the sender's name or email address contains characters that are not typically used together, such as a mix of mathematical symbols and plain text or a mix of uppercase and lowercase letters.\n
    \n
    \n Example tip:\n
    \n ‘The email address MARY@CoNTᴏSO.CᴏM includes unexpected letters or numbers. We recommend you do not interact with this message.’\n
    \n
    \n This setting is available only if the ‘Enable impersonated user protection’ setting is configured properly.\n ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_spam_notifications_only_for_admins", + "title": "Apps:mdo_spam_notifications_only_for_admins", + "desc": "In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against spam (junk email) by EOP. Configure Exchange Online Spam Policies to copy emails and notify someone when a sender in the organization has been blocked for sending spam emails.

    Note: Audit and Remediation guidance may focus on the Default policy however, if a Custom Policy exists in the organization's tenant, then ensure the setting is set as
    outlined in the highest priority policy listed.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safeattachmentpolicy", + "title": "Ensure Safe Attachments policy is enabled", + "desc": "

    The Safe Attachments policy helps protect users from malware in email attachments by
    scanning attachments for viruses, malware, and other malicious content. When an email
    attachment is received by a user, Safe Attachments will scan the attachment in a secure
    environment and provide a verdict on whether the attachment is safe or not.

    Rationale:
    Enabling Safe Attachments policy helps protect against malware threats in email
    attachments by analyzing suspicious attachments in a secure, cloud-based environment
    before they are delivered to the user's inbox. This provides an additional layer of
    security and can prevent new or unseen types of malware from infiltrating the
    organization's network.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "label": "fix" + }, + { + "data": "Delivery of email with attachments may be delayed while scanning is occurring.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "

    100% of users are affected by policies that are configured securely 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_safelinksforOfficeApps", + "title": "Apps:mdo_safelinksforOfficeApps", + "desc": "Enabling Safe Links policy for Office applications allows URL's that exist inside of Office documents and email applications opened by Office, Office Online and Office mobile to be processed against Defender for Office time-of-click verification and rewritten if required.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Built-In Protection Policy - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_antiphishingpolicies", + "title": "Ensure that an anti-phishing policy has been created", + "desc": "By default, Office 365 includes built-in features that help protect users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view to fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

    Rationale: Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.", + "impact": 0.3, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 3 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "label": "fix" + }, + { + "data": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Office365 AntiPhish Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Apps:mdo_blockmailforward", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "desc": "

    Exchange Online offers several methods of managing the flow of email messages.
    These are Remote domain, Transport Rules, and Anti-spam outbound policies. These
    methods work together to provide comprehensive coverage for potential automatic
    forwarding channels:

    • Outlook forwarding using inbox rules
    • Outlook forwarding configured using OOF rule
    • OWA forwarding setting (ForwardingSmtpAddress)
    • Forwarding set by the admin using EAC (ForwardingAddress)
    • Forwarding using Power Automate / Flow

    NOTE:

    • In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically.
    • Any exclusions should be implemented based on organizational policy.

    Rationale:
    Attackers often create these rules to exfiltrate data from your tenancy, this could be
    accomplished via access to an end-user account or otherwise. An insider could also use
    one of these methods as an secondary channel to exfiltrate sensitive data.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Apps" + ], + "maxScore": [ + 5 + ], + "rank": [ + 10 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Data Exfiltration", + "Account breach" + ] + ], + "services": [ + "MDO" + ], + "userImpacts": [ + "Unknown" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "label": "fix" + }, + { + "data": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "

    100% of users are affected by policies that are configured less securely than is recommended 

    • Default - 1 users (100%) 
    ", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:IntegratedApps", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "desc": "To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher.", + "impact": 0.4, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 4 + ], + "rank": [ + 35 + ], + "tiers": [ + "Defense In Depth" + ], + "threats": [ + [ + "Data Exfiltration", + "Data Spillage" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "label": "fix" + }, + { + "data": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You have no user consent policy in place.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:PWAgePolicyNew", + "title": "Identity:PWAgePolicyNew", + "desc": "Research has found that when periodic password resets are enforced, passwords become less secure. Users tend to pick a weaker password and vary it slightly for each reset. If a user creates a strong password (long, complex and without any pragmatic words present) it should remain just as strong in the future as it is today. It is Microsoft's official security position to not expire passwords periodically without a specific reason, and recommends that cloud-only tenants set the password policy to never expire.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "Your current policy is set to let passwords expire.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:SelfServicePasswordReset", + "title": "Identity:SelfServicePasswordReset", + "desc": "With self-service password reset in Microsoft Entra ID, users no longer need to engage help desk to reset passwords. This feature works well with Microsoft Entra ID dynamically banned passwords, which prevents easily guessable passwords from being used.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 0 users who don't have self-service password reset enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:BlockLegacyAuthentication", + "title": "Enable Conditional Access policies to block legacy authentication", + "desc": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multifactor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.", + "impact": 0.8, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 8 + ], + "rank": [ + 68 + ], + "tiers": [ + "Advanced" + ], + "threats": [ + [ + "Password Cracking", + "Account Breach" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Moderate" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "label": "fix" + }, + { + "data": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 1 users that don't have legacy authentication blocked.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:MFARegistrationV2", + "title": "Identity:MFARegistrationV2", + "desc": "Multifactor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 out of 1 users that aren’t registered with MFA.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:AdminMFAV2", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "desc": "

    Requiring multifactor authentication (MFA) for administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, your entire organization is exposed. At a minimum, protect the following roles: 

    • Global administrator 
    • Authentication administrator 
    • Billing administrator 
    • Conditional Access administrator 
    • Exchange administrator 
    • Helpdesk administrator 
    • Security administrator 
    • SharePoint administrator 
    • User administrator 
    ", + "impact": 1, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ], + "category": [ + "Identity" + ], + "maxScore": [ + 10 + ], + "rank": [ + 1 + ], + "tiers": [ + "Core" + ], + "threats": [ + [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ] + ], + "services": [ + "AzureAD" + ], + "userImpacts": [ + "Low" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "label": "fix" + }, + { + "data": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 out of 1 users with administrative roles that aren’t registered and protected with MFA.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:SigninRiskPolicy", + "title": "Identity:SigninRiskPolicy", + "desc": "Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for multifactor authentication (MFA).", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 of 1 users that don't have the sign-in risky policy turned on.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:UserRiskPolicy", + "title": "Identity:UserRiskPolicy", + "desc": "With the user risk policy turned on, Microsoft Entra ID detects the probability that a user account has been compromised. As an administrator, you can configure a user risk Conditional Access policy to automatically respond to a specific user risk level. For example, you can block access to your resources or require a password change to get a user account back into a clean state.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "passed", + "code_desc": "You have 0 users out of 1 that do not have user risk policy enabled.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:OneAdmin", + "title": "Identity:OneAdmin", + "desc": "

    Having more than one global administrator helps if you are unable to fulfill the needs or obligations of your organization. It's important to have a delegate or an emergency account someone from your team can access if necessary. It also allows admins the ability to monitor each other for signs of a breach.

    Note:

    According to CIS O365 Benchmark 2.0.0, the suggestion is to have between two to four global admins. Currently, the condition to comply is to have more than one global administrator - This security recommendation will be updated accordingly to CIS benchmark in the future.

    Rationale:

    If there is only one global tenant administrator, he or she can perform malicious activity without the possibility of being discovered by another admin. If there are numerous global tenant administrators, the more likely it is that one of their accounts will be successfully breached by an external attacker.

    ", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You currently have 1 global admins.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + }, + { + "id": "Identity:RoleOverlap", + "title": "Identity:RoleOverlap", + "desc": "Ensure that your administrators can accomplish their work with the least amount of privilege assigned to their account. Assigning users roles like Password Administrator or Exchange Online Administrator, instead of Global Administrator, reduces the likelihood of a global administrative privileged account being breached.", + "impact": 0.5, + "refs": [], + "tags": { + "nist": [ + "SA-11", + "RA-5" + ] + }, + "source_location": {}, + "descriptions": [ + { + "data": "", + "label": "fix" + }, + { + "data": "", + "label": "rationale" + } + ], + "results": [ + { + "status": "failed", + "code_desc": "You have 0 users with least privileged administrative roles.", + "start_time": "2024-01-01T00:00:00Z" + } + ] + } + ], + "sha256": "e34570699cb31e407b8e8444d1db0d5b0a12614b69ee9b5ba5e8b1068b556907" + } + ], + "passthrough": { + "auxiliary_data": [ + { + "name": "Microsoft Secure Score", + "data": { + "reportId": "12345678-1234-1234-1234-1234567890abcd_2024-01-01", + "tenantId": "12345678-1234-1234-1234-1234567890abcd", + "profiles": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScoreControlProfiles", + "@odata.nextLink": "https://graph.microsoft.com/v1.0/security/secureScoreControlProfiles?$skiptoken=00000000-0000-0000-0000-00000000", + "value": [ + { + "id": "aad_admin_accounts_separate_unassigned_cloud_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/add-users?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure Administrative accounts are separate and cloud-only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    1. Navigate to Microsoft 365 admin center
    2. Click to expand Users select Active users.
    3. Sort by the Licenses column.
    4. For each user account in an administrative role verify the following:
    The account is Cloud only (not synced)
    The account is assigned a license that is not associated with applications i.e. (Microsoft Entra ID P1, Microsoft Entra ID P2)

    ", + "remediationImpact": "Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.", + "service": "AzureAD", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_admin_consent_workflow", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings", + "controlCategory": "Apps", + "title": "Ensure the admin consent workflow is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center, Select Admin Centers, and Microsoft Entra ID.
    2. Select Enterprise applications from the Azure Navigation pane.
    3. Under Security select Consent and permissions.
    4. Under Manage select Admin consent settings and set Users can request admin consent to apps they are unable to consent to Yes.
    5. Under the Reviewers choose the Roles, Groups that you would like to review user generated app consent requests.
    6. Select Save at the top of the window.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_custom_banned_passwords", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection", + "controlCategory": "Apps", + "title": "Ensure custom banned passwords lists are used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Create a custom banned password list:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Protect & Secure > Authentication methods
    3. Select Password protection
    4. Set Enforce custom list to Yes
    5. In Custom banned password list create a list using suggestions outlined in this document.
    6. Click Save

    NOTE: Below is a list of examples that can be used as a starting place. Check the references section for more.

    • Brand names
    • Product names
    • Locations, such as company headquarters
    • Company-specific internal terms
    • Abbreviations that have specific company meaning
    ", + "remediationImpact": "

    If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.

    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_limited_administrative_roles", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps", + "controlCategory": "Apps", + "title": "Ensure 'Microsoft Azure Management' is limited to administrative roles", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable Microsoft Azure Management restrictions:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click expand Protection > Conditional Access select Policies.
    3. Click New Policy and then name the policy.
    4. Select Users > Include > All Users
    5. Select Users > Exclude > Directory roles and select only administrative roles (See below).
    6. Select Cloud apps or actions > Select apps > Select then click the box next to Microsoft Azure Management.
    7. Click Select.
    8. Select Grant > Block access and click Select.
    9. Ensure Enable Policy is On then click Create.

    WARNING: Exclude Global Administrator at a minimum to avoid being locked out. Report-only is a good option to use when testing any Conditional Access policy for the first time.

    Below is an example list of Administrator roles that could be excluded:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    Default Value:

    No - Non-administrators can access the Microsoft Entra ID administration portal.

    ", + "remediationImpact": "

    Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:

    • Classic deployment model APIs
    • Azure PowerShell
    • Azure CLI
    • Azure DevOps
    • Azure Data Factory portal
    • Azure Event Hubs
    • Azure Service Bus
    • Azure SQL Database
    • SQL Managed Instance
    • Azure Synapse
    • Visual Studio subscriptions administrator portal
    • Microsoft IoT Central
    ", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_linkedin_connection_disables", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/linkedin-integration", + "controlCategory": "Apps", + "title": "Ensure 'LinkedIn account connections' is disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To disable LinkedIn account connections:

    1. Navigate to Microsoft Entra ID admin center https://entra.microsoft.com/
    2. Click to expand Microsoft Entra ID > Users select User settings.
    3. Under LinkedIn account connections select No.
    4. Click Save at the top of the page.
    ", + "remediationImpact": "Users will not be able to sync contacts or use LinkedIn integration.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_managed_approved_public_groups_only", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide#microsoft-365-groups", + "controlCategory": "Apps", + "title": "Ensure that only organizationally managed/approved public groups exist", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    In the Microsoft 365 Administration portal, go to:

    1. Teams & groups -> Active teams & groups. 
    2. For each group, under Settings, make sure Privacy is set to 'Private'.


    ", + "remediationImpact": "If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_password_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations", + "controlCategory": "Apps", + "title": "Ensure password protection is enabled for on-prem Active Directory", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To setup Microsoft Entra ID Password Protection, use the following steps: 

    1. Download and install the Microsoft Entra ID Password Proxies and DC Agents from the following location: https://www.microsoft.com/download/details.aspx?id=57071
    2. After the installation is complete, login to https://admin.microsoft.com as a Global Administrator.
    3. Go to Admin centers and click on Microsoft Entra ID.
    4. Select Microsoft Entra ID then Security on the left side navigation followed by Authentication methods.
    5. Select Password protection and toggle Enable password protection on Windows Server Active Directory to Yes and Mode to Enforced
    6. Click Save at the top of the right pane.


    ", + "remediationImpact": "The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_phishing_MFA_strength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy", + "controlCategory": "Apps", + "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To create a phishing-resistant MFA CA policy for users in administrative roles:

    1. Navigate to the Microsoft Entra ID admin center https://entra.microsoft.com.
    2. Click to expand Microsoft Entra ID > Applications select Enterprise Applications.
    3. Under Security, select Conditional Access.
    4. Click New policy.
    5. Go to Users > Users and groups > Include > Select users and groups > Directory roles
    6. Add at least the Directory roles listed after these steps.
    7. Select Cloud apps or actions > All cloud apps (and don't exclude any apps).
    8. Grant > Grant Access with Require authentication strength (Preview): Phishing-resistant MFA
    9. Click 'Select'
    10. Set Enable policy to Report-only and click Create

    At minimum these directory roles should be included for the policy:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator

    WARNING: Ensure administrators are pre-registered with strong authentication before enforcing the policy. After which the policy must be set to “On”.

    ", + "remediationImpact": "If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Password Cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_sign_in_freq_session_timeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aad.portal.azure.com/#view/Microsoft_AAD_ConditionalAccess/PolicyBlade", + "controlCategory": "Apps", + "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To configure Sign-in frequency and browser sessions persistence for Administrative users:

    1. Navigate to Microsoft Entra admin center https://entra.microsoft.com/.
    2. Click to Protection > Conditional Access.
    3. Click New policy
    4. Click Users and groups
    5. Under Include select Select users and groups and then select Directory roles.
    6. At a minimum, select the roles in the section below:
    7. Go to Target resources > Cloud apps > Include > select All cloud apps (and don't exclude any apps).
    8. Under Access controls > Grant > select Grant access > check Require multi-factor authentication (and nothing else).
    9. Under Session select Sign-in frequency and set to at most 4 hours for E3 tenants. E5 tenants with PIM can be set to a maximum value of 24 hours.
    10. Check Persistent browser session then select Never persistent in the drop-down menu.
    11. For Enable Policy select On and click Save


    At minimum these directory roles should be included for MFA:

    • Application administrator
    • Authentication administrator
    • Billing administrator
    • Cloud application administrator
    • Conditional Access administrator
    • Exchange administrator
    • Global administrator
    • Global reader
    • Helpdesk administrator
    • Password administrator
    • Privileged authentication administrator
    • Privileged role administrator
    • Security administrator
    • SharePoint administrator
    • User administrator
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "aad_third_party_apps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/enterprise/integrated-apps-and-azure-ads?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure third party integrated applications are not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "
    1. In the Microsoft 365 Admin Center Select Admin Centers and Microsoft Entra ID.
    2. Select Users from the Azure navigation pane
    3. Select Users settings.
    4. Set App registrations is set to No.
    5. Click Save.
    ", + "remediationImpact": "None.", + "service": "AzureAD", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSCertificateTemplateEnrolementSuppliesSubject", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc1", + "controlCategory": "Identity", + "title": "Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1. Disable the “Supply in the request” configuration.
    2. Remove EKU’s enabling user authentication (e.g Client Authentication).
    3.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    4.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings can lead to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSInsecureCertificateEnrollmentIisEndpoints", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8IIS", + "controlCategory": "Identity", + "title": "Edit insecure certificate enrollment IIS endpoints (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "For each endpoint, follow these steps:
    1. Determine whether the endpoint is necessary and in regular use. If it is not used, it is advisable to disable it.
    2. Deactivate NTLM and Negotiate authentication providers for the IIS endpoint.
    3. If NTLM cannot be disabled, enable \"Require SSL\" and \"Require Extended Protection\" for the IIS endpoint.
    For more information, please refer to the security advisory in the \"Learn More\" section.", + "remediationImpact": "If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateAuthorityAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc7", + "controlCategory": "Identity", + "title": "Edit misconfigured Certificate Authority ACL (ESC7)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the misconfigured ACL entry (for example - “Manage CA” permission granted to the “authenticated users” built-in group) and remove any unnecessary permissions granting built-in groups “Mange CA” or/and “Manage certificates” permissions.", + "remediationImpact": "The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the \"Manage Certificates\" right, they can approve pending certificate requests without manager approval. With the \"Manage CA\" right, they can modify CA settings, such as adding the \"User specifies SAN\" flag, leading to a complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateAcl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4ACL", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates ACL (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template, and remove overly permissive modifications permissions (e.g. WriteProperty), which allows any user to change the settings of that certificate template.", + "remediationImpact": "Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEku", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc2", + "controlCategory": "Identity", + "title": "Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove EKU’s enabling arbitrary usage (e.g. Any purpose).
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement. ", + "remediationImpact": "Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc3", + "controlCategory": "Identity", + "title": "Edit misconfigured enrollment agent certificate template (ESC3)", + "deprecated": false, + "implementationCost": "medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Identify the vulnerable certificate template. Perform at least one of the following possible remediations:
    1.Remove enrollment agent EKU.
    2.Remove overly permissive enrollment permissions, which allows any user to enroll certificate based on that certificate template.
    3.Enable “CA certificate manager approval” requirement.", + "remediationImpact": "Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredCertificateTemplateOwner", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc4", + "controlCategory": "Identity", + "title": "Edit misconfigured certificate templates owner (ESC4)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "Edit misconfigured certificate templates owner (ESC4)", + "remediationImpact": "Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSMisconfiguredRpcEnrollmentSigning", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc8", + "controlCategory": "Identity", + "title": "Enforce encryption for RPC certificate enrollment interface (ESC8)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To require packet encryption for RPC enrollment, execute the following command and then restart the certsvc service: \ncertutil -setreg CA\\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST\nnet stop certsvc & net start certsvc", + "remediationImpact": "An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "medium", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ADCSSanSpecifiedByUserEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/mdiesc6", + "controlCategory": "Identity", + "title": "Edit vulnerable Certificate Authority setting (ESC6)", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "To disable “user specifying SAN” setting, execute the following command and then restart the certsvc service: \ncertutil -setreg policy\\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2 \nnet stop certsvc & net start certsvc", + "remediationImpact": "When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_AdminSDHolder", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmsdholder", + "controlCategory": "Identity", + "title": "Remove access rights on suspicious accounts with the Admin SDHolder permission", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review the list of exposed entities to discover which of your non-sensitive accounts have the Admin SDHolder permission.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_ClearText", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123179", + "controlCategory": "Identity", + "title": "Stop clear text credentials exposure", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why those entities are using LDAP in clear text.
    3. Remediate the issues and stop the exposure.
    4. After confirming remediation, we recommend you configure the requirement of domain controller level LDAP signing.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of clear text authentication may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DefenderForIdentityIsNotInstalled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=sensor", + "controlCategory": "Identity", + "title": "Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 59, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DomainControllerLocalUsers", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmt0assets", + "controlCategory": "Identity", + "title": "Remove local admins on identity assets", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 65, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have local admin rights on your identity assets.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_DormantAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123908", + "controlCategory": "Identity", + "title": "Remove dormant accounts from sensitive groups", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your sensitive accounts are dormant..
    2. Take appropriate action on those entities by removing their privileged access rights or by deleting the account.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these dormant privileges may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_EntitiesWithOldPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmoldpw", + "controlCategory": "Identity", + "title": "Manage accounts with passwords more than 180 days old", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have a password more than 180 days old.
    2. Take appropriate action on those entities either by making them change their password or restricting their access to sensitive resources. To achieve the full score,remediate all exposed entities.", + "remediationImpact": "Passwords more than 180 days old increase vulnerability to password attacks, heighten the risk of credential theft, may lead to non-compliance with security standards, reduce accountability and user awareness, and impede incident response efforts in case of a security breach.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_HoneyToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=entityTags", + "controlCategory": "Identity", + "title": "Set a honeytoken account", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 61, + "remediation": "Go to the Honeytoken Settings page >, and set at least one honeytoken account.​", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_KerberosDelegations", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123722", + "controlCategory": "Identity", + "title": "Modify unsecure Kerberos delegations to prevent impersonation", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your non-domain controller entities are configured for unsecure Kerberos delegation.
    2. Take appropriate action on those at-risk users, such as removing their unconstrained attribute or changing it to a more secure constrained delegation.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_NonAdminDCSyncAccounts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://aka.ms/ispmdcsync", + "controlCategory": "Identity", + "title": "Remove non-admin accounts with DCSync permissions ", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 66, + "remediation": "1. Review this list of exposed entities to discover which of your accounts have DCSync permissions and are also non-domain admins.
    2. Take appropriate action on those entities by removing their privileged access rights. To achieve the full score, remediate all exposed entities.", + "remediationImpact": "Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "high", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PathRisk", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123182", + "controlCategory": "Identity", + "title": "Reduce lateral movement path risk to sensitive entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "Review this security control list of exposed entities displaying sensitive entities with lateral movement paths risk with recommended actions on how to reduce the number of non-sensitive accounts for each path.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PrintSpooler", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123723", + "controlCategory": "Identity", + "title": "Disable Print spooler service on domain controllers", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities to discover which of your domain controllers has the Print spooler service enabled.
    2. Take appropriate action on the at-risk domain controllers and actively remove the Print spooler service either manually, through group policy or other types of remote commands. Make sure to investigate your Print spooler settings, configurations and dependencies before disabling this service and preventing active printing workflows.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_PwdLAPS", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123725", + "controlCategory": "Identity", + "title": "Protect and manage local admin passwords with Microsoft LAPS", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of domains and devices not configured for Microsoft LAPS.
    2. Deploy Microsoft LAPS to actively manage the local administrator password of your devices. This is done through Active Directory along with Group Policy client- side extensions that will be installed on each Windows operating system.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Sensor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2117505", + "controlCategory": "Identity", + "title": "Install Defender for Identity Sensor on all Domain Controllers", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 60, + "remediation": "Go to the sensor page in Settings, you can view the already installed sensors in your environment and download the install package to deploy them on your remaining domain controllers.
    You will be scored as a precentage of your deployment progress.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_SIDHistory", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123183", + "controlCategory": "Identity", + "title": "Remove unsecure SID history attributes from entities", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure SID history attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of SID history entries may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureAccount", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123364", + "controlCategory": "Identity", + "title": "Resolve unsecure account attributes", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities that has unsecure account attributes.
    2. Take appropriate action on those entities by removing their unsecure settings.
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_UnsecureDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2196300", + "controlCategory": "Identity", + "title": "Resolve unsecure domain configurations", + "deprecated": false, + "implementationCost": "high", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 60, + "remediation": "1. Review this security control list of exposed domains that have unsecure configurations.
    2. Take appropriate action on those domains by remediating their unsecure settings. To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of unsecure account configurations may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_Vpn", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/settings/identities?tabid=radius", + "controlCategory": "Identity", + "title": "Configure VPN integration", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 63, + "remediation": "Go to the Settings page >, and configure the VPN radius accounting to enable VPN based detections.", + "remediationImpact": "Unknown", + "service": "Azure ATP", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AATP_WeakCipher", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2123721", + "controlCategory": "Identity", + "title": "Stop weak cipher usage", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 67, + "remediation": "1. Review this security control list of exposed entities.
    2. Research why the identified clients and servers are using weak ciphers.
    3. Remediate the issues and disable use of RC4 and/or other weak ciphers (such as DES/3DES).
    To achieve a full score, you must remediate all exposed entities.", + "remediationImpact": "A user or an application that relies on these types of weak ciphers may stop functioning.", + "service": "Azure ATP", + "threats": [], + "tier": "Core", + "userImpact": "low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "admincenter_owned_apps_and_services", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-addins-in-the-admin-center?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure 'User owned apps and services' is restricted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Office Store add-ins and starting 365 trials:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. Click to expand Settings Select Org settings.
      3. Under Services select User owned apps and services.
      4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization.
      5. Click Save.

    Note - Due to temporary limitations, only \"Let users access the Office Store\" will be taken into account in scoring this control. It is suggested to uncheck both settings for the sake of better posture.

    ", + "remediationImpact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", + "service": "Admincenter", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AdminMFAV2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Ensure multifactor authentication is enabled for all users in administrative roles", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 10, + "rank": 1, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right MFA method for your organization in the Microsoft 365 admin center. Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    5. Keep track of your admin’s progress of registering authentication methods by going to Microsoft Entra ID > Security > Authentication methods > User registration details (requires Microsoft Entra ID Premium P1 or P2 licenses). Go to User registration details 
    ", + "remediationImpact": "First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach", + "Elevation of Privilege" + ], + "tier": "Core", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_regulate_access_to_sensitive_data", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate cloud app access to sensitive data", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 9, + "remediation": "\n In app governance, open the predefined policy \"Access to sensitive data\" and activate it.\n
    \n
    \n You can edit the predefined policy to specify an action and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "AppG_unusual_activity_with_priority_account", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/app-governance?viewid=policies&objid=true&filter=%7B%22source%22:%5B%22Predefined%22%5D%7D", + "controlCategory": "Apps", + "title": "Regulate apps with priority account consent", + "deprecated": false, + "implementationCost": "low", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "\n In app governance, open the predefined \"Unusual activity from an app with priority account consent\" policy and activate it.\n
    \n
    \n While you have the policy open, you can add an action to take on unused apps and add exceptions.\n ", + "remediationImpact": "Unknown", + "service": "AppG", + "threats": [], + "tier": "Core", + "userImpact": "moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "BlockLegacyAuthentication", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095010", + "controlCategory": "Identity", + "title": "Enable Conditional Access policies to block legacy authentication", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 68, + "remediation": "
    1. We provide step-by-step guidance to select and enable the right method to block legacy authentication for your organization in the Microsoft 365 admin center (part of the MFA wizard). Go to the Microsoft 365 MFA wizard 
    2. If you would like to perform the implementation yourself, first check what Microsoft Entra ID license you have under “Prerequisites” in Microsoft Secure Score or see your license type under \"Basic information\" in the Microsoft Entra ID Overview
    3. If you’ve invested in Microsoft Entra ID Premium P1 or P2 licenses, you can create a Conditional Access policy from scratch or by using a template. Follow these steps to create a Conditional Access policy from scratch or by using a template 
    4. If you would like to perform the implementation yourself and you’re using Microsoft Entra ID Free, turn on security defaults. Note: Security defaults and Conditional Access can’t be used side by side. Enable security defaults 
    ", + "remediationImpact": "Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.", + "service": "AzureAD", + "threats": [ + "Password Cracking", + "Account Breach" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "CustomerLockBoxEnabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2095515", + "controlCategory": "Apps", + "title": "Ensure the customer lockbox feature is enabled", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 127, + "remediation": " Turn on customer lockbox by:
    1. Using a work or school account that has either the global administrator or the Customer Lockbox access approver role assigned, go to https://admin.microsoft.com and sign in.
    2. Choose Settings > Org Settings.
    3. Select Security & Privacy > Customer Lockbox > Edit, and then move the toggle to On or Off to turn the feature on or off.
    ", + "remediationImpact": "Until the request is approved, the Microsoft engineer will not be granted access to customer data.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Data Deletion", + "Data Spillage" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "dlp_datalossprevention", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://compliance.microsoft.com/datalossprevention?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Data", + "title": "Ensure DLP policies are enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "\n Ensure that at least one Microsoft 365 DLP policy exists in the Microsoft 365 Compliance portal\n
    \n Learn more\n \n ", + "remediationImpact": "Unknown", + "service": "MIP", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_individualsharing", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/sharing", + "controlCategory": "Apps", + "title": "Ensure 'External sharing' of calendars is not available", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "
      \n
    1. In the Microsoft 365 Exchange admin center, go to Organization > Sharing.
      2. \n
    2. Under Individual Sharing, make sure all policies are unticked.
      3. \n
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailboxaudit", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure mailbox auditing for all users is Enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable mailbox auditing for all users:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:
      Set-OrganizationConfig -AuditDisabled $false
    3. For each unconfigured MailBox of type Resource Mailboxes, Public Folder Mailboxes or DiscoverySearch Mailbox run:
      Get-Mailbox -Filter \"Name -eq 'MailBox name'\" | Set-Mailbox -AuditEnabled $true
    ", + "remediationImpact": "Unknown", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_mailtipsenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/mailtips/mailtips", + "controlCategory": "Apps", + "title": "Ensure MailTips are enabled for end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable MailTips, use the Exchange Online PowerShell Module:

    1. Run Microsoft Exchange Online PowerShell Module
    2. Connect using "Connect-ExchangeOnline"
    3. Run the following PowerShell command:

    Set-OrganizationConfig -MailTipsAllTipsEnabled $true -MailTipsExternalRecipientsTipsEnabled $true -MailTipsGroupMetricsEnabled $true -MailTipsLargeAudienceThreshold '25'


    ", + "remediationImpact": "Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_oauth2clientprofileenabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online?redirectSourcePath=%252fen-us%252farticle%252fenable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662", + "controlCategory": "Apps", + "title": "Ensure modern authentication for Exchange Online is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To enable modern authentication, use the Exchange Online PowerShell Module:

    1. Run the Microsoft Exchange Online PowerShell Module.
    2. Connect to Exchange Online using \"Connect-ExchangeOnline.\"
    3. Run the following PowerShell command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    ", + "remediationImpact": "Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_outlookaddins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure users installing Outlook add-ins is not allowed", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To prohibit users installing Outlook add-ins:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Roles select User roles.
    3. Select Default Role Assignment Policy.
    4. In the properties pane on the right click on Manage permissions.
    5. Under Other roles uncheck My Custom Apps, My Marketplace Apps and My ReadWriteMailboxApps.
    6. Click Save changes.

    Note - This security control will take into account only the default policy. It is suggested to set the above for all the policies.

    ", + "remediationImpact": "Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps

    ", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_SPF_records_for_all_domains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-worldwide", + "controlCategory": "Apps", + "title": "Ensure that SPF records are published for all Exchange Domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    follow the instructions on Set up SPF to help prevent spoofing - Office 365 | Microsoft Learn 

    ", + "remediationImpact": "None.", + "service": "EXO", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_storageproviderrestricted", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.microsoft.com/en-us/topic/3rd-party-cloud-storage-services-supported-by-office-apps-fce12782-eccc-4cf5-8f4b-d1ebec513f72", + "controlCategory": "Apps", + "title": "Ensure additional storage providers are restricted in Outlook on the web", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Restrict additional storage providers are restricted using PowerShell:

    1. Connect to Exchange Online using Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false
    3. Run the following Powershell command to verify that the value is now False:

      Get-OwaMailboxPolicy | Format-Table Name, AdditionalStorageProvidersAvailable
    ", + "remediationImpact": "Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so", + "service": "EXO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "exo_transportrulesallowlistdomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://admin.exchange.microsoft.com/#/transportrules", + "controlCategory": "Apps", + "title": "Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    To modify SCL in mail transport rules so they do not allow any specific domains:

    1. Navigate to Exchange admin center https://admin.exchange.microsoft.com.
    2. Click to expand Mail Flow and then select Rules.
    3. For each rule that allows specific domains, set the spam confident level (SCL) to 0 or greater.
      • In \"Do the following\" section, select \"Modify the message properties\" and \"set the spam confidence level (SCL)\" and set to at least 0 (specifying the action for this domain, read more in the references attached below, some options may entirely block mail from this domain).

    References:

    1. Spam confidence level | Microsoft Learn
    2. Best practices for configuring mail flow rules in Exchange Online | Microsoft Learn
    3. Mail flow rules (transport rules) in Exchange Online | Microsoft Learn
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain", + "service": "EXO", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "forms_phishing_protection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-US/microsoft-forms/review-unblock-forms-users-detected-blocked-potential-phishing", + "controlCategory": "Apps", + "title": "Ensure internal phishing protection for Forms is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To enable internal phishing protection for Forms:

    1. Navigate to Microsoft 365 admin center https://admin.microsoft.com.
    2. 2. Click to expand Settings then select Org settings.
      3. Under Services select Microsoft Forms.
      4. Click the checkbox labeled Add internal phishing protection under Phishing protection.
      5. Click Save.
    ", + "remediationImpact": "If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.", + "service": "FORMS", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "IntegratedApps", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://go.microsoft.com/fwlink/?linkid=2119526", + "controlCategory": "Identity", + "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 35, + "remediation": "
    1. Go to Microsoft Entra ID > Enterprise applications > Consent and permissions. Go to Consent and permissions 
    2. Select “Allow user consent for apps from verified publishers, for selected permissions (Recommended)“ to follow Microsoft’s best practice. Learn more 
    3. Configure the low-impact permissions that users are allowed to consent to. Click “Select permissions to classify as low impact”. Learn more 
    4. Optionally, you can help your users to consent to apps that require admin consent by setting up the admin consent workflow. This step is recommended but not required to get full score. Learn how to configure the admin consent workflow 
    ", + "remediationImpact": "When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.", + "service": "AzureAD", + "threats": [ + "Data Exfiltration", + "Data Spillage" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_AV_firewall_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that devices connecting have AV and a local firewall enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that devices connecting have AV and a local firewall enabled, use the Microsoft Intune admin center

    1. Select Endpoint Manager under Admin Centers
    2. Select Devices, then under Policy select Compliance Policies.
    3. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate machine (PC/MAC) Platform.
      2. Click on the policy name.
      3. Under Configuration settings click Edit.
      4. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    4. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. Under Device Security set the values for Firewall, Antivirus, and Antispyware all to Require (Depending on the platform chosen, some configurations may be hidden). 
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_conection_from_jail_broken_rooted_devices", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that users cannot connect from devices that are jail broken or rooted", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that users cannot connect from devices that are jail broken or rooted, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Compliance Policies.
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform.
      2. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block
    3. In case there are existing policies -
      1. Under Settings and Device Health ensure that Jailbroken devices (for iOS devices) or Rooted devices (for Android devices) are set to Block

    To comply, all relevant mobile policies should be set this way.", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_advanced_security_configuration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are set to require advanced security configurations", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles 
    2. Select Create profile to create a new profile.
    3. Select the appropriate Platform (iOS or Android).
      • Choose, based on your organization's needs, the desired settings from the configuration screens.
      • Note that the condition to comply is the mere existence of such profile, the specific settings should be decided according to your organization's needs.
    4. To comply, there should be at least one configuration policy for mobile devices.
    5. It is suggested to create two policies for both iOS and Android.
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_alphanumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Type = Alphanumeric)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device complex password profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Required password type is set to Alphanumeric
    3. If the are existing policies, per each policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Required password type is set to Alphanumeric

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_complex_password_simple_password_blocked", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose MacOS in the Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Simple Passwords is set to Blocked
    3. If there are existing policies, per each MacOS policy -
      1. Click on the policy name.
      2. Under Configuration settings click Edit.
      3. In the Password section, ensure that Simple Passwords is set to Blocked

    Note: this setting is only for MacOS policies.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_encryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Encryption is set to Require
    3. If the are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Encryption is set to Require

    Note: To comply, there should be at least one device configuration for Android with device password encryption.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_device_lock_after_inactivity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure devices lock after a period of inactivity to prevent unauthorized access", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center:

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Profile.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that -
        1. For iOS/Mac devices - Maximum minutes after screen lock before password is required is set to Immediately.
        2. For all other types of devices Maximum minutes of inactivity until screen lock is set to 5
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_email_profiles_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile device management policies are required for email profiles - iOS/iPadOS only", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Compliance policies
    2. For all the policies that are applied to \"iOS/iPadOS\" complete the following
      1. Select the policy by clickin on its name.
      2. Under Manage select Properties
      3. Select Edit next to Compliance settings
      4. Under Email ensure that Unable to set up email on the device is set to Require
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_minimum_password_length", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices require a minimum password length to prevent brute force attacks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices require a complex password, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Minimum password length is set to 6.
    3. In case there are existing policies -
      1. Per each policy, in the Password section, ensure that Minimum password length is set to 6.

    Note: The required value to comply is not the default value.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_never_expires_password", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure that mobile devices are set to never expire passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure that mobile devices are set to never expire passwords:

    1. Use the Microsoft Intune admin center
    2. Select Devices, then under Policy.
    3. select Configuration profiles Review the list of profiles.
    4. From there, go to the device policies page to remove any device security policies that expire passwords.

    Note: The default configuration is sufficient.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_requirement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices require the use of a password", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device management profiles, use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and under Profile type select Device restrictions.
      2. Click on the new policy name.
      3. Under Configuration settings click Edit.
      4. In the Password section, ensure that Password is set to Require.  
    3. If there are existing policies, per each policy -
      1. Select the policy by clicking on it.
      2. Select Edit next to Configuration settings.
      3. In the Password section, ensure that Password is set to Require.  
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_mobile_password_reused_prohibited", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure", + "controlCategory": "Apps", + "title": "Ensure that mobile device password reuse is prohibited", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set mobile device password reuse is prohibited, go to the Microsoft Intune admin center

    1. Select Devices and then under Policy select Configuration profiles.
    2. If there are no configurations -
      1. select Create profile.
      2. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      3. In the Password section, ensure that Prevent reuse of previous passwords is set to 5 or above
    3. If there is existing configuration -
      1. Select the policy by clicking on its name.
      2. Click Edit next to Configuration settings.
      3. Under Password change Prevent reuse of previous passwords and set to 5 or above
    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "intune_wipe_on_multiple_signin_failures", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create", + "controlCategory": "Apps", + "title": "Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To ensure mobile devices are set to wipe on multiple sign-in failures , use the Microsoft Intune admin center

    1. Select Devices, then under Policy select Configuration profiles 
    2. If there are no policies, select Create Policy.
      1. Set a Name for the policy, choose the appropriate Platform and select Device restrictions.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.
    3. In case there are existing policies -
      1. For each policy, Select by clicking on the name.
      2. In the Password section, ensure that Number of sign-in failures before wiping device is set to 10.

    Note: This option is not available for all types of devices.

    ", + "remediationImpact": "Unknown", + "service": "Intune", + "threats": [ + "Account breach" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mcas_mda_enabled", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/defender-cloud-apps/get-started", + "controlCategory": "Apps", + "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Enable Defender for Cloud Apps by the following instructions: https://learn.microsoft.com/en-us/defender-cloud-apps/get-started

    ", + "remediationImpact": "None.", + "service": "MCAS", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": null, + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCloudAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/discovery/create", + "controlCategory": "Apps", + "title": "Create an app discovery policy to identify new and trending cloud apps in your org ", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 75, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the App discovery policy page.
    2. Select the policy severity.
    3. Select filters according to your business requirements, then select the reports this policy will apply to.
    4. (Optional) Configure alerts settings such as email and text messages notifications.
    5. (Optional) Configure governance actions to tag apps.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasCutomActivityPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/activity/create", + "controlCategory": "Apps", + "title": "Create a custom activity policy to get alerts about suspicious usage patterns", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 80, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Create activity policy page.
    2. Select the policy severity.
    3. Configure filters according to your business requirements.
    4. (Optional) Configure alert settings such as email and text message notifications.
    5. (Optional) Configure governance actions as required.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Advanced", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasFirewallLogUpload", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/settings?tabid=discovery-autoUpload", + "controlCategory": "Apps", + "title": "Deploy a log collector to discover shadow IT activity", + "deprecated": false, + "implementationCost": "Moderate", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 82, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the Automatic log upload page.
    2. In the Data sources tab, select Add data source to create a data source for your appliance.
    3. In the Log collector tab, select Add log collector to add a new one.
    4. Follow the instructions provided to deploy Docker and the log collector container.
    ", + "remediationImpact": "This change has no known impact on your users.", + "service": "MCAS", + "threats": [ + "Data Exfiltration" + ], + "tier": "Advanced", + "userImpact": "Low", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "McasOAuthAppNotification", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/cloudapps/policy/app-permission/create", + "controlCategory": "Apps", + "title": "Create an OAuth app policy to notify you about new OAuth applications", + "deprecated": false, + "implementationCost": "Low", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 57, + "remediation": "
    1. In the Defender for Cloud Apps portal, go to the OAuth app policy page.
    2. Select the policy severity and application (if relevant).
    3. Select filters according to your business requirements.
    4. (Optional) Configure alerts settings such as email and text message notifications.
    5. (Optional) Configure governance actions to revoke the app.
    ", + "remediationImpact": "This change will have a moderate impact on your users.", + "service": "MCAS", + "threats": [ + "Account Breach", + "Elevation of Privilege", + "Malicious Insider" + ], + "tier": "Defense In Depth", + "userImpact": "Moderate", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/enforce-two-step-verification/", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-step verification from an authentication policy:

    1. Go to admin.atlassian.com.

    2. Select your organization if you have more than one.

    3. Select Security > Authentication policies.

    4. Select Edit for the policy you want to modify.

    5. On the Settings page, select Mandatory for \"Two-step verification\".

    • All policies must be configured this way to comply.
    ", + "remediationImpact": "This setting enforces multi-factor authentication for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/configure-saml-single-sign-on/", + "controlCategory": "Apps", + "title": "Enable Single Sing On (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Copy details from your identity provider to your Atlassian organization

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Identity providers.

    3. Select your identity provider Directory.

    4. Select Set up SAML single sign-on.

    5. Add SAML details.

    6. Save SAML configuration.

    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all Atlassian users.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/update-idle-session-duration/", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To select an idle session duration from an authentication policy:

    1. Go to admin.atlassian.com. Select your organization if you have more than one.

    2. Select Security > Authentication policies.

    3. Select Edit for the policy you want to modify.

    4. On the Settings page, select length of time for Idle session duration.

    5. The value should be equal to or lower than 2 hours.
    ", + "remediationImpact": "When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_access", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App access requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Block compromised devices.
    • Require data encryption.
    • Require biometric authentication or a device passcode.
    1. Note that all the three options must be checked in order to comply.
    2. Note that the 'minimum OS version' is not mandatory for this control, but the recommendation is to set it to the latest.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_dataprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - App data protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Mark all the three options:
    • Disable sharing, saving or backing up content from the mobile app.
    • Disable screenshots and screen recording of the mobile app.
    • Disable cutting or copying content from the mobile app.
    1. Note that all the three options must be checked in order to comply.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_mobile_UsersAffected", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/security-and-access-policies/docs/mobile-policy-mam-security-controls-and-supported-apps/", + "controlCategory": "Apps", + "title": "Atlassian mobile app security - Users that are affected by policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set this policy:

    1. Go to Security and Mobile app policy in the Atlassian admin dashboard.
    2. Click on \"Create mobile app policy\" or \"edit\" (in case a policy already exists).
    3. Set the policy to apply to \"All users with access to your organization's products\"
    ", + "remediationImpact": "If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Atlassian_passwordExpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.atlassian.com/opsgenie/docs/enable-password-policies/", + "controlCategory": "Apps", + "title": "Enable Password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set this policy:

    In Atlassian admin dashboard Go to Security and Authentication policies for every policy select edit and go to \"Passwords expire every\", check it and set the day to 30 days or lower.

    ", + "remediationImpact": "See learn more link.", + "service": "MDA_Atlassian", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#two-step-verification", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Two-step verification" set the option on.
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_ForceSSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#single-sign-on-sso", + "controlCategory": "Apps", + "title": "Enable Single Sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Single sign-on / SAML 2.0 Configuration" set the option on.
    ", + "remediationImpact": "This setting enforce Single Sign On (SSO) for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Authentication" set "log inactive users out after" at least 1 hour.
    ", + "remediationImpact": "This setting enforce Session time out for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailLockoutSecs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Lockout timer", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least three hundred in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out time configuration for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_LoginFailMaxAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#login-and-security-policy", + "controlCategory": "Apps", + "title": "Enhance 'login maximum attempts' - Number of attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Login & Security Policy".
    3. In "Account lock-out configuration" and set at least five in "failed log in attempts".
    ", + "remediationImpact": "This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 8 in password minimum characters.
    ", + "remediationImpact": "This setting enforce minimum characters length for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumNumeric", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum numeric characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in number characters.
    ", + "remediationImpact": "This setting enforce minimum numeric characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_MinimumSpecialCharacters", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password minimum special characters", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 1 in special characters.
    ", + "remediationImpact": "This setting enforce minimum special characters for password for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_CitrixSF_PasswordMaxAgeDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.citrix.com/en-us/sharefile/configure/admin-settings/security.html#password-requirements", + "controlCategory": "Apps", + "title": "Enable password expiration policies", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Citrix | Share file dashboard-

    1. Go to "Settings>Admin Settings".
    2. Go to "Security>Password Requirements".
    3. In "Requirements" set at least 90 in "The password expires after".
    ", + "remediationImpact": "This setting enforce password expiry time in days for all Citrix Share File users.", + "service": "MDA_CitrixSF", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=yfn1583277328637.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Login Requirements" -
      1. Minimum password length of 9 characters.
      2. Password must include at least: 
        1. At least one uppercase character.
        2. At least one lowercase character.
        3. At least one digit.
        4. At least one special character (!, @, #...).
      3. Have a minimum password age of 8 days.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=lut1644434676152.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In DocuSign dashboard - 

    1. Go to Account > Security setting in the side panel.
    2. In Password Security, click on "Show Password Rules" button.
    3. In the pop-up window, set "Days until password expires" to 180 days.
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_DocuSign_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.docusign.com/s/document-item?language=en_US&rsc_301&bundleId=pik1583277475390&topicId=tuw1583277327743.html&_LANG=enus", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In DocuSign dashboard -

    1. Go to Account > Security setting in the side panel.
    2. Set "Web App Session Timeout (minutes)" up to 120 minutes.
    3. Set "Mobile App Session Timeout (minutes)" up to 120 minutes.
    4. " Suppress In Session Certificate Enforcement" option must be set to false.
    ", + "remediationImpact": "This setting enforce session timeout for all DocuSign web users.", + "service": "MDA_DocuSign", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Dropbox_InactiveTimeoutMins", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.dropbox.com/help/business/web-session-control", + "controlCategory": "Apps", + "title": "Enable web session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    How to require session policies for Dropbox users

    1. Sign in to dropbox.com with your admin credentials.
    2. Click Admin Console.
    3. Click Settings.
    4. Under Additional Settings, click Web session control.
    5. Set the setting next to Fixed session length to 1 week or less.
    6. It is also suggested, but not mandatory for compliance, to set the setting next to Idle session length to 30 minutes or less.
    7. Click Save changes.
    ", + "remediationImpact": "Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.", + "service": "MDA_Dropbox", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_DependencyInsights", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/changing-the-visibility-of-your-organizations-dependency-insights", + "controlCategory": "Apps", + "title": "Disable 'Allow members to view dependency insights'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to view dependency insights" option in the "Member organization permissions" section.


    ", + "remediationImpact": "This setting blocks users from seeing dependencies insights for their repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise", + "controlCategory": "Apps", + "title": "Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Verified & approved domains.
    3. Add a new domain and verify it.
    4. Check "Restrict email notifications to only approved or verified domains." option.


    ", + "remediationImpact": "This setting restricts email notifications only to verified or approved domains.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_IPallowListConfigurationForOrgResources", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization", + "controlCategory": "Apps", + "title": "Enforce IP allow list configuration for org resources", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Enable IP allow list configuration for installed GitHub Apps" option.


    ", + "remediationImpact": "This setting blocks users to login from specific IP addresses.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Security > Authentication security.
    3. Check "Require two-factor authentication" option.


    ", + "remediationImpact": "This setting enforce multi factor authentication for all GitHUb users.", + "service": "MDA_GitHub", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_OutsideCollabInvitation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators", + "controlCategory": "Apps", + "title": "Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow repository administrators to delete issues for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories admins to add outside collaborators.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PrivateRepositoryForkingSetting", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization", + "controlCategory": "Apps", + "title": "Disable private repository forking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow forking of private and internal repositories" option.


    ", + "remediationImpact": "This setting disable users to fork private repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_PublicRepoCreation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Members will be able to create public repositories, visible to anyone'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Public" option in the "Repository creation" section.


    ", + "remediationImpact": "This setting blocks users from creating public repositories.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoTransferOrDeletion", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories", + "controlCategory": "Apps", + "title": "Disable 'members with admin permissions for repositories can delete or transfer repositories'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to delete or transfer repositories for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks repositories transferring and deletion.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_RepoVisibility_change", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization", + "controlCategory": "Apps", + "title": "Disable 'Allow members to change repository visibilities for this organization'", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. In top right corner of GitHub, click your profile photo, then click Your organizations > Next to the organization, click Settings.
    2. Go to Access > Member privileges.
    3. Disable "Allow members to change repository visibilities for this organization" option in the "Admin repository permissions" section.


    ", + "remediationImpact": "This setting blocks users from changing repositories visibility (public/ private access).", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_GitHub_SAML", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on", + "controlCategory": "Apps", + "title": "Enable single sign on (SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    On GitHub Enterprise organization page-

    1. Go to Settings > Organization security
    2. Select Enable SAML authentication
    3. Fill the fields with the values found in the Admin Portal
    ", + "remediationImpact": "This setting enforce Single Sing On (SSO) for all GitHub users.", + "service": "MDA_GitHub", + "threats": [ + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Google_EnableTwoFactorAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.google.com/a/answer/175197?hl=en&fl=1&sjid=9841521343371348963-NA", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication (MFA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    Ensure password expiry policy for Google -

    1. Navigate to Google admin center - http://admin.google.com/
    2. Click Security > Password Management.
    3. Chcek Allow users to turn on 2-Step Verification.
    4. Check On under Enforcement.
    5. Click Save.

    Follow steps 3-4 for every organizational unit.

    ", + "remediationImpact": "

    Follow the guideline.

    ", + "service": "MDA_Google", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_NetDocuments_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.netdocuments.com/s/article/205220410", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in netDocuments", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "How does an organization start using federated identity with NetDocuments?

    1. In the upper-right corner, select your name > Admin > repository name. In the Navigation Pane, select Security Center Advanced Authentication.
    2. The Advanced Authentication Configuration page has a section titled Federated Identity. Choose the type of federated identity server you will use and configure it.
    3. Note: In order to comply with this control, at least 80% of the users must be using SSO.
    ", + "remediationImpact": "See learn more link.", + "service": "MDA_NetDocuments", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_EnhancedPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-policy", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional complexity requirement options.
    4. Lower case, letter Upper case, letter Number (0-9), Symbol (e.g., !@#$%^&*), Does not contain part of username, Does not contain first name and Does not contain last name.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#multifactor-mfa-enrollment-policy", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Multifactor panel.
    2. Go to \"Factor Enrollment\" and select \"Add Multifactor Policy\".
    3. Note: In order to comply, you must configure default policies as \"required\" (\"optional\" is not sufficient).
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_PasswordExpires", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#password-object", + "controlCategory": "Apps", + "title": "Password expiry requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    In Okta's dashboard - 

    1. Go to Security > Authentication panel.
    2. Under the "Password" tab. 
    3. Select "Edit" the policy and check the additional Password age options -
      1. Enforce password history for last [Minimum of 3] passwords.
      2. Minimum password age is [Minimum of one day].
      3. Password expires after [Minimum of 180 days] days.
      4. Prompt user [Minimum of five days] days before password expires.
      5. Lock out user after [Maximum of 5 attempts] unsuccessful attempts.
      6. Account is automatically unlocked after [Minimum of 15] minutes
    ", + "remediationImpact": "This settings specified password expiry requirements.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Okta_SessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://developer.okta.com/docs/reference/api/policy/#global-session-policy", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    In Okta's dashboard -

    1. Go to Security > Authentication panel.
    2. Go to "Sign On"
      1. If there isn't a policy - select "Add New Okta Sing-on Policy".
      2. If a policy exists - select "Add rule "
    3. In the window, go to "Session management" and set the properties as following -
      1. Maximum Okta session lifetime to 30 days or below.
      2. Expire session after user has been idle on Okta for 120 minutes or below.
      3. Persist session cookies across browser sessions to Disable.
    ", + "remediationImpact": "This setting enforce Session time out for all Okta users.", + "service": "MDA_Okta", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_disableProtocolSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://portal.cloudappsecurity.com/#/connected-apps?tab=appConnectors", + "controlCategory": "Apps", + "title": "Remote Site", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "", + "remediationImpact": "Unknown", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableAdminLoginAsAnyUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.controlling_login_access.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Administrators Can Log In As Any User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Login Access Policies in the Quick Findbox, then select Login Access Policies.
    2. Deselect Administrators Can Log in as Any User.", + "remediationImpact": "You users must grant access before admins can log into their users.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Elevation of Privilege", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCacheAndAutocomplete", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Disable Caching and Autocomplete on Login Page via Session settings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Uncheck Enable caching and autocomplete on login page.", + "remediationImpact": "If enabled, after initial login, usernames are automatically populated into the Username field on the login page. If the user selects Remember me on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupSFDC", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for non-Setup for Salesforce pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for non-Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUser", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with standard headers", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with standard headers.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackNonsetupUserHeaderless", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for customer VisualForce pages with headers disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable clickjack protection for customer Visualforce pages with headers disabled.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableClickjackSetup", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable clickjack protection for Setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Under Clickjack Protection, select Enable clickjack protection for Setup pages.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableContentSniffingProtection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Sniffing protection", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Content Sniffing protectio.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSPOnEmail", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable Content Security Policy protection for email templates", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable Stricter Content Security Policy.", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnGet", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on GET requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on GET requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableCSRFOnPost", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enable CSRF protection on POST requests on non-setup pages", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enable CSRF protection on POST requests on non-setup pages..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableMultipleSamlConfigs", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.salesforce.com/mfa-requirement-check", + "controlCategory": "Apps", + "title": "Require identity verification during multi-factor authentication (MFA) registration", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 33, + "remediation": "From Setup, in the Quick Find box, enter Identity, and then click Identity Verification. Make sure the field: \"Require identity verification during multi-factor authentication (MFA) registration\" is enabled.", + "remediationImpact": "When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.", + "service": "MDA_SF", + "threats": [ + "Password cracking", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enableSMSIdentity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Let users verify their identity by text (SMS)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Let users verify their identity by text (SMS).", + "remediationImpact": "Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range. ", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_enforceIpRangesEveryRequest", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce login IP ranges on every request", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Enforce login IP ranges on every request.", + "remediationImpact": "You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceLogoutOnSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force logout on session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force logout on session timeout.", + "remediationImpact": "The browser refreshes and returns to the login page, and the user must log in again for access.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_forceRelogin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Force (admin) relogin after Login-As-User", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Force relogin after Login-As-Use..", + "remediationImpact": "Your users will not be impacted by this setting.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_identityConfirmationOnEmailChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.security_auth_setup_identity_verification.htm&type=5", + "controlCategory": "Apps", + "title": "Require identity verification for change of email address", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Identity, and then click Identity Verification.
    2. Select Require identity verification for email address changes.", + "remediationImpact": "User must login again before changing their email address.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_lockSessionsToDomain", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Lock sessions to the domain in which they were first used", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Lock sessions to the domain in which they were first used.", + "remediationImpact": "Your users cannot change their domain inside a session.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_maxLoginAttempts", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Maximum invalid login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Maximum invalid login attempts, select 3.", + "remediationImpact": "You users will be locked if they attemp to login with failure after 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_minimumPasswordLifetime", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Require a minimum 1 day password lifetime", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Require a minimum 1 day password lifetime.", + "remediationImpact": "Your users will not be able to change their password more than one time a day.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_complexity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password complexity requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password complexity requirement, select Must mix alpha, numeric, and special characters, or more complex.", + "remediationImpact": "Your users must have complexed passwords.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_expiration", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "User passwords expire in 90 days or less", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under User passwords expire in, select 90 days or less.", + "remediationImpact": "Your users must changed password every 90 days.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_historyRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Enforce password history", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Enforce password history, select 3 or more passwords rememebered.", + "remediationImpact": "Your users could not set new password that was already used in the last 3 times.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_lockoutInterval", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Lockout effective period", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Lockout effective period, select 30 minutes or more.", + "remediationImpact": "A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_minimumPasswordLength", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Minimum password length", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Minimum password length, select 8 or more.", + "remediationImpact": "Your users must set passwword at least in this length.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_obscureSecretAnswer", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Obscure secret answer for password resets", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Select Obscure secret answer for password resets.", + "remediationImpact": "Your users will not see their answers to their security questions password reset when typing.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_questionRestriction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_password.htm&type=5", + "controlCategory": "Apps", + "title": "Password question requirement", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
    2. Under Password question requirement, select Cannot contain password.", + "remediationImpact": "User will not be allowed to contain password in the password question.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_password_sessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Timeout Value to be 2 hours or less.", + "remediationImpact": "Users cannot have a session longer than the defined timeout value.", + "service": "MDA_SF", + "threats": [ + "Account breach", + "Data Exfiltration", + "Data Deletion", + "Malicious Insider" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SF_requireHttpOnly", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://help.salesforce.com/s/articleView?id=sf.admin_sessions.htm&type=5", + "controlCategory": "Apps", + "title": "Require HttpOnly attribute", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "1. From Setup, in the Quick Find box, enter Session Settings, then select Session Settings.
    2. Select Require HttpOnly attribut..", + "remediationImpact": "If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.", + "service": "MDA_SF", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authenticateMultifactor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/multi-factor-authentication.html", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.authenticate.multifactor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Enabling this property requires from the user to have an extra layer of authentication.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredJson2", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-jsonv2-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing JSONv2 requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.jsonv2' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredSOAP", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/basic-auth-soap-requests.html", + "controlCategory": "Apps", + "title": "Enable enforcing SOAP requests with basic authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.soap' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "

    1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.
    2. It restricts any guest users who are currently accessing this data.
    3. Create an account for a user who needs access to this content, with the necessary access control permissions.

    ", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_authRequiredUnl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/unload-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable unload request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.unl' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_cauthRequiredScriptedProcessor", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/script-request-authorization.html", + "controlCategory": "Apps", + "title": "Enable script request authorization", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.basicauth.required.scriptedprocessor' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the basic authentication while processing script requests on the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_concourseOnmessageEnforceSameOrigin", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enable-url-whitelist-for-cross-origin-iframe-communication.html", + "controlCategory": "Apps", + "title": "Enable URL allow list for cross-origin iframe communication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.concourse.onmessage_enforce_same_origin' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_enablePasswordPolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enforce-strong-passwords.html", + "controlCategory": "Apps", + "title": "Enable Password Reset Policy Checks", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.enable.password_policy' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting the property to true turns on password policy checks when a user resets their password.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_highSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/high-security-plugin.html", + "controlCategory": "Apps", + "title": "Enable high security plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.high_security' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This plugin enables several system security configurations, which may impact UI and functionality as well.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_httpCacheControl", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/cache-control-http-header-value.html", + "controlCategory": "Apps", + "title": "Set default cache-control HTTP header value to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.http.cache_control' as private.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "None.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_loginNoBlankPassword", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/disable-password-less-authentication.html", + "controlCategory": "Apps", + "title": "Disable password-less authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.login.no_blank_password' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_roleManagement", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/contextual-security.html", + "controlCategory": "Apps", + "title": "Enable Contextual Security: Role Management plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Navigate to System Applications > All Available Applications All.
    2. Find the 'com.glide.role_management' plugin using the filter criteria and search bar. 
    3. Click Install, and then in the Activate Plugin dialog box, click Activate. 
    ", + "remediationImpact": "This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptCcsiIsPublic", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/privacy-on-client-callable-script-includes.html", + "controlCategory": "Apps", + "title": "Set client-callable script includes to private", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.ccsi.ispublic' as false.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Privacy on client-callable script includes.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptSecureAjaxgliderecord", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/enabling-ajaxgliderecord-acl-checking.html", + "controlCategory": "Apps", + "title": "Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.secure.ajaxgliderecord' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_scriptUseSandbox", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/client-generated-scripts-sandbox.html", + "controlCategory": "Apps", + "title": "Enable client generated scripts sandbox", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.script.use.sandbox' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_smDefaultMode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/default-deny.html", + "controlCategory": "Apps", + "title": "Enable default deny with new ACL rules", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    Set the following property 'glide.sm.default_mode' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_sncUserLockoutCheck", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/managing-failed-login-attempts.html", + "controlCategory": "Apps", + "title": "Enable managing failed login attempts", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Navigate to System Policy > Script Actions.
    2. Search for the name *SNC User.
    3. To enable management of failed login attempts, change the Active state of either the SNC User Lockout Check with Auto Unlock or SNC User Lockout Check scripts actions from false to true.
    4. To reset the failed login counter after a successful login, you can activate the SNC User Clear script action.
    ", + "remediationImpact": "This remediation would enable administrator of the instance to monitor and report any malicious user access.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapRequireContentTypeXml", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-content-type-checking.html", + "controlCategory": "Apps", + "title": "Enable SOAP content type checking", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.soap.require_content_type_xml' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_soapStrictSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/soap-request-strict-security.html", + "controlCategory": "Apps", + "title": "Enable SOAP request strict security", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property ' glide.soap.strict_security' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_systemSecurity", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/security-jump-start-acl-rules.html", + "controlCategory": "Apps", + "title": "Activate security jump start (ACL rules) plugin", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "If this plugin is not activated on your instance, contact ServiceNow Support. Activating the plugin at this point might modify security access to tables already in use in a production environment. If an administrator is interested in the new ACL rules the plugin provides, you can manually create one or more of them in an existing instance if needed. This list of ACLs may be used as a guideline in that case.", + "remediationImpact": "There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_uiSessionTimeout", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/session-activity-timeout.html", + "controlCategory": "Apps", + "title": "Enable session activity timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.session_timeout' as 60 or below.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enforces timely expiration of user account.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_useCsrfToken", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/anti-csrf-token.html", + "controlCategory": "Apps", + "title": "Enable anti-CSRF token", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    Set the following property 'glide.security.use_csrf_token' as true.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_SNOW_userCookieMaxLifeSpanInDays", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/reference/absolute-session-timeout.html", + "controlCategory": "Apps", + "title": "Enable absolute session timeout", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "

    Set the following property 'glide.ui.user_cookie.max_life_span_in_days' below 180.

    For setting ServiceNow properties, see Add system property documentation.

    ", + "remediationImpact": "Forcing the user to relogin after specific days.", + "service": "MDA_SNOW", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Workplace_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://www.workplace.com/resources/tech/authentication/sso", + "controlCategory": "Apps", + "title": "Adopt SSO (Single sign on) in Workplace by Meta", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    In order to enable SSO authentication in Workplace you will need to:

    • Have access to your Identity Provider's configuration settings.
    • Have a System Administrator role assigned in Workplace.
    • Have a corresponding account in the Identity Provider with the same email as the Workplace user you are logged in with (i.e. which uses the same email address to authenticate both in Workplace and in the Identity Provider). This is essential to test SSO and complete Workplace configuration correctly.
    1. In the Admin Panel, select Security.
    2. Click on the Authentication tab.
    3. Check the Single Sign-On (SSO) checkbox.
    4. Click +Add New SSO Provider.
    5. Type in the values provided by your Identity Provider into the relevant fields: SAML URL, SAML Issuer URL, SAML Logout Redirect (Optional), SAML Certificate.
    6. Scroll to the bottom of the section and click the Test SSO button. This will result in a popup window appearing with your Identity Provider login page presented. Enter your credentials to authenticate.
    7. Once the test has been completed successfully, scroll to the bottom of the page and click Save button.
    8. If required, Configure SSO as the default authentication for new users by selecting SSO in the Default to new users drop-down.

    To comply with the control, the adoption rate must be above 80%.

    ", + "remediationImpact": "None.", + "service": "MDA_Workplace", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_AdminPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Block admins to set passwords", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To let administrators set passwords for users

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, verify Enable admins to set passwords is not selected.

      You must be the account owner to see this setting.

    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_BlockAccountAssumption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408824477082-Granting-Zendesk-temporary-access-to-assume-your-account", + "controlCategory": "Apps", + "title": "Block account assumption", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Account assumption tab, verify Enable account assumption is not checked.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_bypassIPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Block customers to bypass IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To Block customers to bypass IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. In IP Restrictions tab, verify Allowed IP Ranges is Enabled.
    3. Verify Allow customers to bypass IP restrictions is not checked.
    4. Click Save.
    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_EmailNotificationsforPassChange", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274-Managing-security-settings-in-Admin-Center#topic_a5b_q3v_gfb", + "controlCategory": "Apps", + "title": "Send a notification on password change for admins, agents, and end users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To send password-change notifications

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Passwords tab, select Email notifications.
    3. Click Save.
    ", + "remediationImpact": "End users will get email notifications when their passwords change.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_enableapp", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846407066-About-the-Zendesk-Support-mobile-app", + "controlCategory": "Apps", + "title": "Admins and agents can use the Zendesk Support mobile app", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Allow admins and agents can use the Zendesk Support mobile app

    1. In Admin Center, click Account in the sidebar, then select Security > More settings.
    2. On the Zendesk Support tab, Check Mobile app.
    3. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_IPrestrictions", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable IP restrictions", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    To set IP restrictions

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the IP Restrictions tab, select Enabled, then enter the Allowed IP Ranges you want to restrict.
    3. Click Save.

    For more information, see Restricting access to Zendesk Support using IP restrictions.

    ", + "remediationImpact": "Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408826974874", + "controlCategory": "Apps", + "title": "Enable and adopt two-factor authentication (2FA)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To require two-factor authentication

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select Require two-factor authentication.
    3. Click Save.
    ", + "remediationImpact": "

    Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required.

    Before enabling two-factor authentication, make sure you understand the following important considerations:

    • You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See Using the API when 2-factor authentication is enabled in the Developers guide.
    • Requiring two-factor authentication disables password-based authentication to the Zendesk API.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_sessionexpiry", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408832533274-Understanding-your-Zendesk-session-time", + "controlCategory": "Apps", + "title": "Enable session timeout for users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "

    To set an inactivity time-out period

    1. In Admin Center, click Account in the sidebar, then select Security > Advanced.
    2. On the Authentication tab, select a session expiration period for team members and end users under Session expiration.
    3. Maximun valid value is 2 hours for both.
    4. Click Save.
    ", + "remediationImpact": "There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_SSO", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable external Authentication (google or microsoft or SSO)", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure External authentication is selected.
    3. follow the authentication steps.
    4. Click Save.
    ", + "remediationImpact": "See in learn more link.", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zendesk_ZanAuth", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zendesk.com/hc/en-us/articles/4408846853274", + "controlCategory": "Apps", + "title": "Enable Zendesk authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "

    To enable Zendesk authentication

    1. Open Admin Center, click Account in the sidebar, then select Security > Team member authentication.
    2. Make sure Zendesk Authentication is selected.
    3. Set the password security level High.
    4. Click Save.
    ", + "remediationImpact": "

    For Team memebers, the following conditions must be met before they can use Zendesk authentication:

    • Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See Getting started with Guide in the Support help center.
    • Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See Requiring users to register in the Support help center.
    ", + "service": "MDA_Zendesk", + "threats": [ + "Account breach", + "Data Exfiltration", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_BlockDomains", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/4403624900109-Blocking-users-in-specific-domains", + "controlCategory": "Apps", + "title": "Block users in specific domains from joining meetings and webinars", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Block users in specific domains from joining meetings and webinars.
    5. Enter the domains that you want to block from joining meetings and webinars.
    6. Click the lock icon and then click Lock to confirm the setting.
    7. Click Save.
    ", + "remediationImpact": "This setting block users to signin from specific domains.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MeetingE2eEncryption", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings", + "controlCategory": "Apps", + "title": "Enforce end to end encryption in all Zoom meetings", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
    2. In the navigation panel, click Account Management then Account Settings.
    3. Click the Meeting tab.
    4. Under Security, enable Allow use of end-to-end encryption and then click Turn On to verify the change.
    5. For making this setting mandatory for all users in your account, click the lock icon, and then click Lock to confirm the setting.
    6. Under Security, choose the Default encryption type.
    7. Click Save.
    ", + "remediationImpact": "This setting enforce end to end encryption in all Zoom meetings.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_MFA", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication", + "controlCategory": "Apps", + "title": "Enable multi-factor authentication", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 7, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Make sure the Sign in with Two-Factor Authentication option is enabled.
    4. Select All users in your account. This will enable Two-Factor Authentication for all users.
    5. Click ‘Save’ to confirm your 2FA settings. 
    ", + "remediationImpact": "This setting enforce multi factor authentication for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_PasswordReq", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enhance password requirements", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 4, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Have a minimum password length with at least 10 characters.
    4. Enable Have at least 1 special character (!, @, #...).
    5. Enable
    6. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce enhanced password requirements in users' next signin.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutClient", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for client users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on Zoom client (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active client users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "MDA_Zoom_SessionTimeoutWeb", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://support.zoom.us/hc/en-us/articles/115005756143-Changing-account-security-settings", + "controlCategory": "Apps", + "title": "Enable session timeout for web users", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 6, + "rank": 10, + "remediation": "
    1. Sign in to the Zoom Dashboard 
    2. In the navigation menu, click Advanced, then Security. 
    3. Enable Set period for inactivity on the web (minutes) with maximum value of 120 minutes.
    4. Click ‘Save’ to confirm.
    ", + "remediationImpact": "This setting enforce logout for in-active web users for all Zoom users.", + "service": "MDA_Zoom", + "threats": [ + "Account breach", + "Data Exfiltration" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_allowedsenderscombined", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that no sender domains are allowed for anti-spam policies", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 2, + "rank": 128, + "remediation": "Remove all allowed domains and allowed senders from all your inbound anti-spam policies.", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_antiphishingpolicies", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that an anti-phishing policy has been created", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 10, + "remediation": "

    Note: Audit and Remediation guidance may focus on the Default policy however, if a
    Custom Policy exists in the organization's tenant then ensure the setting is set as
    outlined in the highest priority policy listed.


    To set the anti-phishing policy -

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand Email & collaboration select Policies & rules
    3. Select Threat policies.
    4. Under Policies select Anti-phishing.
    5. Select the Office365 AntiPhish Default (Default) policy and click Edit
      protection settings.
    6. Set the Phishing email threshold to at least 2 - Aggressive.
      1. Under Impersonation
        • Check Enable mailbox intelligence (Recommended).
        • Check Enable Intelligence for impersonation protection (Recommended).
      2. Under Spoof
        • Check Enable spoof intelligence (Recommended).
    7. Click Save.

    To create an anti-phishing policy using PowerShell:

    1. Connect to Exchange Online service using Connect-ExchangeOnline.
    2. Run the following Exchange Online PowerShell command:


    New-AntiPhishPolicy -Name \"Office365 AntiPhish Policy\"

    ", + "remediationImpact": "Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach", + "Password Cracking" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_atpprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the following global tenant setting for ‘Safe Attachments’ is enabled:

    \n
      \n
    • Turn on the Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams
      • \n
    \n

    For detailed implementation instructions, see Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams - Office 365 | Microsoft Docs.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_autoforwardingmode", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set automatic email forwarding rules to be system controlled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Automatic forwarding rules’ option set to recommended values which is “Automatic – System-controlled” or to “Off - Forwarding is disabled”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_blockmailforward", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rule-procedures?view=exchserver-2019&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure all forms of mail forwarding are blocked and/or disabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

    STEP 1: Transport rules

    To alter the mail transport rules so they do not forward email to external domains, use the Microsoft 365 Admin Center:

    1. Select Exchange to open the Exchange admin center.
    2. Select Mail Flow then Rules.
    3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

    To perform remediation you may also use the Exchange Online PowerShell
    Module:

    1. Connect to Exchange Online user Connect-ExchangeOnline.
    2. Run the following PowerShell command:

      Remove-TransportRule {RuleName}

    3. To verify this worked you may re-run the audit command as follows:

      Get-TransportRule | Where-Object {$_.RedirectMessageTo -ne $null} | ft
      Name,RedirectMessageTo


    STEP 2: Anti-spam outbound policy

    Configure an anti-spam outbound policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
    2. Expand E-mail & collaboration then select Policies & rules.
    3. Select Threat policies > Anti-spam.
    4. Select Anti-spam outbound policy (default)
    5. Click Edit protection settings
    6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
    7. Repeat steps 4-6 for any additional higher priority, custom policies.
    ", + "remediationImpact": "Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkspamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on bulk spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 3, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk complaint level (BCL) met or exceeded’ option set to “Move message to Junk Email folder”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_bulkthreshold", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the email bulk complaint level (BCL) threshold to be 6 or lower", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Bulk email spam action’ option enabled and the ‘Bulk email threshold’ option set to 6 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_commonattachmentsfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antimalwarev2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure the Common Attachment Types Filter is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Update your existing policies or create new ones to ensure that all users have an assigned anti-malware policy with the ‘Enable common attachments filter’ option turned on .

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_connectionfilter", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Don't add allowed IP addresses in the connection filter policy ", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    1. Open Anti-spam policies page in Microsoft 365 Defender portal
    2. Remove all allowed IP addresses from the default connection filter policy

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enabledomainstoprotect", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Enable impersonated domain protection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable domains to protect’, ‘Include domains I own’ and ‘Include custom domains’ options enabled, by either updating your existing policies or creating new ones.\n
    \n
    \n We recommend adding sender domains that you frequently interact with, even if you don't own them.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_enablemailboxintelligence", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that mailbox intelligence is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ option enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencephishaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_highconfidencespamaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on high confidence spam detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘High confidence spam message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotection", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure that intelligence for impersonation protection is enabled", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_mailboxintelligenceprotectionaction", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Move messages that are detected as impersonated users by mailbox intelligence", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Enable mailbox intelligence’ and ‘Enable intelligence for impersonation protection’ options enabled by either updating your existing policies or creating new ones.\n
    \n
    \n For those policies, ensure that the ‘If mailbox Intelligence detects an impersonated user’ option set to ‘Quarantine the message’ or ‘Move message to the recipients’ junk email folders’.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phishthresholdlevel", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antiphishing?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set the phishing email level threshold at 2 or higher", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "\n Ensure that all users have an assigned anti-phishing policy with the ‘Phishing email threshold’ option set to 2 or 3, by either updating your existing policies or creating new ones.\n ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_phisspamacation", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set action to take on phishing detection", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Phishing message action’ option set to “Quarantine message”, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_quarantineretentionperiod", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Retain spam in quarantine for 30 days", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned inbound anti-spam policy with the ‘Retain spam in quarantine for this many days’ option set to 30, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientexternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of external recipients that a user can email per hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy by setting the ‘Restrict sending to external recipients (per hour)’ option to a recommended values which is 500 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientinternallimitperhour", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set maximum number of internal recipients that a user can send to within an hour", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Restrict sending to internal recipients (per hour)’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_recipientlimitperday", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/antispam?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Set a daily message limit", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 1, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned outbound anti-spam policy with the ‘Maximum recipient limit per day’ option set to recommended values which is 1000 or lower, by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachmentpolicy", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide&tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Ensure Safe Attachments policy is enabled", + "deprecated": false, + "implementationCost": "Unknown", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 10, + "remediation": "

    To enable the Safe Attachments policy:

    1. Navigate to Microsoft 365 Defender https://security.microsoft.com.
    2. Click to expand E-mail & Collaboration select Policies & rules.
    3. On the Policies & rules page select Threat policies.
    4. Under Policies select Safe Attachments.
    5. Click + Create.
    6. Create a Policy Name and Description, and then click Next.
    7. Select all valid domains and click Next.
    8. Select Block.
    9. Quarantine policy is AdminOnlyAccessPolicy.
    10. Leave Enable redirect unchecked.
    11. Click Next and finally Submit.
    ", + "remediationImpact": "Delivery of email with attachments may be delayed while scanning is occurring.", + "service": "MDO", + "threats": [ + "Data Exfiltration", + "Account breach" + ], + "tier": "Core", + "userImpact": "Unknown", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safeattachments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Attachments in block mode", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 8, + "rank": 128, + "remediation": "

    Ensure that all users have an assigned ‘Safe Attachments’ policy in Block mode by either updating your existing policies or creating new ones.

    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + }, + { + "id": "mdo_safedocuments", + "azureTenantId": "12345678-1234-1234-1234-1234567890abcd", + "actionType": "Config", + "actionUrl": "https://security.microsoft.com/safeattachmentv2?tid=12345678-1234-1234-1234-1234567890abcd", + "controlCategory": "Apps", + "title": "Turn on Safe Documents for Office Clients", + "deprecated": false, + "implementationCost": "Medium", + "lastModifiedDateTime": null, + "maxScore": 5, + "rank": 128, + "remediation": "

    Ensure that the global tenant settings for ‘Safe Attachments’ are configured as follows:

    \n
      \n
    • ‘Turn on Safe Documents for Office clientsshould be Turned On
      • \n
    • ‘Allow people to click through Protected View even if Safe Documents identified the file as malicious’ should be Turned Off
      • \n
    ", + "remediationImpact": "Unknown", + "service": "MDO", + "threats": [], + "tier": "Core", + "userImpact": "High", + "vendorInformation": { + "provider": "SecureScore", + "providerVersion": null, + "subProvider": null, + "vendor": "Microsoft" + }, + "complianceInformation": [], + "controlStateUpdates": [ + { + "assignedTo": null, + "comment": null, + "state": "Default", + "updatedBy": null, + "updatedDateTime": null + } + ] + } + ] + }, + "enabledServices": [ + "HasOCAS", + "HasCLB", + "HasMDOP1", + "HasMDOP2", + "HasEXOP2", + "HasSPOP2", + "HasAADFree" + ], + "averageComparativeScores": [ + { + "basis": "AllTenants", + "averageScore": 54.65, + "appsScore": 29.65, + "appsScoreMax": 79, + "dataScore": 0.46, + "dataScoreMax": 3.27, + "deviceScore": 9.13, + "deviceScoreMax": 16.76, + "identityScore": 36.02, + "identityScoreMax": 59.42, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + }, + { + "basis": "TotalSeats", + "averageScore": 48.98, + "SeatSizeRangeLowerValue": "1", + "SeatSizeRangeUpperValue": "100", + "appsScore": 34.15, + "appsScoreMax": 94.46, + "dataScore": 0.5, + "dataScoreMax": 3.97, + "deviceScore": 6.87, + "deviceScoreMax": 12.65, + "identityScore": 34.16, + "identityScoreMax": 59.5, + "infrastructureScore": 0, + "infrastructureScoreMax": 0 + } + ], + "currentScore": 128, + "maxScore": 274, + "secureScores": { + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#security/secureScores" + } + } + } + ] + } + } +] \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json new file mode 100644 index 0000000000..5cc057b216 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json @@ -0,0 +1,32 @@ +{ + "SourceMetadata": { + "Data": { + "Git": { + "commit": "0416560b1330d8ac42045813251d85c688717eaf", + "file": "new_key", + "email": "counter \u003chello@trufflesec.com\u003e", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2023-10-19 02:56:37 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAQYLPMN5HHHFPZAM2", + "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU", + "Redacted": "AKIAQYLPMN5HHHFPZAM2", + "ExtraData": { + "account": "052310077262", + "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json new file mode 100644 index 0000000000..80779e4674 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json @@ -0,0 +1,92 @@ +[ + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "0416560b1330d8ac42045813251d85c688717eaf", + "file": "new_key", + "email": "counter \u003chello@trufflesec.com\u003e", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2023-10-19 02:56:37 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAQYLPMN5HHHFPZAM2", + "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU", + "Redacted": "AKIAQYLPMN5HHHFPZAM2", + "ExtraData": { + "account": "052310077262", + "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "fbc14303ffbf8fb1c2c1914e8dda7d0121633aca", + "file": "keys", + "email": "counter \u003ccounter@counters-MacBook-Air.local\u003e", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2022-06-16 17:17:40 +0000", + "line": 4 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAYVP4CIPPERUVIFXG", + "RawV2": "AKIAYVP4CIPPERUVIFXGZt2U1h267eViPnuSA+JO5ABhiu4T7XUMSZ+Y2Oth", + "Redacted": "AKIAYVP4CIPPERUVIFXG", + "ExtraData": { + "account": "595918472158", + "arn": "arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "77b2a3e56973785a52ba4ae4b8dac61d4bac016f", + "file": "keys", + "email": "counter \u003ccounter@counters-MacBook-Air.local\u003e", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2022-06-16 17:27:56 +0000", + "line": 3 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "https://admin:admin@the-internet.herokuapp.com", + "RawV2": "https://admin:admin@the-internet.herokuapp.com/basic_auth", + "Redacted": "https://admin:********@the-internet.herokuapp.com", + "ExtraData": null, + "StructuredData": null + } +] diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_docker_example.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_docker_example.json new file mode 100644 index 0000000000..3c58760f88 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_docker_example.json @@ -0,0 +1,1248 @@ +[ + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/misc/trace/trace_viewer_full.html", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 917, + "DetectorName": "Aiven", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "DGnfccMNNzzU0tLSKE2V+OSvmiuYXZFOkwDmvD2e7saa/X99iCLxOBoAF7W3ljfewGABZ1ucpw2d7733XusTTzxxE33+xCNNlfjED3vcqELON2WGr0+WCS03cXtaTmy6qbutppUkyHAnNO+tl/xgAUc9DLmmxWnacAeB/hDdANK3I/cjSCAIebi3d0QokKfRZHcrvZ01D9XtW72DhqjX3mBtUC5ZwGGqaFqcws5LL7109dGjR9+WN4DiPx7DHXLc0HE5Wt7es/m21WCob4PiTOimTjiJJwM46gPg2PiCE2ee/Wc/+9lvyB5vkvY4SSNO12+uxFkgT7LB7vZ6uptq9678DQ3JThsYggkAppgvCg7OJQs4WkUn", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0+incompatible.txt", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7307b307f4f0dde421900f8e5126fadac1e13aed", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/juju.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "13f4951698adc0fa9c1dda3e275d489a24201161", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/govmomi.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "4930550ba2e22f87187498acfd78348b15f4e7a8", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0.txt", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7307b307f4f0dde421900f8e5126fadac1e13aed", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "346938d642f2ec3594ed81d874461961cd0faa76", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 23, + "DetectorName": "PivotalTracker", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "3fd3c1944c59d9742e1cd333672181cd", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "346938d642f2ec3594ed81d874461961cd0faa76", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 23, + "DetectorName": "PivotalTracker", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "3fd3c1944c59d9742e1cd333672181cd", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://My%20User:My%20Pass@dummy.faketld", + "RawV2": "http://My%20User:My%20Pass@dummy.faketld", + "Redacted": "http://My%20User:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld/password", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup [REDACTED].faketld: no such host", + "Raw": "http://user:password@password.faketld", + "RawV2": "http://user:password@password.faketld", + "Redacted": "http://user:********@password.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld/password", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup [REDACTED].faketld: no such host", + "Raw": "http://user:password@password.faketld", + "RawV2": "http://user:password@password.faketld", + "Redacted": "http://user:********@password.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 100, + "DetectorName": "CloudflareApiToken", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7fb22c8cba7ecaf98e4082d22d65800cf45e042a", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 100, + "DetectorName": "CloudflareApiToken", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7fb22c8cba7ecaf98e4082d22d65800cf45e042a", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/x509/x509_test_import.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0\nfd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu\n/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu\nRTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/\nEO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A\nIU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS\ntAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0b", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/x509/x509_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "ESCAPED_UNICODE", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+KmCxKLc1Zv9Ny+4CFqcUXVUYH69L3mQ7v\nIWrJ9GBfcaA7BPQqUlWxWM+OCEQZH1EZNIuqRMNQVuIGCbz5UQ8w6tS0gcgdeGX7\nJ7jgCQ4RK3F/PuCM38QBLaHx988qG8NMc6VKErBjctCXFHQt14lerd5KpQIDAQAB\nAoGAYrf6Hbk+mT5AI33k2Jt1kcweodBP7UkExkPxeuQzRVe0KVJw0EkcFhywKpr1\nV5eLMrILWcJnpyHE5slWwtFHBG6a5fLaNtsBBtcAIfqTQ0Vfj5c6SzVaJv0Z5rOd\n7gQF6isy3t3w9IF3We9wXQKzT6q5ypPGdm6fciKQ8RnzREkCQQDZwppKATqQ41/R\nvhSj90fFifrGE6aVKC1hgSpxGQa4oIdsYYHwMzyhBmWW9Xv/R+fPyr8ZwPxp2c12\n33QwOLPLAkEA0NNUb+z4ebVVHyvSwF5jhfJxigim+s49KuzJ1+A2RaSApGyBZiwS\nrWvWkB471POAKUYt5ykIWVZ83zcceQiNTwJBAMJUFQZX5GDqWFc/zwGoKkeR49Yi\nMTXIvf7Wmv6E++eFcnT461FlGAUHRV+bQQXGsItR/opIG7mGogIkVXa3E1MCQARX\nAAA7eoZ9AEHflUeuLn9QJI/r0hyQQLEtrpwv6rDT1GCWaLII5HJ6NUFVf4TTcqxo\n6vdM4QGKTJoO+SaCyP0CQFdpcxSAuzpFcKv0IlJ8XzS/cy+mweCMwyJ1PFEc4FX6\nwg/HcAJWY60xZTJDFN+Qfx8ZQvBEin6c2/h+zZi5IVY=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+K", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/testdata/example-key.pem", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/encoding/pem/pem_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,80C7C7A09690757A\n\neQp5ZkH6CyHBz7BZfUPxyLCCmftsBJ7HlqGb8Ld21cSwnzWZ4/SIlhyrUtsfw7VR\n2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr\nyGDQZgA7s2cQHQ71v3gwT2BACAft26jCjbM1wgNzBnJ8M0Rzn68YWqaPtdBu8qb/\nzVR5JB1mnqvTSbFsfF5yMc6o2WQ9jJCl6KypnMl+BpL+dlvdjYVK4l9lYsB1Hs3d\n+zDBbWxos818zzhS8/y6eIfiSG27cqrbhURbmgiSfDXjncK4m/pLcQ7mmBL6mFOr\n3Pj4jepzgOiFRL6MKE//h62fZvI1ErYr8VunHEykgKNhChDvb1RO6LEfqKBu+Ivw\nTB6fBhW3TCLMnVPYVoYwA+fHNTmZZm8BEonlIMfI+KktjWUg4Oia+NI6vKcPpFox\nhSnlGgCtvfEaq5/H4kHJp95eOpnFsLviw2seHNkz/LxJMRP1X428+DpYW/QD/0JU\ntJSuC/q9FUHL6RI3u/Asrv8pCb4+D7i1jW/AMIdJTtycOGsbPxQA7yHMWujHmeb1\nBTiHcL3s3KrJu1vDVrshvxfnz71KTeNnZH8UbOqT5i7fPGyXtY1XJddcbI/Q6tXf\nwHFsZc20TzSdsVLBtwksUacpbDogcEVMctnNrB8FIrB3vZEv9Q0Z1VeY7nmTpF+6\na+z2P7acL7j6A6Pr3+q8P9CPiPC7zFonVzuVPyB8GchGR2hytyiOVpuD9+k8hcuw\nZWAaUoVtWIQ52aKS0p19G99hhb+IVANC4akkdHV4SP8i7MVNZhfUmg==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info:", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/internal/testcert.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9\nSjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB\nl2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB\nAoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet\n3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb\nuJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H\nqzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp\njy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY\nfFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U\nfQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU\ny2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX\nqyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo\nf9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzW", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/smtp/smtp_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h\nAB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu\nlkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB\nAoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA\nkucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM\nVY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m\n542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb\nPHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2\n6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB\nvNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP\nQXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i\njiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c\nqgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDScVtBC45ayNsa16Ny", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8\nk+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1\nFMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd\n3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx\n+U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBU", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/tls_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0\nNwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL\n06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz\nVQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q\nkohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDV", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/tls_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo\nk/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G\n6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N\nMQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW\nSmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T\nxVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi\nD2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBANLJhPHhITqQbPklG3ib", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/example_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/example_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://user:password@google.com", + "RawV2": "http://user:password@google.com", + "Redacted": "http://user:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com", + "RawV2": "http://j%40ne:password@google.com", + "Redacted": "http://j%40ne:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://jane:p%40ssword@google.com", + "RawV2": "http://jane:p%40ssword@google.com", + "Redacted": "http://jane:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://jane:p%40ssword@google.com", + "RawV2": "http://jane:p%40ssword@google.com", + "Redacted": "http://jane:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com?q=@go", + "RawV2": "http://j%40ne:password@google.com/p@th?q=@go", + "Redacted": "http://j%40ne:********@google.com?q=@go", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com?q=@go", + "RawV2": "http://j%40ne:password@google.com/p@th?q=@go", + "Redacted": "http://j%40ne:********@google.com?q=@go", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://%3Fam:pa%3Fsword@google.com", + "RawV2": "http://%3Fam:pa%3Fsword@google.com", + "Redacted": "http://%3Fam:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com", + "RawV2": "http://j%40ne:password@google.com", + "Redacted": "http://j%40ne:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://user:password@google.com", + "RawV2": "http://user:password@google.com", + "Redacted": "http://user:********@google.com", + "ExtraData": null, + "StructuredData": null + } + ] \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_saf_example.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_saf_example.json new file mode 100644 index 0000000000..9c840e2707 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_saf_example.json @@ -0,0 +1,721 @@ +[ + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1514ebbfc22994db9aec0dcf7bd8c638ab2943a4", + "file": "test/sample_data/conveyor/sample_input_report/large-results.json", + "email": "Joshua Weiss <89481736+jweissm@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-08-31 05:59:33 +0000", + "line": 23643 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "62ca8f2d2967a5a2e324f25836ed140ae993b0cb", + "file": "test/sample_data/conveyor/conveyor-stigma-hdf.json", + "email": "Joshua ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-06-23 19:31:20 +0000", + "line": 7171 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "62ca8f2d2967a5a2e324f25836ed140ae993b0cb", + "file": "test/sample_data/conveyor/sample_input_report/large-results.json", + "email": "Joshua ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-06-23 19:31:20 +0000", + "line": 23643 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 64 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 32 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 63 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 31 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 64 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 32 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 63 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 31 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + } + ] \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf-withraw.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf-withraw.json new file mode 100644 index 0000000000..6003de2959 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf-withraw.json @@ -0,0 +1,1591 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - docker", + "title": "trufflehog - docker", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Aiven secret using PLAIN decoder", + "id": "Aiven PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/misc/trace/trace_viewer_full.html\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"DGnfccMNNzzU0tLSKE2V+OSvmiuYXZFOkwDmvD2e7saa/X99iCLxOBoAF7W3ljfewGABZ1ucpw2d7733XusTTzxxE33+xCNNlfjED3vcqELON2WGr0+WCS03cXtaTmy6qbutppUkyHAnNO+tl/xgAUc9DLmmxWnacAeB/hDdANK3I/cjSCAIebi3d0QokKfRZHcrvZ01D9XtW72DhqjX3mBtUC5ZwGGqaFqcws5LL7109dGjR9+WN4DiPx7DHXLc0HE5Wt7es/m21WCob4PiTOimTjiJJwM46gPg2PiCE2ee/Wc/+9lvyB5vkvY4SSNO12+uxFkgT7LB7vZ6uptq9678DQ3JThsYggkAppgvCg7OJQs4WkUn\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Github secret using PLAIN decoder", + "id": "Github PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0+incompatible.txt\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7307b307f4f0dde421900f8e5126fadac1e13aed\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/juju.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"13f4951698adc0fa9c1dda3e275d489a24201161\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/govmomi.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"4930550ba2e22f87187498acfd78348b15f4e7a8\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0.txt\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7307b307f4f0dde421900f8e5126fadac1e13aed\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"c589d0c9f0d81640c518354c7bcae77d99820aa3\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PivotalTracker secret using PLAIN decoder", + "id": "PivotalTracker PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"3fd3c1944c59d9742e1cd333672181cd\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"3fd3c1944c59d9742e1cd333672181cd\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/http/client_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup dummy.faketld: no such host\",\n \"Raw\": \"http://My%20User:My%20Pass@dummy.faketld\",\n \"RawV2\": \"http://My%20User:My%20Pass@dummy.faketld\",\n \"Redacted\": \"http://My%20User:********@dummy.faketld\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/url/url_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://user:password@google.com\",\n \"RawV2\": \"http://user:password@google.com\",\n \"Redacted\": \"http://user:********@google.com\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found CloudflareApiToken secret using PLAIN decoder", + "id": "CloudflareApiToken PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7fb22c8cba7ecaf98e4082d22d65800cf45e042a\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7fb22c8cba7ecaf98e4082d22d65800cf45e042a\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using PLAIN decoder", + "id": "PrivateKey PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_server_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/x509/x509_test_import.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0\\nfd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu\\n/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu\\nRTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/\\nEO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A\\nIU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS\\ntAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0b\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/testdata/example-key.pem\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_client_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/encoding/pem/pem_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info: DES-EDE3-CBC,80C7C7A09690757A\\n\\neQp5ZkH6CyHBz7BZfUPxyLCCmftsBJ7HlqGb8Ld21cSwnzWZ4/SIlhyrUtsfw7VR\\n2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr\\nyGDQZgA7s2cQHQ71v3gwT2BACAft26jCjbM1wgNzBnJ8M0Rzn68YWqaPtdBu8qb/\\nzVR5JB1mnqvTSbFsfF5yMc6o2WQ9jJCl6KypnMl+BpL+dlvdjYVK4l9lYsB1Hs3d\\n+zDBbWxos818zzhS8/y6eIfiSG27cqrbhURbmgiSfDXjncK4m/pLcQ7mmBL6mFOr\\n3Pj4jepzgOiFRL6MKE//h62fZvI1ErYr8VunHEykgKNhChDvb1RO6LEfqKBu+Ivw\\nTB6fBhW3TCLMnVPYVoYwA+fHNTmZZm8BEonlIMfI+KktjWUg4Oia+NI6vKcPpFox\\nhSnlGgCtvfEaq5/H4kHJp95eOpnFsLviw2seHNkz/LxJMRP1X428+DpYW/QD/0JU\\ntJSuC/q9FUHL6RI3u/Asrv8pCb4+D7i1jW/AMIdJTtycOGsbPxQA7yHMWujHmeb1\\nBTiHcL3s3KrJu1vDVrshvxfnz71KTeNnZH8UbOqT5i7fPGyXtY1XJddcbI/Q6tXf\\nwHFsZc20TzSdsVLBtwksUacpbDogcEVMctnNrB8FIrB3vZEv9Q0Z1VeY7nmTpF+6\\na+z2P7acL7j6A6Pr3+q8P9CPiPC7zFonVzuVPyB8GchGR2hytyiOVpuD9+k8hcuw\\nZWAaUoVtWIQ52aKS0p19G99hhb+IVANC4akkdHV4SP8i7MVNZhfUmg==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info:\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/http/internal/testcert.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9\\nSjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB\\nl2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB\\nAoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet\\n3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb\\nuJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H\\nqzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp\\njy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY\\nfFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U\\nfQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU\\ny2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX\\nqyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo\\nf9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzW\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using BASE64 decoder", + "id": "PrivateKey BASE64", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_server_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/smtp/smtp_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h\\nAB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu\\nlkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB\\nAoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA\\nkucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM\\nVY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m\\n542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb\\nPHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2\\n6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB\\nvNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP\\nQXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i\\njiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c\\nqgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDScVtBC45ayNsa16Ny\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/tls_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0\\nNwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL\\n06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz\\nVQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q\\nkohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDV\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/example_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using ESCAPED_UNICODE decoder", + "id": "PrivateKey ESCAPED_UNICODE", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/x509/x509_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+KmCxKLc1Zv9Ny+4CFqcUXVUYH69L3mQ7v\\nIWrJ9GBfcaA7BPQqUlWxWM+OCEQZH1EZNIuqRMNQVuIGCbz5UQ8w6tS0gcgdeGX7\\nJ7jgCQ4RK3F/PuCM38QBLaHx988qG8NMc6VKErBjctCXFHQt14lerd5KpQIDAQAB\\nAoGAYrf6Hbk+mT5AI33k2Jt1kcweodBP7UkExkPxeuQzRVe0KVJw0EkcFhywKpr1\\nV5eLMrILWcJnpyHE5slWwtFHBG6a5fLaNtsBBtcAIfqTQ0Vfj5c6SzVaJv0Z5rOd\\n7gQF6isy3t3w9IF3We9wXQKzT6q5ypPGdm6fciKQ8RnzREkCQQDZwppKATqQ41/R\\nvhSj90fFifrGE6aVKC1hgSpxGQa4oIdsYYHwMzyhBmWW9Xv/R+fPyr8ZwPxp2c12\\n33QwOLPLAkEA0NNUb+z4ebVVHyvSwF5jhfJxigim+s49KuzJ1+A2RaSApGyBZiwS\\nrWvWkB471POAKUYt5ykIWVZ83zcceQiNTwJBAMJUFQZX5GDqWFc/zwGoKkeR49Yi\\nMTXIvf7Wmv6E++eFcnT461FlGAUHRV+bQQXGsItR/opIG7mGogIkVXa3E1MCQARX\\nAAA7eoZ9AEHflUeuLn9QJI/r0hyQQLEtrpwv6rDT1GCWaLII5HJ6NUFVf4TTcqxo\\n6vdM4QGKTJoO+SaCyP0CQFdpcxSAuzpFcKv0IlJ8XzS/cy+mweCMwyJ1PFEc4FX6\\nwg/HcAJWY60xZTJDFN+Qfx8ZQvBEin6c2/h+zZi5IVY=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+K\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "990182dac9794c78d11b7df1de9548860f5d80d7f206b9caf435ab8b178b7154" + } + ], + "passthrough": { + "raw": { + "wrapper": [ + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/misc/trace/trace_viewer_full.html", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 917, + "DetectorName": "Aiven", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "DGnfccMNNzzU0tLSKE2V+OSvmiuYXZFOkwDmvD2e7saa/X99iCLxOBoAF7W3ljfewGABZ1ucpw2d7733XusTTzxxE33+xCNNlfjED3vcqELON2WGr0+WCS03cXtaTmy6qbutppUkyHAnNO+tl/xgAUc9DLmmxWnacAeB/hDdANK3I/cjSCAIebi3d0QokKfRZHcrvZ01D9XtW72DhqjX3mBtUC5ZwGGqaFqcws5LL7109dGjR9+WN4DiPx7DHXLc0HE5Wt7es/m21WCob4PiTOimTjiJJwM46gPg2PiCE2ee/Wc/+9lvyB5vkvY4SSNO12+uxFkgT7LB7vZ6uptq9678DQ3JThsYggkAppgvCg7OJQs4WkUn", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0+incompatible.txt", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7307b307f4f0dde421900f8e5126fadac1e13aed", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/juju.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "13f4951698adc0fa9c1dda3e275d489a24201161", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/govmomi.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "4930550ba2e22f87187498acfd78348b15f4e7a8", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0.txt", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7307b307f4f0dde421900f8e5126fadac1e13aed", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "346938d642f2ec3594ed81d874461961cd0faa76", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 23, + "DetectorName": "PivotalTracker", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "3fd3c1944c59d9742e1cd333672181cd", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "346938d642f2ec3594ed81d874461961cd0faa76", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 23, + "DetectorName": "PivotalTracker", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "3fd3c1944c59d9742e1cd333672181cd", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://My%20User:My%20Pass@dummy.faketld", + "RawV2": "http://My%20User:My%20Pass@dummy.faketld", + "Redacted": "http://My%20User:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld/password", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup [REDACTED].faketld: no such host", + "Raw": "http://user:password@password.faketld", + "RawV2": "http://user:password@password.faketld", + "Redacted": "http://user:********@password.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld/password", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup dummy.faketld: no such host", + "Raw": "http://user:password@dummy.faketld", + "RawV2": "http://user:password@dummy.faketld", + "Redacted": "http://user:********@dummy.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup [REDACTED].faketld: no such host", + "Raw": "http://user:password@password.faketld", + "RawV2": "http://user:password@password.faketld", + "Redacted": "http://user:********@password.faketld", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 100, + "DetectorName": "CloudflareApiToken", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7fb22c8cba7ecaf98e4082d22d65800cf45e042a", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 100, + "DetectorName": "CloudflareApiToken", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "7fb22c8cba7ecaf98e4082d22d65800cf45e042a", + "RawV2": "", + "Redacted": "", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/x509/x509_test_import.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0\nfd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu\n/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu\nRTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/\nEO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A\nIU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS\ntAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0b", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/x509/x509_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "ESCAPED_UNICODE", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+KmCxKLc1Zv9Ny+4CFqcUXVUYH69L3mQ7v\nIWrJ9GBfcaA7BPQqUlWxWM+OCEQZH1EZNIuqRMNQVuIGCbz5UQ8w6tS0gcgdeGX7\nJ7jgCQ4RK3F/PuCM38QBLaHx988qG8NMc6VKErBjctCXFHQt14lerd5KpQIDAQAB\nAoGAYrf6Hbk+mT5AI33k2Jt1kcweodBP7UkExkPxeuQzRVe0KVJw0EkcFhywKpr1\nV5eLMrILWcJnpyHE5slWwtFHBG6a5fLaNtsBBtcAIfqTQ0Vfj5c6SzVaJv0Z5rOd\n7gQF6isy3t3w9IF3We9wXQKzT6q5ypPGdm6fciKQ8RnzREkCQQDZwppKATqQ41/R\nvhSj90fFifrGE6aVKC1hgSpxGQa4oIdsYYHwMzyhBmWW9Xv/R+fPyr8ZwPxp2c12\n33QwOLPLAkEA0NNUb+z4ebVVHyvSwF5jhfJxigim+s49KuzJ1+A2RaSApGyBZiwS\nrWvWkB471POAKUYt5ykIWVZ83zcceQiNTwJBAMJUFQZX5GDqWFc/zwGoKkeR49Yi\nMTXIvf7Wmv6E++eFcnT461FlGAUHRV+bQQXGsItR/opIG7mGogIkVXa3E1MCQARX\nAAA7eoZ9AEHflUeuLn9QJI/r0hyQQLEtrpwv6rDT1GCWaLII5HJ6NUFVf4TTcqxo\n6vdM4QGKTJoO+SaCyP0CQFdpcxSAuzpFcKv0IlJ8XzS/cy+mweCMwyJ1PFEc4FX6\nwg/HcAJWY60xZTJDFN+Qfx8ZQvBEin6c2/h+zZi5IVY=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+K", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/testdata/example-key.pem", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_client_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/encoding/pem/pem_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,80C7C7A09690757A\n\neQp5ZkH6CyHBz7BZfUPxyLCCmftsBJ7HlqGb8Ld21cSwnzWZ4/SIlhyrUtsfw7VR\n2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr\nyGDQZgA7s2cQHQ71v3gwT2BACAft26jCjbM1wgNzBnJ8M0Rzn68YWqaPtdBu8qb/\nzVR5JB1mnqvTSbFsfF5yMc6o2WQ9jJCl6KypnMl+BpL+dlvdjYVK4l9lYsB1Hs3d\n+zDBbWxos818zzhS8/y6eIfiSG27cqrbhURbmgiSfDXjncK4m/pLcQ7mmBL6mFOr\n3Pj4jepzgOiFRL6MKE//h62fZvI1ErYr8VunHEykgKNhChDvb1RO6LEfqKBu+Ivw\nTB6fBhW3TCLMnVPYVoYwA+fHNTmZZm8BEonlIMfI+KktjWUg4Oia+NI6vKcPpFox\nhSnlGgCtvfEaq5/H4kHJp95eOpnFsLviw2seHNkz/LxJMRP1X428+DpYW/QD/0JU\ntJSuC/q9FUHL6RI3u/Asrv8pCb4+D7i1jW/AMIdJTtycOGsbPxQA7yHMWujHmeb1\nBTiHcL3s3KrJu1vDVrshvxfnz71KTeNnZH8UbOqT5i7fPGyXtY1XJddcbI/Q6tXf\nwHFsZc20TzSdsVLBtwksUacpbDogcEVMctnNrB8FIrB3vZEv9Q0Z1VeY7nmTpF+6\na+z2P7acL7j6A6Pr3+q8P9CPiPC7zFonVzuVPyB8GchGR2hytyiOVpuD9+k8hcuw\nZWAaUoVtWIQ52aKS0p19G99hhb+IVANC4akkdHV4SP8i7MVNZhfUmg==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info:", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "c589d0c9f0d81640c518354c7bcae77d99820aa3", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/http/internal/testcert.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9\nSjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB\nl2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB\nAoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet\n3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb\nuJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H\nqzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp\njy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY\nfFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U\nfQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU\ny2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX\nqyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo\nf9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzW", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/smtp/smtp_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h\nAB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu\nlkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB\nAoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA\nkucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM\nVY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m\n542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb\nPHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2\n6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB\nvNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP\nQXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i\njiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c\nqgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDScVtBC45ayNsa16Ny", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8\nk+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1\nFMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd\n3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx\n+U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBU", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/handshake_server_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/tls_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0\nNwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL\n06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz\nVQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q\nkohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDV", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/tls_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo\nk/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G\n6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N\nMQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW\nSmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T\nxVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi\nD2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBANLJhPHhITqQbPklG3ib", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/example_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/crypto/tls/example_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\n-----END EC PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://user:password@google.com", + "RawV2": "http://user:password@google.com", + "Redacted": "http://user:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com", + "RawV2": "http://j%40ne:password@google.com", + "Redacted": "http://j%40ne:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://jane:p%40ssword@google.com", + "RawV2": "http://jane:p%40ssword@google.com", + "Redacted": "http://jane:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://jane:p%40ssword@google.com", + "RawV2": "http://jane:p%40ssword@google.com", + "Redacted": "http://jane:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com?q=@go", + "RawV2": "http://j%40ne:password@google.com/p@th?q=@go", + "Redacted": "http://j%40ne:********@google.com?q=@go", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com?q=@go", + "RawV2": "http://j%40ne:password@google.com/p@th?q=@go", + "Redacted": "http://j%40ne:********@google.com?q=@go", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://%3Fam:pa%3Fsword@google.com", + "RawV2": "http://%3Fam:pa%3Fsword@google.com", + "Redacted": "http://%3Fam:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://j%40ne:password@google.com", + "RawV2": "http://j%40ne:password@google.com", + "Redacted": "http://j%40ne:********@google.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Docker": { + "file": "/usr/local/go/src/net/url/url_test.go", + "image": "golang", + "layer": "sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597", + "tag": "1.12-alpine" + } + } + }, + "SourceID": 1, + "SourceType": 4, + "SourceName": "trufflehog - docker", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://user:password@google.com", + "RawV2": "http://user:password@google.com", + "Redacted": "http://user:********@google.com", + "ExtraData": null, + "StructuredData": null + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf.json new file mode 100644 index 0000000000..828c3bba79 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-docker-hdf.json @@ -0,0 +1,340 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - docker", + "title": "trufflehog - docker", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Aiven secret using PLAIN decoder", + "id": "Aiven PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/misc/trace/trace_viewer_full.html\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"DGnfccMNNzzU0tLSKE2V+OSvmiuYXZFOkwDmvD2e7saa/X99iCLxOBoAF7W3ljfewGABZ1ucpw2d7733XusTTzxxE33+xCNNlfjED3vcqELON2WGr0+WCS03cXtaTmy6qbutppUkyHAnNO+tl/xgAUc9DLmmxWnacAeB/hDdANK3I/cjSCAIebi3d0QokKfRZHcrvZ01D9XtW72DhqjX3mBtUC5ZwGGqaFqcws5LL7109dGjR9+WN4DiPx7DHXLc0HE5Wt7es/m21WCob4PiTOimTjiJJwM46gPg2PiCE2ee/Wc/+9lvyB5vkvY4SSNO12+uxFkgT7LB7vZ6uptq9678DQ3JThsYggkAppgvCg7OJQs4WkUn\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Github secret using PLAIN decoder", + "id": "Github PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0+incompatible.txt\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7307b307f4f0dde421900f8e5126fadac1e13aed\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/juju.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"13f4951698adc0fa9c1dda3e275d489a24201161\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/govmomi.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"4930550ba2e22f87187498acfd78348b15f4e7a8\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/testdata/mod/rsc.io_breaker_v2.0.0.txt\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7307b307f4f0dde421900f8e5126fadac1e13aed\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/prometheus.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"c589d0c9f0d81640c518354c7bcae77d99820aa3\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PivotalTracker secret using PLAIN decoder", + "id": "PivotalTracker PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"3fd3c1944c59d9742e1cd333672181cd\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"3fd3c1944c59d9742e1cd333672181cd\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/http/client_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup dummy.faketld: no such host\",\n \"Raw\": \"http://My%20User:My%20Pass@dummy.faketld\",\n \"RawV2\": \"http://My%20User:My%20Pass@dummy.faketld\",\n \"Redacted\": \"http://My%20User:********@dummy.faketld\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/url/url_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://user:password@google.com\",\n \"RawV2\": \"http://user:password@google.com\",\n \"Redacted\": \"http://user:********@google.com\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found CloudflareApiToken secret using PLAIN decoder", + "id": "CloudflareApiToken PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.out\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7fb22c8cba7ecaf98e4082d22d65800cf45e042a\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/cmd/go/internal/modconv/testdata/moby.vconf\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"7fb22c8cba7ecaf98e4082d22d65800cf45e042a\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using PLAIN decoder", + "id": "PrivateKey PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_server_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa\\nYaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J\\nczKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB\\nAoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc\\nqeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv\\nPJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z\\n9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY\\ndkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ\\nzbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w\\njUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ\\nrWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr\\nFhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU\\ncsPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXQIBAAKBgQC6b6qGvc+/n/LvXJRg\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/x509/x509_test_import.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0\\nfd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu\\n/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu\\nRTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/\\nEO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A\\nIU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS\\ntAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBALKZD0nEffqM1ACuak0b\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/testdata/example-key.pem\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_client_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/encoding/pem/pem_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info: DES-EDE3-CBC,80C7C7A09690757A\\n\\neQp5ZkH6CyHBz7BZfUPxyLCCmftsBJ7HlqGb8Ld21cSwnzWZ4/SIlhyrUtsfw7VR\\n2TTwA+odo9ex7GdxOTaH8oZFumIRoiEjHsk8U7Bhntp+ekkPP79xunnN7hb7hkhr\\nyGDQZgA7s2cQHQ71v3gwT2BACAft26jCjbM1wgNzBnJ8M0Rzn68YWqaPtdBu8qb/\\nzVR5JB1mnqvTSbFsfF5yMc6o2WQ9jJCl6KypnMl+BpL+dlvdjYVK4l9lYsB1Hs3d\\n+zDBbWxos818zzhS8/y6eIfiSG27cqrbhURbmgiSfDXjncK4m/pLcQ7mmBL6mFOr\\n3Pj4jepzgOiFRL6MKE//h62fZvI1ErYr8VunHEykgKNhChDvb1RO6LEfqKBu+Ivw\\nTB6fBhW3TCLMnVPYVoYwA+fHNTmZZm8BEonlIMfI+KktjWUg4Oia+NI6vKcPpFox\\nhSnlGgCtvfEaq5/H4kHJp95eOpnFsLviw2seHNkz/LxJMRP1X428+DpYW/QD/0JU\\ntJSuC/q9FUHL6RI3u/Asrv8pCb4+D7i1jW/AMIdJTtycOGsbPxQA7yHMWujHmeb1\\nBTiHcL3s3KrJu1vDVrshvxfnz71KTeNnZH8UbOqT5i7fPGyXtY1XJddcbI/Q6tXf\\nwHFsZc20TzSdsVLBtwksUacpbDogcEVMctnNrB8FIrB3vZEv9Q0Z1VeY7nmTpF+6\\na+z2P7acL7j6A6Pr3+q8P9CPiPC7zFonVzuVPyB8GchGR2hytyiOVpuD9+k8hcuw\\nZWAaUoVtWIQ52aKS0p19G99hhb+IVANC4akkdHV4SP8i7MVNZhfUmg==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info:\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/http/internal/testcert.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9\\nSjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB\\nl2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB\\nAoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet\\n3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb\\nuJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H\\nqzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp\\njy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY\\nfFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U\\nfQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU\\ny2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX\\nqyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo\\nf9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDuLnQAI3mDgey3VBzW\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using BASE64 decoder", + "id": "PrivateKey BASE64", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/handshake_server_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T\\nHRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/\\nyt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z\\n4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz\\nnKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd\\nhXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s\\nT+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIBOgIBAAJBAN17PWsVQPBrHYdPFtyc\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/net/smtp/smtp_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h\\nAB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu\\nlkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB\\nAoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA\\nkucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM\\nVY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m\\n542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb\\nPHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2\\n6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB\\nvNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP\\nQXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i\\njiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c\\nqgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXgIBAAKBgQDScVtBC45ayNsa16Ny\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/tls_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0\\nNwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL\\n06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz\\nVQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q\\nkohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDV\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/tls/example_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLYX5CB04fSeQ6tF1aY/PuoAoGCCqGSM49\\nAwEHoUQDQgAEPR3tU2Fta9ktY+6P9G0cWO+0kETA6SFs38GecTyudlHz6xvCdz8q\\nEKTcWGekdmdDPsHloRNtsiCa697B2O9IFA==\\n-----END EC PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN EC PRIVATE KEY-----\\nMHcCAQEEIIrYSSNQFaA2Hwf1duRSxKtLY\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using ESCAPED_UNICODE decoder", + "id": "PrivateKey ESCAPED_UNICODE", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Docker\": {\n \"file\": \"/usr/local/go/src/crypto/x509/x509_test.go\",\n \"image\": \"golang\",\n \"layer\": \"sha256:665fbbf998e4658c0a6f232f6b2e286eea9c794e8e92a529a92246fb7a7a1597\",\n \"tag\": \"1.12-alpine\"\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+KmCxKLc1Zv9Ny+4CFqcUXVUYH69L3mQ7v\\nIWrJ9GBfcaA7BPQqUlWxWM+OCEQZH1EZNIuqRMNQVuIGCbz5UQ8w6tS0gcgdeGX7\\nJ7jgCQ4RK3F/PuCM38QBLaHx988qG8NMc6VKErBjctCXFHQt14lerd5KpQIDAQAB\\nAoGAYrf6Hbk+mT5AI33k2Jt1kcweodBP7UkExkPxeuQzRVe0KVJw0EkcFhywKpr1\\nV5eLMrILWcJnpyHE5slWwtFHBG6a5fLaNtsBBtcAIfqTQ0Vfj5c6SzVaJv0Z5rOd\\n7gQF6isy3t3w9IF3We9wXQKzT6q5ypPGdm6fciKQ8RnzREkCQQDZwppKATqQ41/R\\nvhSj90fFifrGE6aVKC1hgSpxGQa4oIdsYYHwMzyhBmWW9Xv/R+fPyr8ZwPxp2c12\\n33QwOLPLAkEA0NNUb+z4ebVVHyvSwF5jhfJxigim+s49KuzJ1+A2RaSApGyBZiwS\\nrWvWkB471POAKUYt5ykIWVZ83zcceQiNTwJBAMJUFQZX5GDqWFc/zwGoKkeR49Yi\\nMTXIvf7Wmv6E++eFcnT461FlGAUHRV+bQQXGsItR/opIG7mGogIkVXa3E1MCQARX\\nAAA7eoZ9AEHflUeuLn9QJI/r0hyQQLEtrpwv6rDT1GCWaLII5HJ6NUFVf4TTcqxo\\n6vdM4QGKTJoO+SaCyP0CQFdpcxSAuzpFcKv0IlJ8XzS/cy+mweCMwyJ1PFEc4FX6\\nwg/HcAJWY60xZTJDFN+Qfx8ZQvBEin6c2/h+zZi5IVY=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQCxoeCUW5KJxNPxMp+K\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "990182dac9794c78d11b7df1de9548860f5d80d7f206b9caf435ab8b178b7154" + } + ], + "passthrough": {} +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf-withraw.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf-withraw.json new file mode 100644 index 0000000000..aca4b7939a --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf-withraw.json @@ -0,0 +1,177 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found AWS secret using PLAIN decoder", + "id": "AWS PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"0416560b1330d8ac42045813251d85c688717eaf\",\n \"file\": \"new_key\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2023-10-19 02:56:37 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"RawV2\": \"AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU\",\n \"Redacted\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"ExtraData\": {\n \"account\": \"052310077262\",\n \"arn\": \"arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"fbc14303ffbf8fb1c2c1914e8dda7d0121633aca\",\n \"file\": \"keys\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2022-06-16 17:17:40 +0000\",\n \"line\": 4\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAYVP4CIPPERUVIFXG\",\n \"RawV2\": \"AKIAYVP4CIPPERUVIFXGZt2U1h267eViPnuSA+JO5ABhiu4T7XUMSZ+Y2Oth\",\n \"Redacted\": \"AKIAYVP4CIPPERUVIFXG\",\n \"ExtraData\": {\n \"account\": \"595918472158\",\n \"arn\": \"arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"77b2a3e56973785a52ba4ae4b8dac61d4bac016f\",\n \"file\": \"keys\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2022-06-16 17:27:56 +0000\",\n \"line\": 3\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"https://admin:admin@the-internet.herokuapp.com\",\n \"RawV2\": \"https://admin:admin@the-internet.herokuapp.com/basic_auth\",\n \"Redacted\": \"https://admin:********@the-internet.herokuapp.com\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "935c178afbb36012b1eb13f5c57bd2307c7da29d7de218c7d5bea6184865bb1f" + } + ], + "passthrough": { + "raw": { + "wrapper": [ + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "0416560b1330d8ac42045813251d85c688717eaf", + "file": "new_key", + "email": "counter ", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2023-10-19 02:56:37 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAQYLPMN5HHHFPZAM2", + "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU", + "Redacted": "AKIAQYLPMN5HHHFPZAM2", + "ExtraData": { + "account": "052310077262", + "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "fbc14303ffbf8fb1c2c1914e8dda7d0121633aca", + "file": "keys", + "email": "counter ", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2022-06-16 17:17:40 +0000", + "line": 4 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAYVP4CIPPERUVIFXG", + "RawV2": "AKIAYVP4CIPPERUVIFXGZt2U1h267eViPnuSA+JO5ABhiu4T7XUMSZ+Y2Oth", + "Redacted": "AKIAYVP4CIPPERUVIFXG", + "ExtraData": { + "account": "595918472158", + "arn": "arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "77b2a3e56973785a52ba4ae4b8dac61d4bac016f", + "file": "keys", + "email": "counter ", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2022-06-16 17:27:56 +0000", + "line": 3 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "https://admin:admin@the-internet.herokuapp.com", + "RawV2": "https://admin:admin@the-internet.herokuapp.com/basic_auth", + "Redacted": "https://admin:********@the-internet.herokuapp.com", + "ExtraData": null, + "StructuredData": null + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf.json new file mode 100644 index 0000000000..77c4970c57 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-hdf.json @@ -0,0 +1,82 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found AWS secret using PLAIN decoder", + "id": "AWS PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"0416560b1330d8ac42045813251d85c688717eaf\",\n \"file\": \"new_key\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2023-10-19 02:56:37 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"RawV2\": \"AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU\",\n \"Redacted\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"ExtraData\": {\n \"account\": \"052310077262\",\n \"arn\": \"arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"fbc14303ffbf8fb1c2c1914e8dda7d0121633aca\",\n \"file\": \"keys\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2022-06-16 17:17:40 +0000\",\n \"line\": 4\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAYVP4CIPPERUVIFXG\",\n \"RawV2\": \"AKIAYVP4CIPPERUVIFXGZt2U1h267eViPnuSA+JO5ABhiu4T7XUMSZ+Y2Oth\",\n \"Redacted\": \"AKIAYVP4CIPPERUVIFXG\",\n \"ExtraData\": {\n \"account\": \"595918472158\",\n \"arn\": \"arn:aws:iam::595918472158:user/canarytokens.com@@mirux23ppyky6hx3l6vclmhnj\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"77b2a3e56973785a52ba4ae4b8dac61d4bac016f\",\n \"file\": \"keys\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2022-06-16 17:27:56 +0000\",\n \"line\": 3\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"https://admin:admin@the-internet.herokuapp.com\",\n \"RawV2\": \"https://admin:admin@the-internet.herokuapp.com/basic_auth\",\n \"Redacted\": \"https://admin:********@the-internet.herokuapp.com\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "935c178afbb36012b1eb13f5c57bd2307c7da29d7de218c7d5bea6184865bb1f" + } + ], + "passthrough": {} +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf-withraw.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf-withraw.json new file mode 100644 index 0000000000..ab52379e05 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf-withraw.json @@ -0,0 +1,86 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found AWS secret using PLAIN decoder", + "id": "AWS PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"0416560b1330d8ac42045813251d85c688717eaf\",\n \"file\": \"new_key\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2023-10-19 02:56:37 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"RawV2\": \"AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU\",\n \"Redacted\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"ExtraData\": {\n \"account\": \"052310077262\",\n \"arn\": \"arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + } + ] + } + ], + "sha256": "6c4514024338ac955d85cfd5a1073b5c662a20053bc0f9d200bcf144a9fff40d" + } + ], + "passthrough": { + "raw": { + "wrapper": [ + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "0416560b1330d8ac42045813251d85c688717eaf", + "file": "new_key", + "email": "counter ", + "repository": "https://github.com/trufflesecurity/test_keys", + "timestamp": "2023-10-19 02:56:37 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 2, + "DetectorName": "AWS", + "DecoderName": "PLAIN", + "Verified": true, + "Raw": "AKIAQYLPMN5HHHFPZAM2", + "RawV2": "AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU", + "Redacted": "AKIAQYLPMN5HHHFPZAM2", + "ExtraData": { + "account": "052310077262", + "arn": "arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope", + "is_canary": "true", + "message": "This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries", + "resource_type": "Access key" + }, + "StructuredData": null + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf.json new file mode 100644 index 0000000000..37ac4ee3ec --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf.json @@ -0,0 +1,49 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found AWS secret using PLAIN decoder", + "id": "AWS PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"0416560b1330d8ac42045813251d85c688717eaf\",\n \"file\": \"new_key\",\n \"email\": \"counter \",\n \"repository\": \"https://github.com/trufflesecurity/test_keys\",\n \"timestamp\": \"2023-10-19 02:56:37 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": true,\n \"Raw\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"RawV2\": \"AKIAQYLPMN5HHHFPZAM21tUm636uS1yOEcfP5pvfqJ/ml36mF7AkyHsEU0IU\",\n \"Redacted\": \"AKIAQYLPMN5HHHFPZAM2\",\n \"ExtraData\": {\n \"account\": \"052310077262\",\n \"arn\": \"arn:aws:iam::052310077262:user/canarytokens.com@@c20nnjzlioibnaxvt392i9ope\",\n \"is_canary\": \"true\",\n \"message\": \"This is an AWS canary token generated at canarytokens.org, and was not set off; learn more here: https://trufflesecurity.com/canaries\",\n \"resource_type\": \"Access key\"\n }\n}", + "start_time": "" + } + ] + } + ], + "sha256": "6c4514024338ac955d85cfd5a1073b5c662a20053bc0f9d200bcf144a9fff40d" + } + ], + "passthrough": {} +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf-withraw.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf-withraw.json new file mode 100644 index 0000000000..edbd96e1b1 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf-withraw.json @@ -0,0 +1,956 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Github secret using PLAIN decoder", + "id": "Github PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1514ebbfc22994db9aec0dcf7bd8c638ab2943a4\",\n \"file\": \"test/sample_data/conveyor/sample_input_report/large-results.json\",\n \"email\": \"Joshua Weiss <89481736+jweissm@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-08-31 05:59:33 +0000\",\n \"line\": 23643\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"62ca8f2d2967a5a2e324f25836ed140ae993b0cb\",\n \"file\": \"test/sample_data/conveyor/conveyor-stigma-hdf.json\",\n \"email\": \"Joshua \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-06-23 19:31:20 +0000\",\n \"line\": 7171\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"62ca8f2d2967a5a2e324f25836ed140ae993b0cb\",\n \"file\": \"test/sample_data/conveyor/sample_input_report/large-results.json\",\n \"email\": \"Joshua \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-06-23 19:31:20 +0000\",\n \"line\": 23643\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 15\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup foreman.example.com: no such host\",\n \"Raw\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com\",\n \"RawV2\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts\",\n \"Redacted\": \"https://my_api_foreman_user:********@foreman.example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 15\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup foreman.example.com: no such host\",\n \"Raw\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com\",\n \"RawV2\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts\",\n \"Redacted\": \"https://my_api_foreman_user:********@foreman.example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 1\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 1\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using BASE64 decoder", + "id": "PrivateKey BASE64", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 64\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 32\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 64\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 32\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using PLAIN decoder", + "id": "PrivateKey PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 63\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 31\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 63\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 31\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "7407138b21b6a11e09f6884a9f400ef7bd21c30abef2e299404404a43742e8b5" + } + ], + "passthrough": { + "raw": { + "wrapper": [ + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1514ebbfc22994db9aec0dcf7bd8c638ab2943a4", + "file": "test/sample_data/conveyor/sample_input_report/large-results.json", + "email": "Joshua Weiss <89481736+jweissm@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-08-31 05:59:33 +0000", + "line": 23643 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "62ca8f2d2967a5a2e324f25836ed140ae993b0cb", + "file": "test/sample_data/conveyor/conveyor-stigma-hdf.json", + "email": "Joshua ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-06-23 19:31:20 +0000", + "line": 7171 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "62ca8f2d2967a5a2e324f25836ed140ae993b0cb", + "file": "test/sample_data/conveyor/sample_input_report/large-results.json", + "email": "Joshua ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2023-06-23 19:31:20 +0000", + "line": 23643 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 8, + "DetectorName": "Github", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "e9f0d509e1408743048e29d9c099d36e0e1f6ae7", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/", + "version": "1" + }, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 15 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup foreman.example.com: no such host", + "Raw": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com", + "RawV2": "https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts", + "Redacted": "https://my_api_foreman_user:********@foreman.example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 64 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 32 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 63 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "1f673f315e1e699c6021c5c1334220a175bb3195", + "file": "out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-07-06 20:13:10 +0000", + "line": 31 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 64 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 32 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "BASE64", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 63 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "e7beabf3be3d04c8401cd3c599d5ed90017b556b", + "file": "test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb", + "email": "Camden Moors ", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-06-28 14:44:36 +0000", + "line": 31 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 15, + "DetectorName": "PrivateKey", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\n-----END RSA PRIVATE KEY-----\n", + "RawV2": "", + "Redacted": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "56c7b689529cbe03bc7da56843886b4bd6d4652e", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 2 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 249 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + { + "SourceMetadata": { + "Data": { + "Git": { + "commit": "50ac076662086794401a192bf46f117ff626d57d", + "file": "test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml", + "email": "Camden Moors <66680985+camdenmoors@users.noreply.github.com>", + "repository": "https://github.com/mitre/saf", + "timestamp": "2022-01-12 17:55:33 +0000", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 16, + "SourceName": "trufflehog - git", + "DetectorType": 17, + "DetectorName": "URI", + "DecoderName": "PLAIN", + "Verified": false, + "Raw": "http://username:password@example.com", + "RawV2": "http://username:password@example.com", + "Redacted": "http://username:********@example.com", + "ExtraData": null, + "StructuredData": null + } + ] + } + } +} \ No newline at end of file diff --git a/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf.json b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf.json new file mode 100644 index 0000000000..2302852111 --- /dev/null +++ b/libs/hdf-converters/sample_jsons/trufflehog_mapper/trufflehog-saf-hdf.json @@ -0,0 +1,232 @@ +{ + "platform": { + "name": "Heimdall Tools", + "release": "2.10.8" + }, + "version": "2.10.8", + "statistics": {}, + "profiles": [ + { + "name": "Source ID: 1, Source Name: trufflehog - git", + "title": "trufflehog - git", + "supports": [], + "attributes": [], + "groups": [], + "status": "loaded", + "controls": [ + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found Github secret using PLAIN decoder", + "id": "Github PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1514ebbfc22994db9aec0dcf7bd8c638ab2943a4\",\n \"file\": \"test/sample_data/conveyor/sample_input_report/large-results.json\",\n \"email\": \"Joshua Weiss <89481736+jweissm@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-08-31 05:59:33 +0000\",\n \"line\": 23643\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"62ca8f2d2967a5a2e324f25836ed140ae993b0cb\",\n \"file\": \"test/sample_data/conveyor/conveyor-stigma-hdf.json\",\n \"email\": \"Joshua \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-06-23 19:31:20 +0000\",\n \"line\": 7171\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"62ca8f2d2967a5a2e324f25836ed140ae993b0cb\",\n \"file\": \"test/sample_data/conveyor/sample_input_report/large-results.json\",\n \"email\": \"Joshua \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2023-06-23 19:31:20 +0000\",\n \"line\": 23643\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"e9f0d509e1408743048e29d9c099d36e0e1f6ae7\",\n \"ExtraData\": {\n \"rotation_guide\": \"https://howtorotate.com/docs/tutorials/github/\",\n \"version\": \"1\"\n }\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found URI secret using PLAIN decoder", + "id": "URI PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 15\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup foreman.example.com: no such host\",\n \"Raw\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com\",\n \"RawV2\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts\",\n \"Redacted\": \"https://my_api_foreman_user:********@foreman.example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/foreman/spec/functions/foreman_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 15\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"VerificationError\": \"lookup foreman.example.com: no such host\",\n \"Raw\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com\",\n \"RawV2\": \"https://my_api_foreman_user:my_api_foreman_pass@foreman.example.com/api/hosts\",\n \"Redacted\": \"https://my_api_foreman_user:********@foreman.example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 1\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"56c7b689529cbe03bc7da56843886b4bd6d4652e\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 2\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 249\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"50ac076662086794401a192bf46f117ff626d57d\",\n \"file\": \"test/sample_data/xccdf/stigs/U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-01-12 17:55:33 +0000\",\n \"line\": 1\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"http://username:password@example.com\",\n \"RawV2\": \"http://username:password@example.com\",\n \"Redacted\": \"http://username:********@example.com\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using BASE64 decoder", + "id": "PrivateKey BASE64", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 64\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 32\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 64\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 32\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + } + ] + }, + { + "tags": { + "nist": [ + "IA-5(7)" + ], + "cci": [ + "CCI-004069", + "CCI-000202", + "CCI-000203", + "CCI-002367" + ], + "severity": "medium" + }, + "refs": [], + "source_location": {}, + "title": "Found PrivateKey secret using PLAIN decoder", + "id": "PrivateKey PLAIN", + "impact": 0.5, + "results": [ + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 63\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"1f673f315e1e699c6021c5c1334220a175bb3195\",\n \"file\": \"out/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors <66680985+camdenmoors@users.noreply.github.com>\",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-07-06 20:13:10 +0000\",\n \"line\": 31\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 63\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm+lE/ljLlmGal2Xr3vwZKkvJiuKA/m4QJ\\n0ZNdtkBSDOVuG2dXVv6W4sChRtsCdvuVe7bjTYvlU8TWM3VEJDL9l9cRXScxxlKQ\\nXwb35y1yV35NJfaK/jzm9KcErtQQs1RxvGlWRaohmLM8uQcuhjZfMsSlQoHQD5LX\\nsbPtk82RPyxYc1dj2vsaoi1VvuP2+jv4xLQOmNJY1bT5GTurqiltmxEtWhNNmGg0\\n2wtK00ifqLVO5HNc3gXQCDM2M99Sbmn1YtbrgsU9xMYfcPmvQvb+YoKskyoqck+c\\nHR//hi7vslbxABrny15LBkEfRc4TickphSGYXwIDAQABAoIBAATEzGw8/WwMIQRx\\nK06GeWgh7PZBHm4+m/ud2TtSXiJ0CE+7dXs3cJJIiOd/LW08/bhE6gCkjmYHfaRB\\nRyicv1X/cPmzIFX5BuQ4a5ZGOmrVDkKBE27vSxAgJoR46RvWnjx9XLMp/xaekDxz\\npsldK8X4DvV1ZbltgDFWji947hvyqUtHdKnkQnc5j7aCIFJf9GMfzaeeDPMaL8WF\\nmVL4iy9EAOjNOHBshZj/OHyU5FbJ8ROwZQlCOiLCdFegftSIXt8EYDnjB3BdsALH\\nN6hquqrD7xDKyRbTD0K7lqxUubuMwTQpi61jZD8TBTXEPyFVAnoMpXkc0Y+np40A\\nYiIsR+kCgYEAyrc4Bh6fb9gt49IXGXOSRZ5i5+TmJho4kzIONrJ7Ndclwx9wzHfh\\neGBodWaw5CxxQGMf4vEiaZrpAiSFeDffBLR+Wa2TFE5aWkdYkR34maDjO00m4PE1\\nS+YsZoGw7rGmmj+KS4qv2T26FEHtUI+F31RC1FPohLsQ22Jbn1ORipsCgYEAyrYB\\nJ2Ncf2DlX1C0GfxyUHQOTNl0V5gpGvpbZ0WmWksumYz2kSGOAJkxuDKd9mKVlAcz\\nczmN+OOetuHTNqds2JJKKJy6hJbgCdd9aho3dId5Xs4oh4YwuFQiG8R/bJZfTlXo\\n99Qr02L7MmDWYLmrR3BA/93UPeorHPtjqSaYU40CgYEAtmGfWwokIglaSDVVqQVs\\n3YwBqmcrla5TpkMLvLRZ2/fktqfL4Xod9iKu+Klajv9ZKTfFkXWno2HHL7FSD/Yc\\nhWwqnV5oDIXuDnlQOse/SeERb+IbD5iUfePpoJQgbrCQlwiB0TNGwOojR2SFMczf\\nAi4aLlQLx5dSND9K9Y7HS+8CgYEAixlHQ2r4LuQjoTs0ytwi6TgqE+vn3K+qDTwc\\neoods7oBWRaUn1RCKAD3UClToZ1WfMRQNtIYrOAsqdveXpOWqioAP0wE5TTOuZIo\\nGiWxRgIsc7TNtOmNBv+chCdbNP0emxdyjJUIGb7DFnfCw47EjHnn8Guc13uXaATN\\nB2ZXgoUCgYAGa13P0ggUf5BMJpBd8S08jKRyvZb1CDXcUCuGtk2yEx45ern9U5WY\\nzJ13E5z9MKKO8nkGBqrRfjJa8Xhxk4HKNFuzHEet5lvNE7IKCF4YQRb0ZBhnb/78\\n+4ZKjFki1RrWRNSw9TdvrK6qaDKgTtCTtfRVXAYQXUgq7lSFOTtL3A==\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAoISxYJBTPAeAzFnm\"\n}", + "start_time": "" + }, + { + "status": "failed", + "code_desc": "{\n \"Data\": {\n \"Git\": {\n \"commit\": \"e7beabf3be3d04c8401cd3c599d5ed90017b556b\",\n \"file\": \"test/sample_data/inspec/redhat-enterprise-linux-7-stig-baseline/spec/puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb\",\n \"email\": \"Camden Moors \",\n \"repository\": \"https://github.com/mitre/saf\",\n \"timestamp\": \"2022-06-28 14:44:36 +0000\",\n \"line\": 31\n }\n }\n}", + "message": "{\n \"Verified\": false,\n \"Raw\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJSfbI2A8NG5UwRz0r9T/WfvNVdhgrsGFg\\nNQjvpUoZnNJpQIHBbgMOiXqfATFjJl5FjEkSf7GUHohlGVls9MX2JmVvknzsiitd\\n75H/EJd+N+k915lix8Vqmj8d1CTlbF/8tEjzANI67Vqw5QTuqebO7rkIUvRg6yiR\\nfSo75FK1RinCJyl++kmleBwQZBInQyg95GvJ5JTqMzBs67DeeyzskDhTeTePRYVF\\n2NwL8QzYhtvLIBERTNsyU5i7nkxY5ptUwgFUwd93LH4Q19tPqL5C5RZqXxhE51th\\nOOwafm+aW/cRkqYqV+tv+j1jJ3WICyF1JNW0BQIDAQABAoIBADAiZ/r+xP+vkd5u\\nO61/lCBFzBlZQecdybJw6HJaVK6XBndA9hESUr4LHUdui6W+51ddKd65IV4bXAUk\\nzCKjQb+FFvLDT/bA+TTvLATUdTSN7hJJ3OWBAHuNOlQklof6JCB0Hi4+89+P8/pX\\neKUgR/cmuTMDT/iaXdPHeqFbBQyA1ZpQFRjN5LyyJMS/9FkywuNc5wlpsArtc51T\\ngIKENUZCuPhosR+kMFc2iuTNvqZWPhvouSrmhi2O6nSqV+oy0+irlqSpCF2GsCI8\\n72TtLpq94Grrq0BEH5avouV+Lp4k83vO65OKCQKUFQlxz3Xkxm2U3J7KzxqnRtM3\\n/b+cJ/kCgYEA6/yOnaEYhH/7ijhZbPn8RujXZ5VGJXKJqIuaPiHMmHVS5p1j6Bah\\n2PcnqJA2IlLs3UloN+ziAxAIH6KCBiwlQ/uPBNMMaJsIjPNBEy8axjndKhKUpidg\\nR0OJ7RQqMShOJ8akrSfWdPtXC/GBuwCYE//t77GgZaIMO3FcT9EKA48CgYEA4Xcx\\nFia0Jg9iyAhNmUOXI6hWcGENavMx01+x7XFhbnMjIKTZevFfTnTkrX6HyLXyGtMU\\ngHOn+k4PE/purI4ARrKO8m5wYEKqSIt4dBMTkIXXirfQjXgfjR8E4T/aPe5fOFZo\\n7OYuxLRtzmG1C2sW4txwKAKX1LaWcVx/RLSttSsCgYBbcj8Brk+F6OJcqYFdzXGJ\\nOOlf5mSMVlopyg83THmwCqbZXtw8L6kAHqZrl5airmfDSJLuOQlMDoZXW+3u3mSC\\nd5TwVahVUN57YDgzaumBLyMZDqIz0MZqVy23hTzkV64Rk9R0lR9xrYQJyMhw4sYL\\n2f0mCTsSpzz+O+t9so+i2QKBgEC38gMlwPhb2kMI/x1LZYr6uzUu5qcYf+jowy4h\\nKZKGwkKQj0zXFEB1FV8nvtpCP+irRmtIx6L13SYi8LnfWPzyLE4ynVdES5TfVAgd\\nobQOdzx+XwL8xDHCAaiWp5K3ZeXKB/xYZnxYPlzLdyh76Ond1OPnOqX4c16+6llS\\nc7pZAoGATd9NckT0XtXLEsF3IraDivq8dP6bccX2DNfS8UeEvRRrRwpFpSRrmuGb\\njbG4yzoIX4RjQfj/z48hwhJB+cKiN9WwcPsFXtHe7v3F6BRwK0JUfrCiXad8/SGZ\\nKAf7Dfqi608zBdnPWHacre2Y35gPHB00nFQOLS6u46aBNSq07YA=\\n-----END RSA PRIVATE KEY-----\\n\",\n \"Redacted\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEogIBAAKCAQEAz9bY/piKahD10AiJ\"\n}", + "start_time": "" + } + ] + } + ], + "sha256": "7407138b21b6a11e09f6884a9f400ef7bd21c30abef2e299404404a43742e8b5" + } + ], + "passthrough": {} +} \ No newline at end of file diff --git a/libs/hdf-converters/src/base-converter.ts b/libs/hdf-converters/src/base-converter.ts index 07b96c1009..cfac08af5e 100644 --- a/libs/hdf-converters/src/base-converter.ts +++ b/libs/hdf-converters/src/base-converter.ts @@ -146,12 +146,12 @@ function collapseDuplicates( return newArray; } -export class BaseConverter { - data: Record; +export class BaseConverter> { + data: D; mappings?: MappedTransform; collapseResults: boolean; - constructor(data: Record, collapseResults = false) { + constructor(data: D, collapseResults = false) { this.data = data; this.collapseResults = collapseResults; } @@ -166,7 +166,10 @@ export class BaseConverter { if (this.mappings === undefined) { throw new Error('Mappings must be provided'); } else { - const v = this.convertInternal(this.data, this.mappings); + const v = this.convertInternal( + this.data as Record, + this.mappings + ); v.profiles.forEach((element) => { element.sha256 = generateHash(JSON.stringify(element)); }); diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts index 51f86f05a2..1ed43e7e44 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-jsonix-converter.ts @@ -22,6 +22,7 @@ import { Vulnattribute } from './checklistJsonix'; import {coerce} from 'semver'; +import {throwIfInvalidProfileMetadata} from './checklist-metadata-utils'; export type ChecklistObject = { asset: ChecklistAsset; @@ -31,7 +32,7 @@ export type ChecklistObject = { type ChecklistAsset = Asset; -type ChecklistStig = { +export type ChecklistStig = { header: StigHeader; vulns: ChecklistVuln[]; }; @@ -93,6 +94,14 @@ enum StatusMapping { Not_Reviewed = 'Not Reviewed' } +const IMPACT_MAPPING: Map = new Map([ + ['critical', 0.9], + ['high', 0.7], + ['medium', 0.5], + ['low', 0.3], + ['none', 0.0] +]); + export enum Severity { Empty = '', High = 'high', @@ -576,7 +585,24 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< } } - severityMap(impact: number): Severity { + severityMap(impact: number, severityTag: string | null): Severity { + // test if this control has a valid severity tag + // and map it to a checklist severity level + // note: some mappers can produce non-lowercase severity tags + switch (severityTag?.toLowerCase()) { + case 'none': + // if none, it will be added to Checklist's thirdPartyTools section + case 'low': + return Severity.Low; + case 'medium': + return Severity.Medium; + case 'high': + case 'critical': + // if critical, it will be added to Checklist's thirdPartyTools section + return Severity.High; + } + + // if no valid severity tag, compute severity based on impact if (impact < 0.4) { return Severity.Low; } else if (impact < 0.7) { @@ -635,10 +661,41 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< addHdfControlSpecificData(control: ExecJSON.Control): string { const hdfSpecificData: Record = {}; - const checklistImpactNumbers = [0.7, 0.5, 0.3, 0]; - if (!checklistImpactNumbers.includes(control.impact)) { + + const impact = control.impact; + const severityTag = _.get(control.tags, 'severity', null); + const severityOverrideTag = _.get(control.tags, 'severityoverride', null); + + // if severity or severity override don't fit into low, medium, high + // denote them in the control specific data + if (severityTag === 'none' || severityTag === 'critical') + hdfSpecificData['severity'] = severityTag; + + if (severityOverrideTag === 'none' || severityOverrideTag === 'critical') + hdfSpecificData['severityoverride'] = severityOverrideTag; + + // if impact does not align with what would be computed from the checklist + // store it in the hdfSpecificData + // also, if it needs to be represented with none or critical, it has + // to be stored in the hdfSpecificData + const computedImpact = this.computeImpact(severityTag, severityOverrideTag); + if ( + ((computedImpact !== undefined && computedImpact !== impact) || + impact < 0.1 || + impact >= 0.9) && + impact !== 0.0 + ) { hdfSpecificData['impact'] = control.impact; } + + // if there is no severity tag, severity is aligned to impact + // this must be represented in hdfSpecificData when impact needs to + // map to severity none or critical + if (severityTag === null) { + if (impact < 0.1) hdfSpecificData['severity'] = 'none'; + else if (impact >= 0.9) hdfSpecificData['severity'] = 'critical'; + } + if (control.code?.startsWith('control')) { hdfSpecificData['code'] = control.code; } @@ -650,6 +707,17 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< : ''; } + // computes what the impact would be based on the given tags + computeImpact( + severityTag: string | null, + severityOverrideTag: string | null + ): number | undefined { + let computedSeverity = severityTag; + if (severityOverrideTag) computedSeverity = severityOverrideTag; + computedSeverity = computedSeverity?.toLowerCase() ?? null; + if (computedSeverity) return IMPACT_MAPPING.get(computedSeverity); + } + addHdfProfileSpecificData(profile: ExecJSON.Profile): string { const hdfSpecificData: Record = {}; if (profile.attributes.length) { @@ -686,7 +754,10 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< metadata?.vulidmapping === 'gid' ? _.get(control.tags, 'gid', defaultId) : defaultId, - severity: this.severityMap(control.impact), + severity: this.severityMap( + control.impact, + _.get(control.tags, 'severity', Severity.Empty) + ), groupTitle: _.get(control.tags, 'gtitle', defaultId), ruleId: _.get(control.tags, 'rid', defaultId), ruleVer: _.get(control.tags, 'stig_id', defaultId), @@ -734,8 +805,16 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< control.descriptions as ExecJSON.ControlDescription[] ), findingdetails: this.getFindingDetails(control.results) ?? '', - severityjustification: '', - severityoverride: Severityoverride.Empty + severityjustification: _.get( + control.tags, + 'severityjustification', + Severityoverride.Empty + ), + severityoverride: _.get( + control.tags, + 'severityoverride', + Severityoverride.Empty + ) }; vulns.push(vuln); } @@ -777,6 +856,8 @@ export class ChecklistJsonixConverter extends JsonixIntermediateConverter< const profileMetadata = metadata?.profiles.find( (p) => p.name === profile.name ); + throwIfInvalidProfileMetadata(profileMetadata); + const version = coerce(profile.version); const header: StigHeader = { version: _.get( diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts index f768fa48ff..ce8b8fed80 100644 --- a/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts +++ b/libs/hdf-converters/src/ckl-mapper/checklist-mapper.ts @@ -1,4 +1,4 @@ -import {ExecJSON} from 'inspecjs'; +import {ExecJSON, severities} from 'inspecjs'; import _ from 'lodash'; import xmlFormat from 'xml-formatter'; import {version as HeimdallToolsVersion} from '../../package.json'; @@ -19,6 +19,8 @@ import { } from './checklist-jsonix-converter'; import {Checklist} from './checklistJsonix'; import {jsonixMapping} from './jsonixMapping'; +import {throwIfInvalidAssetMetadata} from './checklist-metadata-utils'; +import {parseJson} from '../utils/parseJson'; enum ImpactMapping { high = 0.7, @@ -52,54 +54,93 @@ function nistTag(input: string): string[] { } /** - * Inner function to check is there was a severify override which would alter - * the impact of the vulnerability + * Inner function to find the severity of the vuln + * Does not account for severity override, so this should + * not be taken as the final severity value + * Uses thirdPartyTools.hdfExistingData.severity first, + * then falls back to checklist severity tag * @param vuln - checklist vulnerability object * @returns - severity */ function findSeverity(vuln: ChecklistVuln): string { - if (vuln.severityoverride) { - return vuln.severityoverride; + let severity: string = vuln.severity; + const hdfExistingData = parseJson(vuln.thirdPartyTools); + if (hdfExistingData.ok) { + severity = _.get( + hdfExistingData.value, + 'hdfSpecificData.severity', + severity + ) as string; } - return vuln.severity; + return severity; } -function isJsonString(str: string): boolean { - try { - JSON.parse(str); - } catch (e) { - return false; +/** + * Inner function to find the severityoverride of the vuln + * Uses thirdPartyTools.hdfExistingData.severityoverride first, + * then falls back to checklist severityoverride tag + * @param vuln - checklist vulnerability object + * @returns - severityoverride + */ +function findSeverityOverride(vuln: ChecklistVuln): string { + let severityOverride: string = vuln.severityoverride; + const hdfExistingData = parseJson(vuln.thirdPartyTools); + if (hdfExistingData.ok) { + severityOverride = _.get( + hdfExistingData.value, + 'hdfSpecificData.severityoverride', + severityOverride + ) as string; } - return true; + return severityOverride; +} + +/** + * Function to find the computed severity of the given vuln + * with order of precedence as: + * thirdPartyTools.hdfSpecificData.severityoverride, severityoverride, + * thidPartyTools.hdfSpecificData.severity, severity + * @param vuln - checklist vulnerability object + * @returns severity - string none, low, medium, high, critical + */ +function computeSeverity(vuln: ChecklistVuln): string { + const severity = findSeverity(vuln); + const severityOverride = findSeverityOverride(vuln); + + let computed = severity; + if (severityOverride) computed = severityOverride; + + if (!severities.find((severity) => severity === computed)) + throw new Error( + `Severity "${computed}" does not match none, low, medium, high, or critical, please check severity for ${ + vuln.vulnNum + }` + ); + return computed; } /** * Transformer function that checks if the status is 'Not Applicable' returning a 0. - * Otherwise, maps severity to ImpactMapping + * Otherwise, maps computed severity to ImpactMapping * @param vuln - checklist vulnerability object - * @returns impact - number 0.3, 0.5, or 0.7 + * @returns impact - number */ function transformImpact(vuln: ChecklistVuln): number { if (vuln.status === 'Not Applicable') return 0.0; - let impact = - ImpactMapping[ - findSeverity(vuln).toLowerCase() as keyof typeof ImpactMapping - ]; - if (isJsonString(vuln.thirdPartyTools)) { - const hdfExistingData = JSON.parse(vuln.thirdPartyTools); - impact = _.get( - hdfExistingData, + const severity = computeSeverity(vuln); + let impact: number = ImpactMapping[severity as keyof typeof ImpactMapping]; + const hdfExistingData = parseJson(vuln.thirdPartyTools); + if (hdfExistingData.ok) { + const maybeImpact = _.get( + hdfExistingData.value, 'hdfSpecificData.impact', - ImpactMapping[ - findSeverity(vuln).toLowerCase() as keyof typeof ImpactMapping - ] + impact ); + if (typeof maybeImpact === 'number') impact = maybeImpact; } if (!impact) throw new Error( - `Severity "${findSeverity( - vuln - )}" does not match low, medium, or high, please check severity for ${ + `Severity "${severity}" does not match low, medium, or high, please check severity for ${ vuln.vulnNum }` ); @@ -247,16 +288,11 @@ function getHdfSpecificDataAttribute( attribute: string, input: string ): {[key: string]: any}[] | string | undefined { - let data; - if ( - !input || - !isJsonString(input) || - !_.isObject((data = JSON.parse(input)).hdfSpecificData) - ) { - return undefined; - } - - return data.hdfSpecificData[attribute] || undefined; + const data = parseJson(input); + if (!data.ok) return undefined; + const hdfSpecificData = _.get(data.value, 'hdfSpecificData'); + if (!_.isObject(hdfSpecificData)) return undefined; + return _.get(hdfSpecificData, attribute); } /** @@ -278,15 +314,19 @@ export class ChecklistResults extends ChecklistJsonixConverter { constructor(data: string | ExecJSON.Execution, withRaw = false) { super(jsonixMapping); this.data = data; + if (typeof data === 'string') { this.jsonixData = super.toJsonix(data); this.checklistObject = super.toIntermediateObject(this.jsonixData); + throwIfInvalidAssetMetadata(this.checklistObject.asset); } else if (containsChecklist(data)) { this.checklistObject = getChecklistObjectFromHdf(data); + throwIfInvalidAssetMetadata(this.checklistObject.asset); this.jsonixData = super.fromIntermediateObject(this.checklistObject); } else { // CREATE Intermediate Object from HDF this.checklistObject = super.hdfToIntermediateObject(data); + throwIfInvalidAssetMetadata(this.checklistObject.asset); this.jsonixData = super.fromIntermediateObject(this.checklistObject); } this.withRaw = withRaw; @@ -406,6 +446,9 @@ export class ChecklistMapper extends BaseConverter { path: 'cciRef', transformer: nistTag }, + severity: { + transformer: findSeverity + }, weight: {path: 'weight'}, // following transform takes the available attributes found in a checklist vuln and if available will add to the tags. // first element is the label name as it will appear in UI while the second is the ChecklistObject keyname @@ -421,7 +464,10 @@ export class ChecklistMapper extends BaseConverter { ['Responsibility', 'responsibility'], ['STIGRef', 'stigRef'], ['Security_Override_Guidance', 'securityOverrideGuidance'], - ['Severity_Justification', 'severityJustification'] + + // does not follow above naming convention + // because it could be used in other converters + ['severityjustification', 'severityjustification'] ]; const fullTags: Record = {}; for (const [key, path] of tags) { @@ -430,6 +476,13 @@ export class ChecklistMapper extends BaseConverter { fullTags[key] = tagValue; } } + + // another special case that does + // not follow above naming conventions + const severityOverride = findSeverityOverride(input); + if (severityOverride) { + fullTags['severityoverride'] = severityOverride; + } return fullTags; } }, @@ -454,14 +507,17 @@ export class ChecklistMapper extends BaseConverter { } ], impact: { - transformer: (vulnerability: ChecklistVuln): number => - transformImpact(vulnerability) + transformer: transformImpact }, code: { transformer: (vulnerability: ChecklistVuln): string => { - if (isJsonString(vulnerability.thirdPartyTools)) { - return JSON.parse(vulnerability.thirdPartyTools) - .hdfSpecificData?.code; + const data = parseJson(vulnerability.thirdPartyTools); + if (data.ok) { + const code = _.get( + data.value, + 'hdfSpecificData.code' + ) as unknown as string; + if (code) return code; } return JSON.stringify(vulnerability, null, 2); } diff --git a/libs/hdf-converters/src/ckl-mapper/checklist-metadata-utils.ts b/libs/hdf-converters/src/ckl-mapper/checklist-metadata-utils.ts new file mode 100644 index 0000000000..821881edee --- /dev/null +++ b/libs/hdf-converters/src/ckl-mapper/checklist-metadata-utils.ts @@ -0,0 +1,144 @@ +import {isFQDN, isIP, isMACAddress} from 'validator'; +import {Result} from '../utils/result'; +import {ChecklistMetadata, StigMetadata} from './checklist-jsonix-converter'; +import {Asset, Assettype, Role, Techarea} from './checklistJsonix'; +import * as Revalidator from 'revalidator'; +import _ from 'lodash'; + +export class InvalidChecklistMetadataException extends Error {} + +const assetMetadataSchema: Revalidator.JSONSchema = { + properties: { + hostfqdn: { + type: 'string', + // STIG Viewer can autofill the FQDN as the local IP address + conform: (fqdn: string) => !fqdn || isFQDN(fqdn) || isIP(fqdn), + message: 'Host FQDN' + }, + hostip: { + type: 'string', + conform: (ip: string) => !ip || isIP(ip), + message: 'Host IP' + }, + hostmac: { + type: 'string', + conform: (mac: string) => !mac || isMACAddress(mac), + message: 'Host MAC' + }, + role: { + type: 'string', + enum: Object.values(Role), + message: 'Role' + }, + assettype: { + type: 'string', + enum: Object.values(Assettype), + message: 'Asset Type' + }, + techarea: { + type: 'string', + enum: Object.values(Techarea), + message: 'Tech Area' + }, + webordatabase: { + type: 'boolean', + message: 'Web or Database STIG' + } + } +}; + +const profileMetadataSchema: Revalidator.JSONSchema = { + properties: { + version: { + type: 'integer', + minimum: 0, + message: 'Version must be a non-negative integer' + }, + releasenumber: { + type: 'integer', + minimum: 0, + message: 'Release number must be a non-negative integer' + }, + releasedate: { + type: 'string', + conform: (date: string) => !date || !Number.isNaN(Date.parse(date)), + message: 'Release date must be a valid date' + } + } +}; + +export function validateChecklistAssetMetadata( + asset: Asset +): Result { + const errors = Revalidator.validate(asset, assetMetadataSchema).errors; + + if (errors.length === 0) return {ok: true, value: true}; + // formats errors as: invalidField (invalidValue), otherInvalidField (otherValue), ... + const invalidFields = errors.map( + (e) => `${e.message} (${_.get(asset, e.property)})` + ); + const message = `Invalid checklist metadata fields:\n\t${invalidFields.join('\n\t')}`; + return {ok: false, error: {invalid: errors.map((e) => e.property), message}}; +} + +export function validateChecklistProfileMetadata( + metadata: StigMetadata +): Result { + const errors = Revalidator.validate(metadata, { + ...profileMetadataSchema + }).errors; + + if (errors.length === 0) return {ok: true, value: true}; + // formats errors as: invalidField (invalidValue), otherInvalidField (otherValue), ... + const invalidFields = errors.map( + (e) => `${e.message} (${_.get(metadata, e.property)})` + ); + const message = `Invalid checklist profile metadata fields:\n\t${invalidFields.join('\n\t')}`; + return {ok: false, error: {invalid: errors.map((e) => e.property), message}}; +} + +export function validateChecklistMetadata( + metadata: ChecklistMetadata +): Result { + let invalid: string[] = []; + const messages: string[] = []; + const assetResult = validateChecklistAssetMetadata({ + ...metadata, + webordatabase: metadata.webordatabase === 'true', + targetkey: null + }); + if (!assetResult.ok) { + invalid = invalid.concat(assetResult.error.invalid); + messages.push(assetResult.error.message); + } + + for (const profile of metadata.profiles) { + const profileResult = validateChecklistProfileMetadata(profile); + if (!profileResult.ok) { + invalid = invalid.concat(profileResult.error.invalid); + messages.push( + `In profile ${profile.name}:\n${profileResult.error.message.split(':\n').at(-1)}` + ); + } + } + + if (invalid.length === 0) return {ok: true, value: true}; + + const message = messages.join('\n'); + return {ok: false, error: {invalid, message}}; +} + +export function throwIfInvalidProfileMetadata(profileMetadata?: StigMetadata) { + if (profileMetadata) { + const results = validateChecklistProfileMetadata(profileMetadata); + if (!results.ok) { + throw new InvalidChecklistMetadataException(results.error.message); + } + } +} + +export function throwIfInvalidAssetMetadata(metadata: Asset) { + const result = validateChecklistAssetMetadata(metadata); + if (!result.ok) + throw new InvalidChecklistMetadataException(result.error.message); +} diff --git a/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts new file mode 100644 index 0000000000..62f77fb1ee --- /dev/null +++ b/libs/hdf-converters/src/cyclonedx-sbom-mapper.ts @@ -0,0 +1,677 @@ +import {ExecJSON} from 'inspecjs'; +import _ from 'lodash'; +import {version as HeimdallToolsVersion} from '../package.json'; +import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; +import {CweNistMapping} from './mappings/CweNistMapping'; +import {filterString, getCCIsForNISTTags} from './utils/global'; +import { + CycloneDXSoftwareBillOfMaterialSpecification, + CycloneDXSoftwareBillOfMaterialsStandard, + CycloneDXBillOfMaterialsStandardVulnerability, + CycloneDXSoftwareBillOfMaterialsStandardVulnerability, + FluffyCredits, + PurpleCredits, + FluffyRating, + PurpleRating, + MethodEnum, + Response, + CreationToolsLegacyElement, + ToolsTools, + ToolsToolsLegacy, + FluffyTools, + ComponentClass, + ComponentObject +} from '../types/cyclonedx'; + +const cvssMethods = ['CVSSv2', 'CVSSv3', 'CVSSv31', 'CVSSv4'] as const; +type CVSSMethodEnum = Extract; + +type IntermediaryComponent = Omit< + ComponentClass | ComponentObject, + 'components' +> & { + components?: IntermediaryComponent[]; + affectingVulnerabilities?: string[]; + isDummy?: boolean; +}; + +type IntermediaryVulnerability = ( + | CycloneDXBillOfMaterialsStandardVulnerability + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability +) & { + affectedComponents?: number[]; +}; + +type DataStorage = { + components: IntermediaryComponent[]; + vulnerabilities: IntermediaryVulnerability[]; + raw: + | CycloneDXSoftwareBillOfMaterialSpecification + | CycloneDXSoftwareBillOfMaterialsStandard; +}; + +const CWE_NIST_MAPPING = new CweNistMapping(); +const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; +const IMPACT_MAPPING: Map = new Map([ + ['critical', 1.0], + ['high', 0.7], + ['medium', 0.5], + ['low', 0.3], + ['info', 0.5], + ['none', 0.0], + ['unknown', 0.5] +]); + +// Convert object type to string[] and prepend `CWE` if used directly for tag display +function formatCWETags( + input: + | CycloneDXBillOfMaterialsStandardVulnerability['cwes'] + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes'], + addPrefix = true +): string[] { + return input && Array.isArray(input) + ? input.map((cwe) => (addPrefix ? `CWE-${cwe}` : `${cwe}`)) + : []; +} + +// Convert gathered CWEs to corresponding NIST 800-53s +function getNISTTags( + input: + | CycloneDXBillOfMaterialsStandardVulnerability['cwes'] + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes'] +): string[] { + return CWE_NIST_MAPPING.nistFilter( + formatCWETags(input, false), + DEFAULT_NIST_TAG + ); +} + +// A single SBOM vulnerability can contain multiple security ratings +// Find the max of any existing ratings and then pass to `impact` +function maxImpact(ratings: FluffyRating[] | PurpleRating[]): number { + return ratings + .map((rating) => + rating.score && + rating.method && + cvssMethods.includes(rating.method as CVSSMethodEnum) // cast required since .includes expects the parameter to be a subtype + ? // Prefer to use CVSS-based `score` field when possible + rating.score / 10 + : // Else interpret it from `severity` field, defaulting to medium/0.5 + (IMPACT_MAPPING.get(rating.severity?.toLowerCase() ?? '') ?? 0.5) + ) + .reduce( + (maxValue, newValue) => + // Find max of existing ratings + maxValue > newValue ? maxValue : newValue, + 0 + ); +} + +// If the highest rating severity for a control is `info` or `unknown`, set the results to skipped and request a manual review +function skipSeverityInfoOrUnknown(controls: unknown[]): unknown[] { + if (controls) { + (controls as ExecJSON.Control[]) + // Filter to controls whose highest rating severity is either `info` or `unknown` + .filter((control) => { + const ratings = (_.get(control, 'tags.ratings', '') as string).split( + / - |, / + ); + return ( + (ratings.includes('info') || ratings.includes('unknown')) && + !( + ratings.includes('critical') || + ratings.includes('high') || + ratings.includes('medium') || + ratings.includes('low') || + ratings.includes('none') + ) + ); + }) + // For every result contained by that control, set the status to skipped and request a manual review + .map((control) => + control.results.map((result) => { + result.status = ExecJSON.ControlResultStatus.Skipped; + result.skip_message = + 'Manual review required because a CycloneDX rating severity is set to `info` or `unknown`.'; + }) + ); + } + return controls; +} + +export class CycloneDXSBOMResults { + data: DataStorage; + withRaw: boolean; + constructor(sbomJson: string, withRaw = false) { + this.data = { + components: [], + vulnerabilities: [], + raw: JSON.parse(sbomJson) + }; + this.withRaw = withRaw; + + if (this.data.raw.components) { + // We know this is SBOM data + this.flattenComponents(this.data); + if (this.data.raw.vulnerabilities) { + // If this SBOM data has a vulnerabilities field, we can create an intermediary object + this.generateIntermediary(this.data); + } + } else if (this.data.raw.vulnerabilities) { + // Back up in case we ingest VEX data instead + this.formatVEX(this.data); + } else { + throw new Error( + 'Unrecognized CycloneDX format detected. We currently only support SBOM and VEX formats.' + ); + } + } + + // Flatten any arbitrarily nested components list + flattenComponents(data: DataStorage) { + // Pull components from raw data + data.components = _.cloneDeep( + data.raw.components + ) as IntermediaryComponent[]; + + // Look through every component at the top level of the list + for (const component of data.components) { + // Identify if subcomponents exist + if (component.components) { + // If so, pull out the subcomponents and push them to end of top level component list for further flattening + data.components.push(...component.components); + delete component.components; + } + } + } + + /* + Copy the indices of all components that are affected by a vulnerability and place them under that corresponding vulnerability + Also note in each component the IDs of the vulnerabilities that affect them + This allows for bidirectional traversal in SBOM view + + Should result in the following general structure: + { + components: [ + component: { + affectingVulnerabilities: [ // Added field + vulnID, + ... + ], + ... + }, + ... + ], + vulnerabilities: [ + vulnerability: { + affectedComponents: [ // Added field + componentIndex, + ... + ], + ... + }, + ... + ], + ... + } + */ + generateIntermediary(data: DataStorage) { + // Pull vulnerabilities from raw data + data.vulnerabilities = _.cloneDeep( + data.raw.vulnerabilities + ) as IntermediaryVulnerability[]; + + for (const vulnerability of data.vulnerabilities) { + vulnerability.affectedComponents = []; + + vulnerability.affectedComponents.push( + ...Array.from(data.components.entries()) + // Find every component that is affected via listed bom-refs + .filter(([_index, component]) => + vulnerability.affects + ?.map((id) => id.ref.toString()) + .includes(component['bom-ref'] as string) + ) + // Add the index of that affected component to the corresponding vulnerability object + .map(([index, _component]) => index) + ); + + // Also record the ID of the vulnerability in the component for use in bidirectional traversal + for (const index of vulnerability.affectedComponents) { + if (!data.components[index].affectingVulnerabilities) { + data.components[index].affectingVulnerabilities = []; + } + (data.components[index].affectingVulnerabilities as string[]).push( + _.get(vulnerability, 'bom-ref') as unknown as string + ); + } + } + } + + // VEX by default has no component info, resulting in profile errors when parsing the vulnerabilities for OHDF + // Fix that by adding a temporary result that refers the vulnerability back to its associated BOM + formatVEX(data: DataStorage) { + // Pull vulnerabilities from raw data + data.vulnerabilities = [ + ...(_.cloneDeep(data.raw.vulnerabilities) as + | CycloneDXBillOfMaterialsStandardVulnerability[] + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability[]) + ] as unknown as IntermediaryVulnerability[]; + + for (const vulnerability of data.vulnerabilities) { + vulnerability.affectedComponents = vulnerability.affects?.map((id) => { + // Build a dummy component for each bom-ref identified as being affected by the vulnerability + const dummy: IntermediaryComponent = { + name: `${id.ref}`, + 'bom-ref': `${id.ref}`, + isDummy: true, + type: 'application' // a type must be provided, and "application" is the default classification + }; + // Add that component to the corresponding vulnerability object + data.components.push(dummy); + // Return the index of that dummy object + return data.components.length - 1; + }); + } + } + + toHdf(): ExecJSON.Execution { + return new CycloneDXSBOMMapper(this.data, this.withRaw).toHdf(); + } +} + +export class CycloneDXSBOMMapper extends BaseConverter { + withRaw: boolean; + + // Pull any keys from a given index for the stored components listing + getComponentValueAtIndex( + index: number, + keys: string[] + ): Record { + return _.pick(this.data.components[index], keys); + } + + mappings: MappedTransform< + ExecJSON.Execution & {passthrough: unknown}, + ILookupPath + > = { + platform: { + name: 'Heimdall Tools', + release: HeimdallToolsVersion + }, + version: HeimdallToolsVersion, + statistics: {}, + profiles: [ + { + name: { + path: 'raw.metadata.component', + transformer: (input: ComponentClass | ComponentObject): string => + _.has(input, 'bom-ref') + ? `CycloneDX BOM Report: ${input.type}/${input['bom-ref']}` + : 'CycloneDX BOM Report' + }, + title: { + path: 'raw.metadata.component', + transformer: (input: ComponentClass | ComponentObject): string => { + if (input.name) { + const group = input.group ? `${input.group}/` : ''; + return `${group}${input.name} CycloneDX BOM Report`; + } else { + return 'CycloneDX BOM Report'; + } + } + }, + version: { + path: 'raw.metadata.component.version', + transformer: filterString + }, + maintainer: { + path: 'raw.metadata.component', + transformer: ( + input: ComponentClass | ComponentObject + ): string | undefined => { + // Find organization of authors if possible + const manufacturer = _.has(input, 'manufacturer') + ? ` (${(input.manufacturer as Record).name})` + : ''; + // Check through every single possible field which may hold ownership over this component + if (_.has(input, 'authors')) { + // Join list of component authors + return (input.authors as Record[]) + .map((author) => `${author.name}${manufacturer}`) + .join(', '); + } else if (input.author) { + // `author` is deprecated in v1.6 but may still appear + return `${input.author}${manufacturer}`; + } else { + return undefined; + } + } + }, + summary: { + path: 'raw.metadata.component.description', + transformer: filterString + }, + copyright: { + path: 'raw.metadata.component.copyright', + transformer: filterString + }, + license: { + path: 'raw.metadata.component', + transformer: ( + input: ComponentClass | ComponentObject + ): string | undefined => { + if (!input.licenses) { + return undefined; + } + // Certain license reports only provide the license name in the `name` field + // Check there first and then default to `id` + return input.licenses + ?.map((license) => + license?.license?.name + ? license.license.name + : license?.license?.id + ) + .filter((identifier) => identifier) + .join(', '); + } + }, + supports: [], + attributes: [], + groups: [], + status: 'loaded', + controls: [ + { + path: 'vulnerabilities', + key: 'id', + tags: { + nist: { + path: 'cwes', + transformer: getNISTTags + }, + cci: { + path: 'cwes', + transformer: ( + input: + | CycloneDXBillOfMaterialsStandardVulnerability['cwes'] + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability['cwes'] + ): string[] => getCCIsForNISTTags(getNISTTags(input)) + }, + cwe: {path: 'cwes', transformer: formatCWETags}, + 'bom-ref': { + path: 'bom-ref', + transformer: filterString + }, + ratings: { + path: 'ratings', + transformer: ( + input: FluffyRating[] | PurpleRating[] + ): string | undefined => + input + ? [...input] + .map((rating) => { + const ratingSource = rating.source?.name + ? `${rating.source?.name} - ` + : 'Unidentified Source - '; + return `${ratingSource}${rating.severity}`; + }) + .join(', ') + : undefined + }, + created: { + path: 'created', + transformer: filterString + }, + published: { + path: 'published', + transformer: filterString + }, + updated: { + path: 'updated', + transformer: filterString + }, + // Workflow items will not affect `impact` + rejected: { + path: 'rejected', + transformer: filterString + }, + credits: { + path: 'credits', + transformer: ( + input: FluffyCredits | PurpleCredits + ): string | undefined => + input + ? `${input.individuals + ?.map((individual) => individual.name) + .filter((name) => name) + .join(', ')}` + : undefined + }, + tools: { + path: 'tools', + transformer: ( + input: + | CreationToolsLegacyElement[] + | ToolsToolsLegacy[] + | ToolsTools + | FluffyTools + ): string | undefined => { + if (!input) { + return undefined; + } + if (Array.isArray(input)) { + return input + .map((tool) => tool.name) + .filter((name) => name) + .join(', '); + } + return [ + ...(input.components?.map((component) => component.name) ?? + []), + ...(input.services?.map((component) => component.name) ?? + []) + ].join(', '); + } + }, + // Workflow items will not affect `impact` + 'analysis.state': { + path: 'analysis.state', + transformer: filterString + }, + 'analysis.justification': { + path: 'analysis.justification', + transformer: filterString + }, + 'analysis.response': { + path: 'analysis.response', + transformer: (input: Response[]): string | undefined => + input && input.length > 0 ? input.join(', ') : undefined + }, + 'analysis.detail': { + path: 'analysis.detail', + transformer: filterString + }, + 'analysis.firstIssued': { + path: 'analysis.firstIssued', + transformer: filterString + }, + 'analysis.lastUpdated': { + path: 'analysis.lastUpdated', + transformer: filterString + } + }, + descriptions: { + transformer: ( + input: + | CycloneDXBillOfMaterialsStandardVulnerability + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability + ) => { + const recommendation = input.recommendation + ? `Recommendation: ${input.recommendation}` + : ''; + // Workaround not defined by types? Use lodash for now until proper type is implemented + const workaround = _.has(input, 'workaround') + ? `Workaround: ${input.workaround}` + : ''; + return [ + recommendation || workaround + ? { + data: `${recommendation}\n\n${workaround}`.trim(), + label: 'fix' + } + : undefined, + _.has(input, 'proofOfConcept') + ? { + data: `Proof of concept: ${JSON.stringify( + _.get(input, 'proofOfConcept'), + null, + 2 + )}`, + label: 'check' + } + : undefined + ].filter((subdescription) => subdescription); + } + } as unknown as ExecJSON.ControlDescription[], + refs: [ + { + transformer: ( + input: Record + ): Record => { + const searchFor = ['source', 'references', 'advisories']; + const ref = searchFor + .filter((key) => input.hasOwnProperty(key)) + .map((key) => _.pick(input, key)); + return {ref: ref}; + } + } + ], + source_location: {}, + title: { + // Give description as title if possible + transformer: ( + input: + | CycloneDXBillOfMaterialsStandardVulnerability + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability + ): string => + input.description ? `${input.description}` : `${input.id}` + }, + id: {path: 'id'}, + desc: { + transformer: ( + input: + | CycloneDXBillOfMaterialsStandardVulnerability + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability + ): string | undefined => { + const description = input.description + ? `Description: ${input.description}` + : ''; + const detail = input.detail ? `Detail: ${input.detail}` : ''; + return filterString(`${description}\n\n${detail}`.trim()); + } + }, + impact: { + transformer: ( + input: + | CycloneDXBillOfMaterialsStandardVulnerability + | CycloneDXSoftwareBillOfMaterialsStandardVulnerability + ): number => maxImpact(input.ratings ?? []) + }, + code: { + transformer: (vulnerability: Record): string => + JSON.stringify( + _.omit(vulnerability, 'affectedComponents'), + null, + 2 + ) + }, + arrayTransformer: skipSeverityInfoOrUnknown, + results: [ + { + path: 'affectedComponents', + status: ExecJSON.ControlResultStatus.Failed, + code_desc: { + transformer: (index: number): string => { + const selectComponentValues = this.getComponentValueAtIndex( + index, + ['group', 'version', 'name'] + ); + const group = _.has(selectComponentValues, 'group') + ? `${selectComponentValues.group}/` + : ''; + const version = _.has(selectComponentValues, 'version') + ? `@${selectComponentValues.version}` + : ''; + return `Component ${group}${_.get(selectComponentValues, 'name')}${version} is vulnerable`; + } + }, + message: { + transformer: (index: number): string => { + // Selectively pick out fields to display; full components are listed in full component structure + const selectComponentValues = this.getComponentValueAtIndex( + index, + [ + 'type', + 'mime-type', + 'bom-ref', + 'supplier', + 'manufacturer', + 'authors', // Replaces `author` in v1.6 + 'author', // Deprecated in v1.6 + 'publisher', + 'group', + 'name', + 'version', + 'description', + 'licenses', + 'copyright' + ] + ); + const msg = Object.keys(selectComponentValues) + .map((key) => { + return Array.isArray(selectComponentValues[key]) + ? `\n\n- ${_.capitalize(key)}: ${JSON.stringify(selectComponentValues[key], null, 2)}` + : `\n\n- ${_.capitalize(key)}: ${selectComponentValues[key]}`; + }) + .join(''); + return `-Component Summary-${msg}`; + } + }, + start_time: '' + } + ] + } + ], + sha256: '' + } + ], + passthrough: { + transformer: (input: DataStorage): Record => { + // VEX files will generate dummy components for control results + // Filter them out for the proper components listing + const components = input.components.filter( + (component) => !component.isDummy + ); + return { + auxiliary_data: [ + { + name: 'SBOM', + components: components.length ? components : undefined, + dependencies: _.get(input, 'raw.dependencies'), + data: _.omit(input.raw, [ + 'components', + 'vulnerabilities', + 'dependencies' + ]) + } + ], + ...(this.withRaw && {raw: input.raw}) + }; + } + } + }; + constructor(exportJson: DataStorage, withRaw = false) { + super(exportJson, true); + this.withRaw = withRaw; + } +} diff --git a/libs/hdf-converters/src/gosec-mapper.ts b/libs/hdf-converters/src/gosec-mapper.ts index a190ec046e..b358c0a809 100644 --- a/libs/hdf-converters/src/gosec-mapper.ts +++ b/libs/hdf-converters/src/gosec-mapper.ts @@ -1,46 +1,74 @@ import {ExecJSON} from 'inspecjs'; import * as _ from 'lodash'; import {version as HeimdallToolsVersion} from '../package.json'; -import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; +import { + BaseConverter, + ILookupPath, + impactMapping, + MappedTransform +} from './base-converter'; import {CweNistMapping} from './mappings/CweNistMapping'; const CWE_NIST_MAPPING = new CweNistMapping(); const DEFAULT_NIST_TAG = ['SI-2', 'RA-5']; +const IMPACT_MAPPING: Map = new Map([ + ['high', 0.7], + ['medium', 0.5], + ['low', 0.3] +]); function nistTag(input: Record): string[] { const cwe = [`${_.get(input, 'id')}`]; return CWE_NIST_MAPPING.nistFilter(cwe, DEFAULT_NIST_TAG); } +// Check `nosec` and `suppressions` fields which denote whether the gosec rule violation should be suppressed/skipped +function formatStatus(input: Record): string { + return `${_.get(input, 'nosec')}` === 'false' && + `${_.get(input, 'suppressions')}` === 'null' + ? ExecJSON.ControlResultStatus.Failed + : ExecJSON.ControlResultStatus.Skipped; +} + +// If a gosec rule violation is suppressed, forward the given justification +function formatSkipMessage(input: Record): string | undefined { + const suppressions = _.get(input, 'suppressions'); + + // If test is not skipped + if (`${suppressions}` === 'null') { + return undefined; + } + + // If test is skipped and there are no justifications, report that none are given + if (!Array.isArray(suppressions)) { + return 'No justification provided'; + } + // otherwise, supply the justifications + return suppressions + .map( + (suppression) => + `${suppression.justification ? suppression.justification : 'No justification provided'} (${suppression.kind})` + ) + .join('\n'); +} + +// Report gosec rule violation and violation location +function formatCodeDesc(input: Record): string { + return `Rule ${_.get(input, 'rule_id')} violation detected at:\nFile: ${_.get(input, 'file')}\nLine: ${_.get(input, 'line')}\nColumn: ${_.get(input, 'column')}`; +} + +// Report confidence of violation and specific offending code function formatMessage(input: Record): string { - return `${_.get(input, 'file')}, line:${_.get(input, 'line')}, column:${_.get( - input, - 'column' - )}`; + return `${_.get(input, 'confidence')} confidence of rule violation at:\n${_.get(input, 'code')}`; } -export class GoSecMapper extends BaseConverter { +export class GosecMapper extends BaseConverter { withRaw: boolean; mappings: MappedTransform< ExecJSON.Execution & {passthrough: unknown}, ILookupPath > = { - passthrough: { - transformer: (data: Record): Record => { - return { - auxiliary_data: [ - { - name: 'Gosec', - data: { - 'Golang errors': _.get(data, 'Golang errors') - } - } - ], - ...(this.withRaw && {raw: data}) - }; - } - }, platform: { name: 'Heimdall Tools', release: HeimdallToolsVersion @@ -49,8 +77,8 @@ export class GoSecMapper extends BaseConverter { statistics: {}, profiles: [ { - name: 'Gosec scanner', - title: 'gosec', + name: 'gosec Scan', + title: 'gosec Scan', version: {path: 'GosecVersion'}, supports: [], attributes: [], @@ -65,22 +93,22 @@ export class GoSecMapper extends BaseConverter { path: 'cwe', transformer: nistTag }, - cwe: {path: 'cwe'}, - nosec: {path: 'nosec'}, - suppressions: {path: 'suppressions'}, - severity: {path: 'severity'}, - confidence: {path: 'confidence'} + cwe: {path: 'cwe'} }, refs: [], source_location: {}, title: {path: 'details'}, id: {path: 'rule_id'}, desc: '', - impact: 0.5, + impact: { + path: 'severity', + transformer: impactMapping(IMPACT_MAPPING) + }, results: [ { - status: ExecJSON.ControlResultStatus.Failed, - code_desc: {path: 'code'}, + status: {transformer: formatStatus}, + skip_message: {transformer: formatSkipMessage}, + code_desc: {transformer: formatCodeDesc}, message: {transformer: formatMessage}, start_time: '' } @@ -89,7 +117,23 @@ export class GoSecMapper extends BaseConverter { ], sha256: '' } - ] + ], + passthrough: { + transformer: (data: Record): Record => { + return { + auxiliary_data: [ + { + name: 'gosec', + data: { + 'Golang errors': _.get(data, 'Golang errors'), + Stats: _.get(data, 'Stats') + } + } + ], + ...(this.withRaw && {raw: data}) + }; + } + } }; constructor(gosecJson: string, withRaw = false) { super(JSON.parse(gosecJson)); diff --git a/libs/hdf-converters/src/msft-secure-score-mapper.ts b/libs/hdf-converters/src/msft-secure-score-mapper.ts new file mode 100644 index 0000000000..f10faf3a3b --- /dev/null +++ b/libs/hdf-converters/src/msft-secure-score-mapper.ts @@ -0,0 +1,352 @@ +import { + SecureScore, + ControlScore, + SecureScoreControlProfile +} from '@microsoft/microsoft-graph-types'; +import {ExecJSON} from 'inspecjs'; +import {version as HeimdallToolsVersion} from '../package.json'; +import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; +import * as _ from 'lodash'; +import { + conditionallyProvideAttribute, + DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS +} from './utils/global'; + +export type ProfileResponse = { + '@odata.context': string; + '@odata.nextLink': string; + value: SecureScoreControlProfile[]; +}; + +export type SecureScoreResponse = { + '@odata.context': string; + '@odata.nextLink': string; + value: SecureScore[]; +}; + +export type CombinedResponse = { + secureScore: SecureScoreResponse; + profiles: ProfileResponse; +}; + +export class MsftSecureScoreResults { + data: CombinedResponse; + withRaw: boolean; + + constructor(combinedJson: string, withRaw = false) { + this.data = JSON.parse(combinedJson); + this.withRaw = withRaw; + } + + toHdf(): ExecJSON.Execution[] { + return this.data.secureScore.value.map((element) => + new MsftSecureScoreMapper( + JSON.stringify({ + secureScore: { + value: [element], + ..._.pick(this.data.secureScore, [ + '@odata.context', + '@odata.context' + ]) + }, + profiles: this.data.profiles + }), + this.withRaw + ).toHdf() + ); + } +} + +export class MsftSecureScoreMapper extends BaseConverter { + withRaw: boolean; + rawData: CombinedResponse; + getProfiles: (controlName: string) => SecureScoreControlProfile[]; + + memoizedGetProfiles(): (controlName: string) => SecureScoreControlProfile[] { + const cache: Record = {}; + + return (controlName: string): SecureScoreControlProfile[] => { + if (Object.prototype.hasOwnProperty.call(cache, controlName)) { + return cache[controlName]; + } + return (cache[controlName] = this.rawData.profiles.value.filter( + (profile) => profile.id === controlName + )); + }; + } + + mappings: MappedTransform< + ExecJSON.Execution & {passthrough: unknown}, + ILookupPath + > = { + platform: { + name: 'Heimdall Tools', + release: HeimdallToolsVersion + }, + version: HeimdallToolsVersion, + statistics: {}, + profiles: [ + { + name: 'Microsoft Secure Score Scan', + title: { + transformer: (data: SecureScore) => + `Azure Secure Score report - Tenant ID: ${data.azureTenantId} - Run ID: ${data.id}` + }, + supports: [], + attributes: [], + groups: [], + status: 'loaded', + controls: [ + { + path: 'controlScores', + id: { + transformer: (data: ControlScore) => + `${data.controlCategory}:${data.controlName}` + }, + title: { + transformer: (data: ControlScore) => { + const titles = this.getProfiles(data.controlName || '') + .filter((profile) => profile.title !== undefined) + .map((profile) => profile.title); + + if (titles.length > 0) { + return titles.join('\n'); + } else { + return [data.controlCategory || '', data.controlName || ''] + .filter((title) => title) + .join(':'); + } + } + }, + desc: {path: 'description'}, + impact: { + transformer: (data: ControlScore) => { + // return controlCategory from the profile document where its id matches the controlName + const knownMaxScores = this.getProfiles( + data.controlName || '' + ).map((profile) => profile.maxScore || 0); + + if (knownMaxScores.length === 0) { + return 0.5; + } + + const highMaxScore = Math.max(...knownMaxScores); + return highMaxScore / 10.0; + } + }, + refs: [], + tags: { + transformer: (data: ControlScore) => ({ + ...conditionallyProvideAttribute( + 'category', + this.getProfiles(data.controlName || '').map( + (profile) => profile.controlCategory + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.controlCategory) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'maxScore', + this.getProfiles(data.controlName || '').map( + (profile) => profile.maxScore + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.maxScore) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'rank', + this.getProfiles(data.controlName || '').map( + (profile) => profile.rank + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.rank) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'tiers', + this.getProfiles(data.controlName || '').map( + (profile) => profile.tier + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.tier) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'threats', + _.uniq( + this.getProfiles(data.controlName || '').map( + (profile) => profile.threats + ) + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.threats) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'services', + _.uniq( + this.getProfiles(data.controlName || '').map( + (profile) => profile.service + ) + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.service) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ), + ...conditionallyProvideAttribute( + 'userImpacts', + _.uniq( + this.getProfiles(data.controlName || '').map( + (profile) => profile.userImpact + ) + ), + (() => { + const result = this.getProfiles(data.controlName || '') + .map((profile) => profile.userImpact) + .filter((v) => Boolean(v)); + return result.length > 0; + })() + ) + }), + nist: DEFAULT_STATIC_CODE_ANALYSIS_NIST_TAGS + }, + source_location: {}, + descriptions: [ + { + data: { + transformer: ( + data: ControlScore & {implementationStatus: string} + ) => { + const profiles = this.getProfiles(data.controlName || ''); + const remediationSteps = profiles + .map((profile: SecureScoreControlProfile) => + profile.remediation?.toString() + ) + .filter( + (remediation: string | undefined) => + remediation !== undefined + ); + + return remediationSteps.join('\n'); + } + }, + label: 'fix' + }, + { + data: { + transformer: ( + data: ControlScore & {implementationStatus: string} + ) => { + const profiles = this.getProfiles(data.controlName || ''); + const impact = profiles + .map((profile: SecureScoreControlProfile) => + profile.remediationImpact?.toString() + ) + .filter( + (remediationImpact: string | undefined) => + remediationImpact !== undefined + ); + + return impact.join('\n'); + } + }, + label: 'rationale' + } + ], + results: [ + { + status: { + transformer: ( + data: ControlScore & {scoreInPercentage: number} + ) => { + if (data.scoreInPercentage === 100) { + return ExecJSON.ControlResultStatus.Passed; + } + + const knownMaxScores = this.getProfiles( + data.controlName || '' + ).map((profile) => profile.maxScore || 0); + + const highMaxScore = Math.max(...knownMaxScores); + + if (knownMaxScores.length === 0) { + // no Profile found matching the controlName + return ExecJSON.ControlResultStatus.Failed; + } else if (data.score === undefined) { + return ExecJSON.ControlResultStatus.Error; + } else if (data.score === highMaxScore) { + return ExecJSON.ControlResultStatus.Passed; + } else { + return ExecJSON.ControlResultStatus.Failed; + } + } + }, + code_desc: { + transformer: ( + data: ControlScore & {implementationStatus: string} + ) => data.implementationStatus + }, + start_time: {transformer: () => this.data.createdDateTime} + } + ] + } + ], + sha256: '' + } + ], + passthrough: { + transformer: (): Record => { + return { + auxiliary_data: [ + { + name: 'Microsoft Secure Score', + data: { + reportId: this.rawData.secureScore.value[0].id, + tenantId: this.rawData.secureScore.value[0].azureTenantId, + profiles: this.rawData.profiles, + enabledServices: + this.rawData.secureScore.value[0].enabledServices, + averageComparativeScores: + this.rawData.secureScore.value[0].averageComparativeScores, + currentScore: this.rawData.secureScore.value[0].currentScore, + maxScore: this.rawData.secureScore.value[0].maxScore, + secureScores: _.pick(this.rawData.secureScore, [ + '@odata.context', + '@odata.nextLink' + ]) + } + } + ], + ...(this.withRaw && {raw: this.rawData}) + }; + } + } + }; + constructor(secureScore_and_profiles_combined: string, withRaw = false) { + const rawParams = JSON.parse(secureScore_and_profiles_combined); + super(rawParams.secureScore.value[0]); + this.withRaw = withRaw; + this.rawData = rawParams; + this.getProfiles = this.memoizedGetProfiles(); + } +} diff --git a/libs/hdf-converters/src/trufflehog-mapper.ts b/libs/hdf-converters/src/trufflehog-mapper.ts new file mode 100644 index 0000000000..88099434d7 --- /dev/null +++ b/libs/hdf-converters/src/trufflehog-mapper.ts @@ -0,0 +1,115 @@ +import {ExecJSON} from 'inspecjs'; +import _ from 'lodash'; +import {version as HeimdallToolsVersion} from '../package.json'; +import {BaseConverter, ILookupPath, MappedTransform} from './base-converter'; + +export class TrufflehogResults { + data: Record; + withRaw: boolean; + constructor(trufflehogJson: string, withRaw = false) { + this.data = JSON.parse(trufflehogJson); + this.withRaw = withRaw; + if (_.isArray(this.data)) { + this.data = {wrapper: this.data}; + } else { + this.data = {wrapper: [this.data]}; + } + } + + toHdf(): ExecJSON.Execution { + return new TrufflehogMapper(this.data, this.withRaw).toHdf(); + } +} + +export class TrufflehogMapper extends BaseConverter { + withRaw: boolean; + + mappings: MappedTransform< + ExecJSON.Execution & {passthrough: unknown}, + ILookupPath + > = { + platform: { + name: 'Heimdall Tools', + release: HeimdallToolsVersion + }, + version: HeimdallToolsVersion, + statistics: {}, + profiles: [ + { + name: { + path: 'wrapper[0]', + transformer: (data: Record): string => + `Source ID: ${_.get(data, 'SourceID')}, Source Name: ${_.get(data, 'SourceName')}` + }, + title: {path: 'wrapper[0].SourceName'}, + supports: [], + attributes: [], + groups: [], + status: 'loaded', + controls: [ + { + key: 'id', + path: 'wrapper', + tags: { + nist: ['IA-5(7)'], + cci: ['CCI-004069', 'CCI-000202', 'CCI-000203', 'CCI-002367'], + severity: 'medium' + }, + refs: [], + source_location: {}, + title: { + transformer: (data: Record): string => + `Found ${_.get(data, 'DetectorName')} secret using ${_.get(data, 'DecoderName')} decoder` + }, + id: { + transformer: (data: Record): string => + `${_.get(data, 'DetectorName')} ${_.get(data, 'DecoderName')}` + }, + impact: 0.5, + results: [ + { + status: ExecJSON.ControlResultStatus.Failed, + code_desc: { + transformer: (data: Record): string => + `${JSON.stringify(_.get(data, 'SourceMetadata'), null, 2)}` + }, + message: { + transformer: (data: Record): string => + `${JSON.stringify( + _.omitBy( + _.pick(data, [ + 'Verified', + 'VerificationError', + 'Raw', + 'RawV2', + 'Redacted', + 'ExtraData', + 'StructuredData' + ]), + (value) => value === null || value === '' + ), + null, + 2 + )}` + }, + start_time: '' + } + ] + } + ], + sha256: '' + } + ], + passthrough: { + transformer: (data: Record): Record => { + return { + ...(this.withRaw && {raw: data}) + }; + } + } + }; + constructor(trufflehogJson: Record, withRaw = false) { + super(trufflehogJson, true); + this.withRaw = withRaw; + } +} diff --git a/libs/hdf-converters/src/twistlock-mapper.ts b/libs/hdf-converters/src/twistlock-mapper.ts index 7bf1671eb0..7dd38f6e39 100644 --- a/libs/hdf-converters/src/twistlock-mapper.ts +++ b/libs/hdf-converters/src/twistlock-mapper.ts @@ -27,12 +27,14 @@ export class TwistlockResults { constructor(twistlockJson: string, withRaw = false) { this.data = JSON.parse(twistlockJson); this.withRaw = withRaw; - } - toHdf(): ExecJSON.Execution { + // Add a wrapper to the data for the repository scan case which doesn't include the `results` key if (!_.has(this.data, 'results')) { this.data = {results: [this.data]}; } + } + + toHdf(): ExecJSON.Execution { return new TwistlockMapper(this.data, this.withRaw).toHdf(); } } @@ -107,9 +109,8 @@ export class TwistlockMapper extends BaseConverter { transformer: impactMapping(IMPACT_MAPPING) }, code: { - transformer: (vulnerability: Record): string => { - return JSON.stringify(vulnerability, null, 2); - } + transformer: (vulnerability: Record): string => + JSON.stringify(vulnerability, null, 2) }, results: [ { diff --git a/libs/hdf-converters/src/utils/fingerprinting.ts b/libs/hdf-converters/src/utils/fingerprinting.ts index de610ce681..3baedf507f 100644 --- a/libs/hdf-converters/src/utils/fingerprinting.ts +++ b/libs/hdf-converters/src/utils/fingerprinting.ts @@ -9,9 +9,12 @@ export enum INPUT_TYPES { GOSEC = 'gosec', IONCHANNEL = 'ionchannel', JFROG = 'jfrog', + MSFT_SEC_SCORE = 'msft_secure_score', NIKTO = 'nikto', SARIF = 'sarif', + CYCLONEDX_SBOM = 'cyclonedx_sbom', SNYK = 'snyk', + TRUFFLEHOG = 'trufflehog', TWISTLOCK = 'twistlock', ZAP = 'zap', NESSUS = 'nessus', @@ -36,6 +39,7 @@ const fileTypeFingerprints: Record = { 'trigger_hash' ], [INPUT_TYPES.JFROG]: ['total_count', 'data'], + [INPUT_TYPES.MSFT_SEC_SCORE]: ['secureScore', 'profiles'], [INPUT_TYPES.NIKTO]: ['banner', 'host', 'ip', 'port', 'vulnerabilities'], [INPUT_TYPES.SARIF]: ['$schema', 'version', 'runs'], [INPUT_TYPES.SNYK]: [ @@ -45,6 +49,12 @@ const fileTypeFingerprints: Record = { 'vulnerabilities', 'vulnerabilities[0].identifiers' ], + [INPUT_TYPES.TRUFFLEHOG]: [ + 'SourceName', + 'DetectorType', + 'DetectorName', + 'DecoderName' + ], [INPUT_TYPES.TWISTLOCK]: [ 'results[0].complianceDistribution', 'results[0].vulnerabilityDistribution', @@ -66,7 +76,8 @@ const fileTypeFingerprints: Record = { [INPUT_TYPES.SCOUTSUITE]: [], [INPUT_TYPES.NOT_FOUND]: [], [INPUT_TYPES.VERACODE]: [], - [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'] + [INPUT_TYPES.GOSEC]: ['Golang errors', 'Issues'], + [INPUT_TYPES.CYCLONEDX_SBOM]: ['bomFormat', 'metadata', 'specVersion'] }; export function fingerprint(guessOptions: { diff --git a/libs/hdf-converters/src/utils/global.ts b/libs/hdf-converters/src/utils/global.ts index 98bdf97996..26dc1e292d 100644 --- a/libs/hdf-converters/src/utils/global.ts +++ b/libs/hdf-converters/src/utils/global.ts @@ -99,3 +99,8 @@ export function ensureContextualizedEvaluation( return contextualizeEvaluation(data); } } + +// Return original string if it exists, else return undefined +export function filterString(input: string): string | undefined { + return input || undefined; +} diff --git a/libs/hdf-converters/src/utils/parseJson.ts b/libs/hdf-converters/src/utils/parseJson.ts new file mode 100644 index 0000000000..3347016c40 --- /dev/null +++ b/libs/hdf-converters/src/utils/parseJson.ts @@ -0,0 +1,17 @@ +import {Result} from './result'; + +export type JSONValue = + | string + | number + | boolean + | null + | JSONValue[] + | {[key: string]: JSONValue}; + +export function parseJson(str: string): Result { + try { + return {ok: true, value: JSON.parse(str)}; + } catch (e) { + return {ok: false, error: e}; + } +} diff --git a/libs/hdf-converters/src/utils/result.ts b/libs/hdf-converters/src/utils/result.ts new file mode 100644 index 0000000000..daccb6b4c7 --- /dev/null +++ b/libs/hdf-converters/src/utils/result.ts @@ -0,0 +1 @@ +export type Result = {ok: true; value: T} | {ok: false; error: E}; diff --git a/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts index 13367359b6..e364fddcd2 100644 --- a/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/checklist_mapper.spec.ts @@ -1,6 +1,7 @@ import fs from 'fs'; import {ChecklistResults} from '../../../src/ckl-mapper/checklist-mapper'; import {omitVersions} from '../../utils'; +import {InvalidChecklistMetadataException} from '../../../src/ckl-mapper/checklist-metadata-utils'; describe('checklist_mapper_single_stig', () => { it('Successfully converts Checklists', () => { @@ -57,6 +58,34 @@ describe('checklist_mapper_single_stig_with_raw', () => { }); }); +describe('checklist_mapper_with_severity_overrides', () => { + it('Successfully converts Checklists with severity overrides', () => { + const mapper = new ChecklistResults( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/small_ckl_overrides.ckl', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/checklist_mapper/small_overrides_hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/small_overrides_hdf.json', + {encoding: 'utf-8'} + ) + ) + ) + ); + }); +}); + describe('checklist_mapper_multi_stig_wrapper', () => { it('Successfully converts Checklists', () => { const mapper = new ChecklistResults( @@ -141,3 +170,16 @@ describe('checklist_intermediate_object', () => { ); }); }); + +describe('checklist_with_invalid_metadata', () => { + // ensures that checklist metadata is being validated + it('Throws InvalidChecklistFormatException when trying to convert checklist with invalid metadata', () => { + const fileContents = fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.ckl', + {encoding: 'utf-8'} + ); + expect(() => new ChecklistResults(fileContents)).toThrowError( + InvalidChecklistMetadataException + ); + }); +}); diff --git a/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts new file mode 100644 index 0000000000..212849e645 --- /dev/null +++ b/libs/hdf-converters/test/mappers/forward/cyclonedx_sbom_mapper.spec.ts @@ -0,0 +1,414 @@ +import fs from 'fs'; +import {CycloneDXSBOMResults} from '../../../src/cyclonedx-sbom-mapper'; +import {omitVersions} from '../../utils'; + +describe('sbom_mapper_saf', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/generated-saf-sbom.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-saf-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_dropwizard_vulns', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vulns.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vulns-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_dropwizard_no_vulns', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-no-vulns.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-no-vulns-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_dropwizard_vex', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/dropwizard-vex.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-dropwizard-vex-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_vex', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', + { + encoding: 'utf-8' + } + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/vex.json', + { + encoding: 'utf-8' + } + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-vex-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_syft_alpine_container', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json', + { + encoding: 'utf-8' + } + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/syft-scan-alpine-container.json', + { + encoding: 'utf-8' + } + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-syft-alpine-container-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('sbom_mapper_converted_spdx', () => { + it('Successfully converts SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json', + { + encoding: 'utf-8' + } + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withraw flagged SBOM data', () => { + const mapper = new CycloneDXSBOMResults( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sample_input_report/spdx-to-cyclonedx.json', + { + encoding: 'utf-8' + } + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/cyclonedx_sbom_mapper/sbom-converted-spdx-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); diff --git a/libs/hdf-converters/test/mappers/forward/gosec_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/gosec_mapper.spec.ts index edb3d64738..1a74f2fe45 100644 --- a/libs/hdf-converters/test/mappers/forward/gosec_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/forward/gosec_mapper.spec.ts @@ -1,23 +1,171 @@ import fs from 'fs'; -import {GoSecMapper} from '../../../src/gosec-mapper'; +import {GosecMapper} from '../../../src/gosec-mapper'; import {omitVersions} from '../../utils'; -describe('gosec_mapper', () => { - it('Successfully converts gosec reports', () => { - const mapper = new GoSecMapper( + +describe('gosec_mapper_grype', () => { + it('Successfully converts Grype gosec reports', () => { + const mapper = new GosecMapper( fs.readFileSync( 'sample_jsons/gosec_mapper/sample_input_report/Grype_gosec_results.json', {encoding: 'utf-8'} ) ); + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/grype-gosec-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + expect(omitVersions(mapper.toHdf())).toEqual( omitVersions( JSON.parse( - fs.readFileSync('sample_jsons/gosec_mapper/gosec-hdf.json', { + fs.readFileSync('sample_jsons/gosec_mapper/grype-gosec-hdf.json', { encoding: 'utf-8' }) ) ) ); }); + + it('Successfully converts withRaw flagged Grype gosec reports', () => { + const mapper = new GosecMapper( + fs.readFileSync( + 'sample_jsons/gosec_mapper/sample_input_report/Grype_gosec_results.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('gosec_mapper_go_ethereum_external_suppressed', () => { + it('Successfully converts unsuppressed Go Ethereum gosec reports', () => { + const mapper = new GosecMapper( + fs.readFileSync( + 'sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_external_suppressed.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withRaw flagged unsuppressed Go Ethereum gosec reports', () => { + const mapper = new GosecMapper( + fs.readFileSync( + 'sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_external_suppressed.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('gosec_mapper_go_ethereum_all_suppressed', () => { + it('Successfully converts suppressed Go Ethereum gosec reports', () => { + const mapper = new GosecMapper( + fs.readFileSync( + 'sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_all_suppressed.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); + + it('Successfully converts withRaw flagged suppressed Go Ethereum gosec reports', () => { + const mapper = new GosecMapper( + fs.readFileSync( + 'sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_all_suppressed.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); }); diff --git a/libs/hdf-converters/test/mappers/forward/msft_secure_score_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/msft_secure_score_mapper.spec.ts new file mode 100644 index 0000000000..7ec3cd8053 --- /dev/null +++ b/libs/hdf-converters/test/mappers/forward/msft_secure_score_mapper.spec.ts @@ -0,0 +1,104 @@ +import fs from 'fs'; +import { + MsftSecureScoreResults, + CombinedResponse +} from '../../../src/msft-secure-score-mapper'; +import {omitVersions} from '../../utils'; + +describe('msft_secure_score_mapper', () => { + it('Successfully converts Microsoft Secure Score reports', () => { + const mapper = new MsftSecureScoreResults( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/msft_secure_score_mapper/secure_score-hdfs.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + const expectedHdfReports = JSON.parse( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/secure_score-hdfs.json', + {encoding: 'utf-8'} + ) + ); + + for (const [idx, hdfReport] of mapper.toHdf().entries()) { + expect(omitVersions(hdfReport)).toEqual( + omitVersions(expectedHdfReports[idx]) + ); + } + }); +}); + +describe('msft_secure_score_mapper_withraw', () => { + it('Successfully converts withRaw flagged Microsoft Secure Score reports', () => { + const mapper = new MsftSecureScoreResults( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/sample_input_report/combined.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/msft_secure_score_mapper/secure_score-hdf-withraws.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + const expectedHdfReports = JSON.parse( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/secure_score-hdf-withraws.json', + {encoding: 'utf-8'} + ) + ); + + for (const [idx, hdfReport] of mapper.toHdf().entries()) { + expect(omitVersions(hdfReport)).toEqual( + omitVersions(expectedHdfReports[idx]) + ); + } + }); +}); + +describe('msft_secure_score_mapper_multiple_reports', () => { + it('Successfully converts multiple Microsoft Secure Score reports into multiple ohdf files', () => { + const input_data: CombinedResponse = { + profiles: JSON.parse( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/sample_input_report/profiles.json', + {encoding: 'utf-8'} + ) + ), + secureScore: JSON.parse( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/sample_input_report/secureScore-multiple.json', + {encoding: 'utf-8'} + ) + ) + }; + + const mapper = new MsftSecureScoreResults(JSON.stringify(input_data)); + + // fs.writeFileSync( + // 'sample_jsons/msft_secure_score_mapper/secure_score-hdf-multi.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + const expectedHdfReports = JSON.parse( + fs.readFileSync( + 'sample_jsons/msft_secure_score_mapper/secure_score-hdf-multi.json', + {encoding: 'utf-8'} + ) + ); + + for (const [idx, hdfReport] of mapper.toHdf().entries()) { + expect(omitVersions(hdfReport)).toEqual( + omitVersions(expectedHdfReports[idx]) + ); + } + }); +}); diff --git a/libs/hdf-converters/test/mappers/forward/trufflehog_mapper.spec.ts b/libs/hdf-converters/test/mappers/forward/trufflehog_mapper.spec.ts new file mode 100644 index 0000000000..8fef6f7e32 --- /dev/null +++ b/libs/hdf-converters/test/mappers/forward/trufflehog_mapper.spec.ts @@ -0,0 +1,240 @@ +import fs from 'fs'; +import {TrufflehogResults} from '../../../src/trufflehog-mapper'; +import {omitVersions} from '../../utils'; + +describe('trufflehog_mapper', () => { + it('Successfully converts trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_mapper_withraw', () => { + it('Successfully converts withraw flagged trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_docker_mapper', () => { + it('Successfully converts trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_docker_example.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-docker-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-docker-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_docker_mapper_withraw', () => { + it('Successfully converts withraw flagged trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_docker_example.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-docker-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-docker-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_saf_example_mapper', () => { + it('Successfully converts trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_saf_example.json', + {encoding: 'utf-8'} + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-saf-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-saf-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_saf_example_mapper_withraw', () => { + it('Successfully converts withraw flagged trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog_saf_example.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-saf-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-saf-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_example_mapper', () => { + it('Successfully converts withraw flagged trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json', + {encoding: 'utf-8'} + ), + false + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); + +describe('trufflehog_example_mapper', () => { + it('Successfully converts withraw flagged trufflehog targeted at a local/cloned repository data', () => { + const mapper = new TrufflehogResults( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/sample_input_report/trufflehog-report-example.json', + {encoding: 'utf-8'} + ), + true + ); + + // fs.writeFileSync( + // 'sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf-withraw.json', + // JSON.stringify(mapper.toHdf(), null, 2) + // ); + + expect(omitVersions(mapper.toHdf())).toEqual( + omitVersions( + JSON.parse( + fs.readFileSync( + 'sample_jsons/trufflehog_mapper/trufflehog-report-example-hdf-withraw.json', + { + encoding: 'utf-8' + } + ) + ) + ) + ); + }); +}); diff --git a/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts b/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts index c0930c2a8c..48752e9b71 100644 --- a/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/reverse/checklist_reverse_mapper.spec.ts @@ -1,6 +1,7 @@ import fs from 'fs'; import {ChecklistResults} from '../../../src/ckl-mapper/checklist-mapper'; -import {version as hdfConvertersVersion} from '../../../package.json'; +import {replaceCKLVersion} from '../../utils'; +import {InvalidChecklistMetadataException} from '../../../src/ckl-mapper/checklist-metadata-utils'; describe('previously_checklist_converted_hdf_to_checklist', () => { it('Successfully converts HDF to Checklist', () => { @@ -24,9 +25,7 @@ describe('previously_checklist_converted_hdf_to_checklist', () => { ); const converted = mapper.toCkl(); - expect(converted).toEqual( - expected.replace(/2\.10\.1/gi, hdfConvertersVersion) - ); + expect(converted).toEqual(replaceCKLVersion(expected)); }); }); @@ -52,9 +51,7 @@ describe('previously_checklist_converted_hdf_to_checklist', () => { ); const converted = mapper.toCkl(); - expect(converted).toEqual( - expected.replace(/2\.10\.2/gi, hdfConvertersVersion) - ); + expect(converted).toEqual(replaceCKLVersion(expected)); }); }); @@ -79,12 +76,7 @@ describe('non_checklist_converted_hdf_to_checklist', () => { ); const converted = mapper.toCkl(); - expect(converted).toEqual( - expected.replace( - /Heimdall Version :: 2\.10\.2/gi, - `Heimdall Version :: ${hdfConvertersVersion}` - ) - ); + expect(converted).toEqual(replaceCKLVersion(expected)); }); }); @@ -112,8 +104,64 @@ describe('Small RHEL8 HDF file', () => { ); const converted = mapper.toCkl(); - expect(converted).toEqual( - expected.replace(/2\.10\.1/gi, hdfConvertersVersion) + expect(converted).toEqual(replaceCKLVersion(expected)); + }); +}); + +describe('Small RHEL 7 with severity and severity override tags', () => { + it('can be successfully converted from HDF to Checklist', () => { + const mapper = new ChecklistResults( + JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/RHEL7_overrides_hdf.json', + { + encoding: 'utf-8' + } + ) + ) + ); + + // fs.writeFileSync( + // 'sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl', + // mapper.toCkl() + // ); + + const expected = fs.readFileSync( + 'sample_jsons/checklist_mapper/converted-rhel7_overrides.ckl', + 'utf-8' + ); + const converted = mapper.toCkl(); + + expect(converted).toEqual(replaceCKLVersion(expected)); + }); +}); + +describe('hdf_profile_with_invalid_metadata', () => { + it('Throws InvalidChecklistFormatException when trying to convert to checklist with invalid metadata', () => { + // ensures that checklist metadata is being validated + const fileContents = JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.json', + {encoding: 'utf-8'} + ) + ); + expect(() => new ChecklistResults(fileContents)).toThrowError( + InvalidChecklistMetadataException + ); + }); +}); + +describe('hdf_profile_with_invalid_metadata', () => { + it('Throws InvalidChecklistFormatException when trying to convert to checklist with invalid metadata', () => { + // ensures that checklist metadata is being validated + const fileContents = JSON.parse( + fs.readFileSync( + 'sample_jsons/checklist_mapper/sample_input_report/invalid_metadata.json', + {encoding: 'utf-8'} + ) + ); + expect(() => new ChecklistResults(fileContents)).toThrowError( + InvalidChecklistMetadataException ); }); }); diff --git a/libs/hdf-converters/test/mappers/reverse/xccdf_reverse_mapper.spec.ts b/libs/hdf-converters/test/mappers/reverse/xccdf_reverse_mapper.spec.ts index 1eeda4989c..df572ef1e9 100644 --- a/libs/hdf-converters/test/mappers/reverse/xccdf_reverse_mapper.spec.ts +++ b/libs/hdf-converters/test/mappers/reverse/xccdf_reverse_mapper.spec.ts @@ -1,6 +1,6 @@ import fs from 'fs'; import {FromHDFToXCCDFMapper} from '../../../index'; -import {version as hdfConvertersVersion} from '../../../package.json'; +import {replaceXCCDFVersion} from '../../utils'; describe('XCCDF Results Reverse Mapper', () => { it('Successfully converts RHEL7 HDF into XCCDF-Results', () => { @@ -30,9 +30,7 @@ describe('XCCDF Results Reverse Mapper', () => { 'utf-8' ); - expect(converted).toEqual( - expected.replace(/2\.6\.24/gi, hdfConvertersVersion) - ); + expect(converted).toEqual(replaceXCCDFVersion(expected)); }); it('Successfully converts a 3 layer overlay HDF into XCCDF-Results', () => { @@ -62,8 +60,6 @@ describe('XCCDF Results Reverse Mapper', () => { 'utf-8' ); - expect(converted).toEqual( - expected.replace(/2\.6\.24/gi, hdfConvertersVersion) - ); + expect(converted).toEqual(replaceXCCDFVersion(expected)); }); }); diff --git a/libs/hdf-converters/test/utils.ts b/libs/hdf-converters/test/utils.ts index f78603b1de..eea9e686bf 100644 --- a/libs/hdf-converters/test/utils.ts +++ b/libs/hdf-converters/test/utils.ts @@ -2,6 +2,7 @@ import {ExecJSON} from 'inspecjs'; import _ from 'lodash'; import {IFindingASFF} from '../src/converters-from-hdf/asff/asff-types'; import {ExecJSONProfile} from 'inspecjs/src/generated_parsers/v_1_0/exec-json'; +import {version as hdfConvertersVersion} from '../package.json'; export function omitVersions( input: Omit, 'profiles'> & { @@ -73,3 +74,21 @@ export function omitHDFTimes( }) }; } + +// replaces the version in the checklist file with the +// actual hdf-converters version +export function replaceCKLVersion(input: string): string { + return input.replace( + /(?<=)/, + hdfConvertersVersion + ); +} + +// replaces the version in the checklist file with the +// actual hdf-converters version +export function replaceXCCDFVersion(input: string): string { + return input.replace( + /(?<=)\S+(?=<\/version>)/, + hdfConvertersVersion + ); +} diff --git a/libs/hdf-converters/types/cyclonedx.d.ts b/libs/hdf-converters/types/cyclonedx.d.ts new file mode 100644 index 0000000000..89ea7b60a9 --- /dev/null +++ b/libs/hdf-converters/types/cyclonedx.d.ts @@ -0,0 +1,8910 @@ +export type CycloneDXSoftwareBillOfMaterialSpecification = { + /** + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention nor does JSON schema support namespaces. + */ + bomFormat: BOMFormat; + components?: ComponentObject[]; + /** + * Compositions describe constituent parts (including components, services, and dependency + * relationships) and their completeness. + */ + compositions?: CompositionObject[]; + /** + * Provides the ability to document dependency relationships. + */ + dependencies?: DependencyObject[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but which are not included with the BOM. + */ + externalReferences?: ExternalReferenceObject[]; + /** + * Provides additional information about a BOM. + */ + metadata?: MetadataObject; + /** + * Every BOM generated should have a unique serial number, even if the contents of the BOM + * being generated have not changed over time. The process or tool responsible for creating + * the BOM should create random UUID's for every BOM generated. + */ + serialNumber?: string; + services?: ServiceObject[]; + /** + * The version of the CycloneDX specification a BOM is written to (starting at version 1.2) + */ + specVersion: string; + /** + * The version allows component publishers/authors to make changes to existing BOMs to + * update various aspects of the document such as description or licenses. When a system is + * presented with multiple BOMs for the same component, the system should use the most + * recent version of the BOM. The default version is '1' and should be incremented for each + * version of the BOM that is published. Each version of a component should have a unique + * BOM and if no changes are made to the BOMs, then each BOM will have a version of '1'. + */ + version: number; + [property: string]: any; +}; + +/** + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention nor does JSON schema support namespaces. + * + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention nor does JSON schema support namespaces. This value + * MUST be "CycloneDX". + * + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention, nor does JSON schema support namespaces. This value + * must be "CycloneDX". + */ +export type BOMFormat = 'CycloneDX'; + +/** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ +export type PedigreeObject = { + /** + * Describes zero or more components in which a component is derived from. This is commonly + * used to describe forks from existing projects where the forked version contains a + * ancestor node containing the original component it was forked from. For example, + * Component A is the original component. Component B is the component being used and + * documented in the BOM. However, Component B contains a pedigree node with a single + * ancestor documenting Component A - the original component from which Component B is + * derived from. + */ + ancestors?: ComponentObject[]; + /** + * A list of zero or more commits which provide a trail describing how the component + * deviates from an ancestor, descendant, or variant. + */ + commits?: CommitObject[]; + /** + * Descendants are the exact opposite of ancestors. This provides a way to document all + * forks (and their forks) of an original or root component. + */ + descendants?: ComponentObject[]; + /** + * Notes, observations, and other non-structured commentary describing the components + * pedigree. + */ + notes?: string; + /** + * >A list of zero or more patches describing how the component deviates from an ancestor, + * descendant, or variant. Patches may be complimentary to commits or may be used in place + * of commits. + */ + patches?: PatchObject[]; + /** + * Variants describe relations where the relationship between the components are not known. + * For example, if Component A contains nearly identical code to Component B. They are both + * related, but it is unclear if one is derived from the other, or if they share a common + * ancestor. + */ + variants?: ComponentObject[]; + [property: string]: any; +}; + +/** + * The component that the BOM describes. + */ +export type ComponentObject = { + /** + * The person(s) or organization(s) that authored the component + */ + author?: string; + /** + * An optional identifier which can be used to reference the component elsewhere in the BOM. + * Every bom-ref should be unique. + */ + 'bom-ref'?: string; + components?: ComponentObject[]; + /** + * An optional copyright notice informing users of the underlying claims to copyright + * ownership in a published work. + */ + copyright?: string; + /** + * DEPRECATED - DO NOT USE. This will be removed in a future version. Specifies a + * well-formed CPE name. See https://nvd.nist.gov/products/cpe + */ + cpe?: string; + /** + * Specifies a description for the component + */ + description?: string; + /** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ + evidence?: EvidenceObject; + externalReferences?: ExternalReferenceObject[]; + /** + * The grouping name or identifier. This will often be a shortened, single name of the + * company or project that produced the component, or the source package or domain name. + * Whitespace and special characters should be avoided. Examples include: apache, + * org.apache.commons, and apache.org. + */ + group?: string; + hashes?: HashObject[]; + licenses?: LicenseS[]; + /** + * The optional mime-type of the component. When used on file components, the mime-type can + * provide additional context about the kind of file being represented such as an image, + * font, or executable. Some library or framework components may also have an associated + * mime-type. + */ + 'mime-type'?: string; + /** + * DEPRECATED - DO NOT USE. This will be removed in a future version. Use the pedigree + * element instead to supply information on exactly how the component was modified. A + * boolean value indicating is the component has been modified from the original. A value of + * true indicates the component is a derivative of the original. A value of false indicates + * the component has not been modified from the original. + */ + modified?: boolean; + /** + * The name of the component. This will often be a shortened, single name of the component. + * Examples: commons-lang3 and jquery + */ + name: string; + /** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ + pedigree?: PedigreeObject; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. + */ + properties?: LightweightNameValuePair[]; + /** + * The person(s) or organization(s) that published the component + */ + publisher?: string; + purl?: string; + /** + * Specifies the scope of the component. If scope is not specified, 'required' scope should + * be assumed by the consumer of the BOM + */ + scope?: ComponentScope; + /** + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + */ + supplier?: ManufactureObject; + /** + * Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + */ + swid?: SwidObject; + /** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. + */ + type: PurpleComponentType; + /** + * The component version. The version should ideally comply with semantic versioning but is + * not enforced. + */ + version: string; + [property: string]: any; +}; + +/** + * Specifies an individual commit + */ +export type CommitObject = { + /** + * The author who created the changes in the commit + */ + author?: AuthorObject; + /** + * The person who committed or pushed the commit + */ + committer?: AuthorObject; + /** + * The text description of the contents of the commit + */ + message?: string; + /** + * A unique identifier of the commit. This may be version control specific. For example, + * Subversion uses revision numbers whereas git uses commit hashes. + */ + uid?: string; + /** + * The URL to the commit. This URL will typically point to a commit in a version control + * system. + */ + url?: string; + [property: string]: any; +}; + +/** + * The author who created the changes in the commit + * + * Specifies an individual commit + * + * The person who committed or pushed the commit + */ +export type AuthorObject = { + /** + * The email address of the individual who performed the action + */ + email?: string; + /** + * The name of the individual who performed the action + */ + name?: string; + /** + * The timestamp in which the action occurred + */ + timestamp?: Date; + [property: string]: any; +}; + +/** + * Specifies an individual patch + */ +export type PatchObject = { + /** + * The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + */ + diff?: DiffObject; + /** + * A collection of issues the patch resolves + */ + resolves?: ResolveObject[]; + /** + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality + */ + type: PatchType; + [property: string]: any; +}; + +/** + * The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + */ +export type DiffObject = { + /** + * Specifies the optional text of the diff + */ + text?: TextObject; + /** + * Specifies the URL to the diff + */ + url?: string; + [property: string]: any; +}; + +/** + * An optional way to include the textual content of a license. + * + * Specifies the metadata and content for an attachment. + * + * Specifies the optional text of the diff + * + * Specifies the metadata and content of the SWID tag. + */ +export type TextObject = { + /** + * The attachment data + */ + content: string; + /** + * Specifies the content type of the text. Defaults to text/plain if not specified. + */ + contentType?: string; + /** + * Specifies the optional encoding the text is represented in. + */ + encoding?: Encoding; + [property: string]: any; +}; + +/** + * Specifies the optional encoding the text is represented in. + */ +export type Encoding = 'base64'; + +/** + * The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + */ +export type ResolveObject = { + /** + * A description of the issue + */ + description?: string; + /** + * The identifier of the issue assigned by the source of the issue + */ + id?: string; + /** + * The name of the issue + */ + name?: string; + /** + * A collection of URL's for reference. Multiple URLs are allowed. + */ + references?: string[]; + /** + * The source of the issue where it is documented + */ + source?: SourceObject; + /** + * Specifies the type of issue + */ + type: ResolveType; + [property: string]: any; +}; + +/** + * The source of the issue where it is documented + */ +export type SourceObject = { + /** + * The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache' + */ + name?: string; + /** + * The url of the issue documentation as provided by the source + */ + url?: string; + [property: string]: any; +}; + +/** + * Specifies the type of issue + */ +export type ResolveType = 'defect' | 'enhancement' | 'security'; + +/** + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality + * + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality. + * + * * __unofficial__ = A patch which is not developed by the creators or maintainers of the + * software being patched. Refer to + * [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch) + * * __monkey__ = A patch which dynamically modifies runtime behavior. Refer to + * [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch) + * * __backport__ = A patch which takes code from a newer version of software and applies it + * to older versions of the same software. Refer to + * [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting) + * * __cherry-pick__ = A patch created by selectively applying commits from other versions + * or branches of the same software. + * + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality. + */ +export type PatchType = 'unofficial' | 'monkey' | 'backport' | 'cherry-pick'; + +/** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ +export type EvidenceObject = { + copyright?: CopyrightObject[]; + licenses?: LicenseS[]; + [property: string]: any; +}; + +export type CopyrightObject = { + text: string; + [property: string]: any; +}; + +export type LicenseS = { + expression?: string; + license?: LicenseObjectObject; + [property: string]: any; +}; + +export type LicenseObjectObject = { + /** + * A valid SPDX license ID + */ + id?: SpdxSchema; + /** + * If SPDX does not define the license used, this field may be used to provide the license + * name + */ + name?: string; + /** + * An optional way to include the textual content of a license. + */ + text?: TextObject; + /** + * The URL to the license file. If specified, a 'license' externalReference should also be + * specified for completeness + */ + url?: string; + [property: string]: any; +}; + +/** + * A valid SPDX license ID + * + * A valid SPDX license identifier. If specified, this value must be one of the enumeration + * of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema + * which is synchronized with the official SPDX license list. + */ +export type SpdxSchema = + | '0BSD' + | '3D-Slicer-1.0' + | 'AAL' + | 'Abstyles' + | 'AdaCore-doc' + | 'Adobe-2006' + | 'Adobe-Display-PostScript' + | 'Adobe-Glyph' + | 'Adobe-Utopia' + | 'ADSL' + | 'AFL-1.1' + | 'AFL-1.2' + | 'AFL-2.0' + | 'AFL-2.1' + | 'AFL-3.0' + | 'Afmparse' + | 'AGPL-1.0' + | 'AGPL-1.0-only' + | 'AGPL-1.0-or-later' + | 'AGPL-3.0' + | 'AGPL-3.0-only' + | 'AGPL-3.0-or-later' + | 'Aladdin' + | 'AMD-newlib' + | 'AMDPLPA' + | 'AML' + | 'AML-glslang' + | 'AMPAS' + | 'ANTLR-PD' + | 'ANTLR-PD-fallback' + | 'any-OSI' + | 'Apache-1.0' + | 'Apache-1.1' + | 'Apache-2.0' + | 'APAFML' + | 'APL-1.0' + | 'App-s2p' + | 'APSL-1.0' + | 'APSL-1.1' + | 'APSL-1.2' + | 'APSL-2.0' + | 'Arphic-1999' + | 'Artistic-1.0' + | 'Artistic-1.0-cl8' + | 'Artistic-1.0-Perl' + | 'Artistic-2.0' + | 'ASWF-Digital-Assets-1.0' + | 'ASWF-Digital-Assets-1.1' + | 'Baekmuk' + | 'Bahyph' + | 'Barr' + | 'bcrypt-Solar-Designer' + | 'Beerware' + | 'Bitstream-Charter' + | 'Bitstream-Vera' + | 'BitTorrent-1.0' + | 'BitTorrent-1.1' + | 'blessing' + | 'BlueOak-1.0.0' + | 'Boehm-GC' + | 'Borceux' + | 'Brian-Gladman-2-Clause' + | 'Brian-Gladman-3-Clause' + | 'BSD-1-Clause' + | 'BSD-2-Clause' + | 'BSD-2-Clause-Darwin' + | 'BSD-2-Clause-first-lines' + | 'BSD-2-Clause-FreeBSD' + | 'BSD-2-Clause-NetBSD' + | 'BSD-2-Clause-Patent' + | 'BSD-2-Clause-Views' + | 'BSD-3-Clause' + | 'BSD-3-Clause-acpica' + | 'BSD-3-Clause-Attribution' + | 'BSD-3-Clause-Clear' + | 'BSD-3-Clause-flex' + | 'BSD-3-Clause-HP' + | 'BSD-3-Clause-LBNL' + | 'BSD-3-Clause-Modification' + | 'BSD-3-Clause-No-Military-License' + | 'BSD-3-Clause-No-Nuclear-License' + | 'BSD-3-Clause-No-Nuclear-License-2014' + | 'BSD-3-Clause-No-Nuclear-Warranty' + | 'BSD-3-Clause-Open-MPI' + | 'BSD-3-Clause-Sun' + | 'BSD-4-Clause' + | 'BSD-4-Clause-Shortened' + | 'BSD-4-Clause-UC' + | 'BSD-4.3RENO' + | 'BSD-4.3TAHOE' + | 'BSD-Advertising-Acknowledgement' + | 'BSD-Attribution-HPND-disclaimer' + | 'BSD-Inferno-Nettverk' + | 'BSD-Protection' + | 'BSD-Source-beginning-file' + | 'BSD-Source-Code' + | 'BSD-Systemics' + | 'BSD-Systemics-W3Works' + | 'BSL-1.0' + | 'BUSL-1.1' + | 'bzip2-1.0.5' + | 'bzip2-1.0.6' + | 'C-UDA-1.0' + | 'CAL-1.0' + | 'CAL-1.0-Combined-Work-Exception' + | 'Caldera' + | 'Caldera-no-preamble' + | 'Catharon' + | 'CATOSL-1.1' + | 'CC-BY-1.0' + | 'CC-BY-2.0' + | 'CC-BY-2.5' + | 'CC-BY-2.5-AU' + | 'CC-BY-3.0' + | 'CC-BY-3.0-AT' + | 'CC-BY-3.0-AU' + | 'CC-BY-3.0-DE' + | 'CC-BY-3.0-IGO' + | 'CC-BY-3.0-NL' + | 'CC-BY-3.0-US' + | 'CC-BY-4.0' + | 'CC-BY-NC-1.0' + | 'CC-BY-NC-2.0' + | 'CC-BY-NC-2.5' + | 'CC-BY-NC-3.0' + | 'CC-BY-NC-3.0-DE' + | 'CC-BY-NC-4.0' + | 'CC-BY-NC-ND-1.0' + | 'CC-BY-NC-ND-2.0' + | 'CC-BY-NC-ND-2.5' + | 'CC-BY-NC-ND-3.0' + | 'CC-BY-NC-ND-3.0-DE' + | 'CC-BY-NC-ND-3.0-IGO' + | 'CC-BY-NC-ND-4.0' + | 'CC-BY-NC-SA-1.0' + | 'CC-BY-NC-SA-2.0' + | 'CC-BY-NC-SA-2.0-DE' + | 'CC-BY-NC-SA-2.0-FR' + | 'CC-BY-NC-SA-2.0-UK' + | 'CC-BY-NC-SA-2.5' + | 'CC-BY-NC-SA-3.0' + | 'CC-BY-NC-SA-3.0-DE' + | 'CC-BY-NC-SA-3.0-IGO' + | 'CC-BY-NC-SA-4.0' + | 'CC-BY-ND-1.0' + | 'CC-BY-ND-2.0' + | 'CC-BY-ND-2.5' + | 'CC-BY-ND-3.0' + | 'CC-BY-ND-3.0-DE' + | 'CC-BY-ND-4.0' + | 'CC-BY-SA-1.0' + | 'CC-BY-SA-2.0' + | 'CC-BY-SA-2.0-UK' + | 'CC-BY-SA-2.1-JP' + | 'CC-BY-SA-2.5' + | 'CC-BY-SA-3.0' + | 'CC-BY-SA-3.0-AT' + | 'CC-BY-SA-3.0-DE' + | 'CC-BY-SA-3.0-IGO' + | 'CC-BY-SA-4.0' + | 'CC-PDDC' + | 'CC0-1.0' + | 'CDDL-1.0' + | 'CDDL-1.1' + | 'CDL-1.0' + | 'CDLA-Permissive-1.0' + | 'CDLA-Permissive-2.0' + | 'CDLA-Sharing-1.0' + | 'CECILL-1.0' + | 'CECILL-1.1' + | 'CECILL-2.0' + | 'CECILL-2.1' + | 'CECILL-B' + | 'CECILL-C' + | 'CERN-OHL-1.1' + | 'CERN-OHL-1.2' + | 'CERN-OHL-P-2.0' + | 'CERN-OHL-S-2.0' + | 'CERN-OHL-W-2.0' + | 'CFITSIO' + | 'check-cvs' + | 'checkmk' + | 'ClArtistic' + | 'Clips' + | 'CMU-Mach' + | 'CMU-Mach-nodoc' + | 'CNRI-Jython' + | 'CNRI-Python' + | 'CNRI-Python-GPL-Compatible' + | 'COIL-1.0' + | 'Community-Spec-1.0' + | 'Condor-1.1' + | 'copyleft-next-0.3.0' + | 'copyleft-next-0.3.1' + | 'Cornell-Lossless-JPEG' + | 'CPAL-1.0' + | 'CPL-1.0' + | 'CPOL-1.02' + | 'Cronyx' + | 'Crossword' + | 'CrystalStacker' + | 'CUA-OPL-1.0' + | 'Cube' + | 'curl' + | 'cve-tou' + | 'D-FSL-1.0' + | 'DEC-3-Clause' + | 'diffmark' + | 'DL-DE-BY-2.0' + | 'DL-DE-ZERO-2.0' + | 'DOC' + | 'Dotseqn' + | 'DRL-1.0' + | 'DRL-1.1' + | 'DSDP' + | 'dtoa' + | 'dvipdfm' + | 'ECL-1.0' + | 'ECL-2.0' + | 'eCos-2.0' + | 'EFL-1.0' + | 'EFL-2.0' + | 'eGenix' + | 'Elastic-2.0' + | 'Entessa' + | 'EPICS' + | 'EPL-1.0' + | 'EPL-2.0' + | 'ErlPL-1.1' + | 'etalab-2.0' + | 'EUDatagrid' + | 'EUPL-1.0' + | 'EUPL-1.1' + | 'EUPL-1.2' + | 'Eurosym' + | 'Fair' + | 'FBM' + | 'FDK-AAC' + | 'Ferguson-Twofish' + | 'Frameworx-1.0' + | 'FreeBSD-DOC' + | 'FreeImage' + | 'FSFAP' + | 'FSFAP-no-warranty-disclaimer' + | 'FSFUL' + | 'FSFULLR' + | 'FSFULLRWD' + | 'FTL' + | 'Furuseth' + | 'fwlw' + | 'GCR-docs' + | 'GD' + | 'GFDL-1.1' + | 'GFDL-1.1-invariants-only' + | 'GFDL-1.1-invariants-or-later' + | 'GFDL-1.1-no-invariants-only' + | 'GFDL-1.1-no-invariants-or-later' + | 'GFDL-1.1-only' + | 'GFDL-1.1-or-later' + | 'GFDL-1.2' + | 'GFDL-1.2-invariants-only' + | 'GFDL-1.2-invariants-or-later' + | 'GFDL-1.2-no-invariants-only' + | 'GFDL-1.2-no-invariants-or-later' + | 'GFDL-1.2-only' + | 'GFDL-1.2-or-later' + | 'GFDL-1.3' + | 'GFDL-1.3-invariants-only' + | 'GFDL-1.3-invariants-or-later' + | 'GFDL-1.3-no-invariants-only' + | 'GFDL-1.3-no-invariants-or-later' + | 'GFDL-1.3-only' + | 'GFDL-1.3-or-later' + | 'Giftware' + | 'GL2PS' + | 'Glide' + | 'Glulxe' + | 'GLWTPL' + | 'gnuplot' + | 'GPL-1.0' + | 'GPL-1.0+' + | 'GPL-1.0-only' + | 'GPL-1.0-or-later' + | 'GPL-2.0' + | 'GPL-2.0+' + | 'GPL-2.0-only' + | 'GPL-2.0-or-later' + | 'GPL-2.0-with-autoconf-exception' + | 'GPL-2.0-with-bison-exception' + | 'GPL-2.0-with-classpath-exception' + | 'GPL-2.0-with-font-exception' + | 'GPL-2.0-with-GCC-exception' + | 'GPL-3.0' + | 'GPL-3.0+' + | 'GPL-3.0-only' + | 'GPL-3.0-or-later' + | 'GPL-3.0-with-autoconf-exception' + | 'GPL-3.0-with-GCC-exception' + | 'Graphics-Gems' + | 'gSOAP-1.3b' + | 'gtkbook' + | 'Gutmann' + | 'HaskellReport' + | 'hdparm' + | 'Hippocratic-2.1' + | 'HP-1986' + | 'HP-1989' + | 'HPND' + | 'HPND-DEC' + | 'HPND-doc' + | 'HPND-doc-sell' + | 'HPND-export-US' + | 'HPND-export-US-acknowledgement' + | 'HPND-export-US-modify' + | 'HPND-export2-US' + | 'HPND-Fenneberg-Livingston' + | 'HPND-INRIA-IMAG' + | 'HPND-Intel' + | 'HPND-Kevlin-Henney' + | 'HPND-Markus-Kuhn' + | 'HPND-merchantability-variant' + | 'HPND-MIT-disclaimer' + | 'HPND-Pbmplus' + | 'HPND-sell-MIT-disclaimer-xserver' + | 'HPND-sell-regexpr' + | 'HPND-sell-variant' + | 'HPND-sell-variant-MIT-disclaimer' + | 'HPND-sell-variant-MIT-disclaimer-rev' + | 'HPND-UC' + | 'HPND-UC-export-US' + | 'HTMLTIDY' + | 'IBM-pibs' + | 'ICU' + | 'IEC-Code-Components-EULA' + | 'IJG' + | 'IJG-short' + | 'ImageMagick' + | 'iMatix' + | 'Imlib2' + | 'Info-ZIP' + | 'Inner-Net-2.0' + | 'Intel' + | 'Intel-ACPI' + | 'Interbase-1.0' + | 'IPA' + | 'IPL-1.0' + | 'ISC' + | 'ISC-Veillard' + | 'Jam' + | 'JasPer-2.0' + | 'JPL-image' + | 'JPNIC' + | 'JSON' + | 'Kastrup' + | 'Kazlib' + | 'Knuth-CTAN' + | 'LAL-1.2' + | 'LAL-1.3' + | 'Latex2e' + | 'Latex2e-translated-notice' + | 'Leptonica' + | 'LGPL-2.0' + | 'LGPL-2.0+' + | 'LGPL-2.0-only' + | 'LGPL-2.0-or-later' + | 'LGPL-2.1' + | 'LGPL-2.1+' + | 'LGPL-2.1-only' + | 'LGPL-2.1-or-later' + | 'LGPL-3.0' + | 'LGPL-3.0+' + | 'LGPL-3.0-only' + | 'LGPL-3.0-or-later' + | 'LGPLLR' + | 'Libpng' + | 'libpng-2.0' + | 'libselinux-1.0' + | 'libtiff' + | 'libutil-David-Nugent' + | 'LiLiQ-P-1.1' + | 'LiLiQ-R-1.1' + | 'LiLiQ-Rplus-1.1' + | 'Linux-man-pages-1-para' + | 'Linux-man-pages-copyleft' + | 'Linux-man-pages-copyleft-2-para' + | 'Linux-man-pages-copyleft-var' + | 'Linux-OpenIB' + | 'LOOP' + | 'LPD-document' + | 'LPL-1.0' + | 'LPL-1.02' + | 'LPPL-1.0' + | 'LPPL-1.1' + | 'LPPL-1.2' + | 'LPPL-1.3a' + | 'LPPL-1.3c' + | 'lsof' + | 'Lucida-Bitmap-Fonts' + | 'LZMA-SDK-9.11-to-9.20' + | 'LZMA-SDK-9.22' + | 'Mackerras-3-Clause' + | 'Mackerras-3-Clause-acknowledgment' + | 'magaz' + | 'mailprio' + | 'MakeIndex' + | 'Martin-Birgmeier' + | 'McPhee-slideshow' + | 'metamail' + | 'Minpack' + | 'MirOS' + | 'MIT' + | 'MIT-0' + | 'MIT-advertising' + | 'MIT-CMU' + | 'MIT-enna' + | 'MIT-feh' + | 'MIT-Festival' + | 'MIT-Khronos-old' + | 'MIT-Modern-Variant' + | 'MIT-open-group' + | 'MIT-testregex' + | 'MIT-Wu' + | 'MITNFA' + | 'MMIXware' + | 'Motosoto' + | 'MPEG-SSG' + | 'mpi-permissive' + | 'mpich2' + | 'MPL-1.0' + | 'MPL-1.1' + | 'MPL-2.0' + | 'MPL-2.0-no-copyleft-exception' + | 'mplus' + | 'MS-LPL' + | 'MS-PL' + | 'MS-RL' + | 'MTLL' + | 'MulanPSL-1.0' + | 'MulanPSL-2.0' + | 'Multics' + | 'Mup' + | 'NAIST-2003' + | 'NASA-1.3' + | 'Naumen' + | 'NBPL-1.0' + | 'NCBI-PD' + | 'NCGL-UK-2.0' + | 'NCL' + | 'NCSA' + | 'Net-SNMP' + | 'NetCDF' + | 'Newsletr' + | 'NGPL' + | 'NICTA-1.0' + | 'NIST-PD' + | 'NIST-PD-fallback' + | 'NIST-Software' + | 'NLOD-1.0' + | 'NLOD-2.0' + | 'NLPL' + | 'Nokia' + | 'NOSL' + | 'Noweb' + | 'NPL-1.0' + | 'NPL-1.1' + | 'NPOSL-3.0' + | 'NRL' + | 'NTP' + | 'NTP-0' + | 'Nunit' + | 'O-UDA-1.0' + | 'OAR' + | 'OCCT-PL' + | 'OCLC-2.0' + | 'ODbL-1.0' + | 'ODC-By-1.0' + | 'OFFIS' + | 'OFL-1.0' + | 'OFL-1.0-no-RFN' + | 'OFL-1.0-RFN' + | 'OFL-1.1' + | 'OFL-1.1-no-RFN' + | 'OFL-1.1-RFN' + | 'OGC-1.0' + | 'OGDL-Taiwan-1.0' + | 'OGL-Canada-2.0' + | 'OGL-UK-1.0' + | 'OGL-UK-2.0' + | 'OGL-UK-3.0' + | 'OGTSL' + | 'OLDAP-1.1' + | 'OLDAP-1.2' + | 'OLDAP-1.3' + | 'OLDAP-1.4' + | 'OLDAP-2.0' + | 'OLDAP-2.0.1' + | 'OLDAP-2.1' + | 'OLDAP-2.2' + | 'OLDAP-2.2.1' + | 'OLDAP-2.2.2' + | 'OLDAP-2.3' + | 'OLDAP-2.4' + | 'OLDAP-2.5' + | 'OLDAP-2.6' + | 'OLDAP-2.7' + | 'OLDAP-2.8' + | 'OLFL-1.3' + | 'OML' + | 'OpenPBS-2.3' + | 'OpenSSL' + | 'OpenSSL-standalone' + | 'OpenVision' + | 'OPL-1.0' + | 'OPL-UK-3.0' + | 'OPUBL-1.0' + | 'OSET-PL-2.1' + | 'OSL-1.0' + | 'OSL-1.1' + | 'OSL-2.0' + | 'OSL-2.1' + | 'OSL-3.0' + | 'PADL' + | 'Parity-6.0.0' + | 'Parity-7.0.0' + | 'PDDL-1.0' + | 'PHP-3.0' + | 'PHP-3.01' + | 'Pixar' + | 'pkgconf' + | 'Plexus' + | 'pnmstitch' + | 'PolyForm-Noncommercial-1.0.0' + | 'PolyForm-Small-Business-1.0.0' + | 'PostgreSQL' + | 'PPL' + | 'PSF-2.0' + | 'psfrag' + | 'psutils' + | 'Python-2.0' + | 'Python-2.0.1' + | 'python-ldap' + | 'Qhull' + | 'QPL-1.0' + | 'QPL-1.0-INRIA-2004' + | 'radvd' + | 'Rdisc' + | 'RHeCos-1.1' + | 'RPL-1.1' + | 'RPL-1.5' + | 'RPSL-1.0' + | 'RSA-MD' + | 'RSCPL' + | 'Ruby' + | 'SAX-PD' + | 'SAX-PD-2.0' + | 'Saxpath' + | 'SCEA' + | 'SchemeReport' + | 'Sendmail' + | 'Sendmail-8.23' + | 'SGI-B-1.0' + | 'SGI-B-1.1' + | 'SGI-B-2.0' + | 'SGI-OpenGL' + | 'SGP4' + | 'SHL-0.5' + | 'SHL-0.51' + | 'SimPL-2.0' + | 'SISSL' + | 'SISSL-1.2' + | 'SL' + | 'Sleepycat' + | 'SMLNJ' + | 'SMPPL' + | 'SNIA' + | 'snprintf' + | 'softSurfer' + | 'Soundex' + | 'Spencer-86' + | 'Spencer-94' + | 'Spencer-99' + | 'SPL-1.0' + | 'ssh-keyscan' + | 'SSH-OpenSSH' + | 'SSH-short' + | 'SSLeay-standalone' + | 'SSPL-1.0' + | 'StandardML-NJ' + | 'SugarCRM-1.1.3' + | 'Sun-PPP' + | 'Sun-PPP-2000' + | 'SunPro' + | 'SWL' + | 'swrule' + | 'Symlinks' + | 'TAPR-OHL-1.0' + | 'TCL' + | 'TCP-wrappers' + | 'TermReadKey' + | 'TGPPL-1.0' + | 'threeparttable' + | 'TMate' + | 'TORQUE-1.1' + | 'TOSL' + | 'TPDL' + | 'TPL-1.0' + | 'TTWL' + | 'TTYP0' + | 'TU-Berlin-1.0' + | 'TU-Berlin-2.0' + | 'UCAR' + | 'UCL-1.0' + | 'ulem' + | 'UMich-Merit' + | 'Unicode-3.0' + | 'Unicode-DFS-2015' + | 'Unicode-DFS-2016' + | 'Unicode-TOU' + | 'UnixCrypt' + | 'Unlicense' + | 'UPL-1.0' + | 'URT-RLE' + | 'Vim' + | 'VOSTROM' + | 'VSL-1.0' + | 'W3C' + | 'W3C-19980720' + | 'W3C-20150513' + | 'w3m' + | 'Watcom-1.0' + | 'Widget-Workshop' + | 'Wsuipa' + | 'WTFPL' + | 'wxWindows' + | 'X11' + | 'X11-distribute-modifications-variant' + | 'Xdebug-1.03' + | 'Xerox' + | 'Xfig' + | 'XFree86-1.1' + | 'xinetd' + | 'xkeyboard-config-Zinoviev' + | 'xlock' + | 'Xnet' + | 'xpp' + | 'XSkat' + | 'xzoom' + | 'YPL-1.0' + | 'YPL-1.1' + | 'Zed' + | 'Zeeff' + | 'Zend-2.0' + | 'Zimbra-1.3' + | 'Zimbra-1.4' + | 'Zlib' + | 'zlib-acknowledgement' + | 'ZPL-1.1' + | 'ZPL-2.0' + | 'ZPL-2.1' + | '389-exception' + | 'Asterisk-exception' + | 'Asterisk-linking-protocols-exception' + | 'Autoconf-exception-2.0' + | 'Autoconf-exception-3.0' + | 'Autoconf-exception-generic' + | 'Autoconf-exception-generic-3.0' + | 'Autoconf-exception-macro' + | 'Bison-exception-1.24' + | 'Bison-exception-2.2' + | 'Bootloader-exception' + | 'Classpath-exception-2.0' + | 'CLISP-exception-2.0' + | 'cryptsetup-OpenSSL-exception' + | 'DigiRule-FOSS-exception' + | 'eCos-exception-2.0' + | 'Fawkes-Runtime-exception' + | 'FLTK-exception' + | 'fmt-exception' + | 'Font-exception-2.0' + | 'freertos-exception-2.0' + | 'GCC-exception-2.0' + | 'GCC-exception-2.0-note' + | 'GCC-exception-3.1' + | 'Gmsh-exception' + | 'GNAT-exception' + | 'GNOME-examples-exception' + | 'GNU-compiler-exception' + | 'gnu-javamail-exception' + | 'GPL-3.0-interface-exception' + | 'GPL-3.0-linking-exception' + | 'GPL-3.0-linking-source-exception' + | 'GPL-CC-1.0' + | 'GStreamer-exception-2005' + | 'GStreamer-exception-2008' + | 'i2p-gpl-java-exception' + | 'KiCad-libraries-exception' + | 'LGPL-3.0-linking-exception' + | 'libpri-OpenH323-exception' + | 'Libtool-exception' + | 'Linux-syscall-note' + | 'LLGPL' + | 'LLVM-exception' + | 'LZMA-exception' + | 'mif-exception' + | 'Nokia-Qt-exception-1.1' + | 'OCaml-LGPL-linking-exception' + | 'OCCT-exception-1.0' + | 'OpenJDK-assembly-exception-1.0' + | 'openvpn-openssl-exception' + | 'PCRE2-exception' + | 'PS-or-PDF-font-exception-20170817' + | 'QPL-1.0-INRIA-2004-exception' + | 'Qt-GPL-exception-1.0' + | 'Qt-LGPL-exception-1.1' + | 'Qwt-exception-1.0' + | 'RRDtool-FLOSS-exception-2.0' + | 'SANE-exception' + | 'SHL-2.0' + | 'SHL-2.1' + | 'stunnel-exception' + | 'SWI-exception' + | 'Swift-exception' + | 'Texinfo-exception' + | 'u-boot-exception-2.0' + | 'UBDL-exception' + | 'Universal-FOSS-exception-1.0' + | 'vsftpd-openssl-exception' + | 'WxWindows-exception-3.1' + | 'x11vnc-openssl-exception'; + +/** + * Specifies an individual external reference + */ +export type ExternalReferenceObject = { + /** + * An optional comment describing the external reference + */ + comment?: string; + /** + * The hashes of the external reference (if applicable). + */ + hashes?: HashObject[]; + /** + * Specifies the type of external reference. There are built-in types to describe common + * references. If a type does not exist for the reference being referred to, use the "other" + * type. + */ + type: PurpleType; + /** + * The URL to the external reference + */ + url: string; + [property: string]: any; +}; + +export type HashObject = { + alg: HashAlgorithm; + content: string; + [property: string]: any; +}; + +/** + * The algorithm that generated the hash value. + */ +export type HashAlgorithm = + | 'MD5' + | 'SHA-1' + | 'SHA-256' + | 'SHA-384' + | 'SHA-512' + | 'SHA3-256' + | 'SHA3-384' + | 'SHA3-512' + | 'BLAKE2b-256' + | 'BLAKE2b-384' + | 'BLAKE2b-512' + | 'BLAKE3'; + +/** + * Specifies the type of external reference. There are built-in types to describe common + * references. If a type does not exist for the reference being referred to, use the "other" + * type. + */ +export type PurpleType = + | 'vcs' + | 'issue-tracker' + | 'website' + | 'advisories' + | 'bom' + | 'mailing-list' + | 'social' + | 'chat' + | 'documentation' + | 'support' + | 'distribution' + | 'license' + | 'build-meta' + | 'build-system' + | 'other'; + +export type LightweightNameValuePair = { + /** + * The name of the property. Duplicate names are allowed, each potentially having a + * different value. + */ + name?: string; + /** + * The value of the property. + */ + value?: string; + [property: string]: any; +}; + +/** + * Specifies the scope of the component. If scope is not specified, 'required' scope should + * be assumed by the consumer of the BOM + * + * Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD + * be assumed by the consumer of the BOM. + */ +export type ComponentScope = 'required' | 'optional' | 'excluded'; + +/** + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + * + * + * + * The organization that manufactured the component that the BOM describes. + * + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + * + * The organization that provides the service. + */ +export type ManufactureObject = { + /** + * A contact at the organization. Multiple contacts are allowed. + */ + contact?: ContactObject[]; + /** + * The name of the organization + */ + name?: string; + /** + * The URL of the organization. Multiple URLs are allowed. + */ + url?: string[]; + [property: string]: any; +}; + +export type ContactObject = { + /** + * The email address of the contact. + */ + email?: string; + /** + * The name of a contact + */ + name?: string; + /** + * The phone number of the contact. + */ + phone?: string; + [property: string]: any; +}; + +/** + * Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + */ +export type SwidObject = { + /** + * Maps to the name of a SoftwareIdentity. + */ + name: string; + /** + * Maps to the patch of a SoftwareIdentity. + */ + patch?: boolean; + /** + * Maps to the tagId of a SoftwareIdentity. + */ + tagId: string; + /** + * Maps to the tagVersion of a SoftwareIdentity. + */ + tagVersion?: number; + /** + * Specifies the metadata and content of the SWID tag. + */ + text?: TextObject; + /** + * The URL to the SWID file. + */ + url?: string; + /** + * Maps to the version of a SoftwareIdentity. + */ + version?: string; + [property: string]: any; +}; + +/** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. + */ +export type PurpleComponentType = + | 'application' + | 'framework' + | 'library' + | 'container' + | 'operating-system' + | 'device' + | 'firmware' + | 'file'; + +export type CompositionObject = { + /** + * Specifies an aggregate type that describe how complete a relationship is. + */ + aggregate: PurpleAggregateType; + /** + * The bom-ref identifiers of the components or services being described. Assemblies refer + * to nested relationships whereby a constituent part may include other constituent parts. + * References do not cascade to child parts. References are explicit for the specified + * constituent part only. + */ + assemblies?: string[]; + /** + * The bom-ref identifiers of the components or services being described. Dependencies refer + * to a relationship whereby an independent constituent part requires another independent + * constituent part. References do not cascade to transitive dependencies. References are + * explicit for the specified dependency only. + */ + dependencies?: string[]; + [property: string]: any; +}; + +/** + * Specifies an aggregate type that describe how complete a relationship is. + */ +export type PurpleAggregateType = + | 'complete' + | 'incomplete' + | 'incomplete_first_party_only' + | 'incomplete_third_party_only' + | 'unknown' + | 'not_specified'; + +/** + * Defines the direct dependencies of a component. Components that do not have their own + * dependencies MUST be declared as empty elements within the graph. Components that are not + * represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that + * implementations assume this to be opaque and not an indicator of a component being + * dependency-free. + */ +export type DependencyObject = { + /** + * The bom-ref identifiers of the components that are dependencies of this dependency object. + */ + dependsOn?: string[]; + /** + * References a component by the components bom-ref attribute + */ + ref: string; + [property: string]: any; +}; + +/** + * Provides additional information about a BOM. + */ +export type MetadataObject = { + /** + * The person(s) who created the BOM. Authors are common in BOMs created through manual + * processes. BOMs created through automated means may not have authors. + */ + authors?: ContactObject[]; + /** + * The component that the BOM describes. + */ + component?: ComponentObject; + licenses?: LicenseS[]; + /** + * The organization that manufactured the component that the BOM describes. + */ + manufacture?: ManufactureObject; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. + */ + properties?: LightweightNameValuePair[]; + /** + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ + supplier?: ManufactureObject; + /** + * The date and time (timestamp) when the document was created. + */ + timestamp?: Date; + /** + * The tool(s) used in the creation of the BOM. + */ + tools?: ToolElement[]; + [property: string]: any; +}; + +/** + * The tool used to create the BOM. + */ +export type ToolElement = { + /** + * The hashes of the tool (if applicable). + */ + hashes?: HashObject[]; + /** + * The date and time (timestamp) when the document was created. + */ + name?: string; + /** + * The date and time (timestamp) when the document was created. + */ + vendor?: string; + /** + * The date and time (timestamp) when the document was created. + */ + version?: string; + [property: string]: any; +}; + +export type ServiceObject = { + /** + * A boolean value indicating if the service requires authentication. A value of true + * indicates the service requires authentication prior to use. A value of false indicates + * the service does not require authentication. + */ + authenticated?: boolean; + /** + * An optional identifier which can be used to reference the service elsewhere in the BOM. + * Every bom-ref should be unique. + */ + 'bom-ref'?: string; + /** + * Specifies the data classification. + */ + data?: DatumObject[]; + /** + * Specifies a description for the service + */ + description?: string; + /** + * The endpoint URIs of the service. Multiple endpoints are allowed. + */ + endpoints?: string[]; + externalReferences?: ExternalReferenceObject[]; + /** + * The grouping name, namespace, or identifier. This will often be a shortened, single name + * of the company or project that produced the service or domain name. Whitespace and + * special characters should be avoided. + */ + group?: string; + licenses?: LicenseS[]; + /** + * The name of the service. This will often be a shortened, single name of the service. + */ + name: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. + */ + properties?: LightweightNameValuePair[]; + /** + * The organization that provides the service. + */ + provider?: ManufactureObject; + services?: ServiceObject[]; + /** + * The service version. + */ + version?: string; + /** + * A boolean value indicating if use of the service crosses a trust zone or boundary. A + * value of true indicates that by using the service, a trust boundary is crossed. A value + * of false indicates that by using the service, a trust boundary is not crossed. + */ + 'x-trust-boundary'?: boolean; + [property: string]: any; +}; + +export type DatumObject = { + classification: string; + flow: DataFlowDirection; + [property: string]: any; +}; + +/** + * Specifies the flow direction of the data. Direction is relative to the service. Inbound + * flow states that data enters the service. Outbound flow states that data leaves the + * service. Bi-directional states that data flows both ways, and unknown states that the + * direction is not known. + * + * Specifies the flow direction of the data. Direction is relative to the service. Inbound + * flow states that data enters the service. Outbound flow states that data leaves the + * service. Bi-directional states that data flows both ways and unknown states that the + * direction is not known. + * + * Specifies the flow direction of the data. Direction is relative to the service. + */ +export type DataFlowDirection = + | 'inbound' + | 'outbound' + | 'bi-directional' + | 'unknown'; + +export type CycloneDXSoftwareBillOfMaterialsStandard = { + $schema?: Schema; + /** + * Comments made by people, organizations, or tools about any object with a bom-ref, such as + * components, services, vulnerabilities, or the BOM itself. Unlike inventory information, + * annotations may contain opinion or commentary from various stakeholders. Annotations may + * be inline (with inventory) or externalized via BOM-Link, and may optionally be signed. + */ + annotations?: CycloneDXSoftwareBillOfMaterialsStandardAnnotation[]; + /** + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention nor does JSON schema support namespaces. This value + * MUST be "CycloneDX". + */ + bomFormat: BOMFormat; + /** + * A list of software and hardware components. + */ + components?: ComponentClass[]; + /** + * Compositions describe constituent parts (including components, services, and dependency + * relationships) and their completeness. The completeness of vulnerabilities expressed in a + * BOM may also be described. + */ + compositions?: CycloneDXSoftwareBillOfMaterialsStandardComposition[]; + /** + * Provides the ability to document dependency relationships. + */ + dependencies?: CycloneDXSoftwareBillOfMaterialsStandardDependency[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: CycloneDXSoftwareBillOfMaterialsStandardExternalReference[]; + /** + * Describes how a component or service was manufactured or deployed. This is achieved + * through the use of formulas, workflows, tasks, and steps, which declare the precise steps + * to reproduce along with the observed formulas describing the steps which transpired in + * the manufacturing process. + */ + formulation?: CycloneDXSoftwareBillOfMaterialsStandardFormulation[]; + /** + * Provides additional information about a BOM. + */ + metadata?: MetadataClass; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM + * have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use + * of serial numbers are RECOMMENDED. + */ + serialNumber?: string; + /** + * A list of services. This may include microservices, function-as-a-service, and other + * types of network or intra-process services. + */ + services?: ServiceClass[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The version of the CycloneDX specification a BOM conforms to (starting at version 1.2). + */ + specVersion: string; + /** + * Whenever an existing BOM is modified, either manually or through automated processes, the + * version of the BOM SHOULD be incremented by 1. When a system is presented with multiple + * BOMs with identical serial numbers, the system SHOULD use the most recent version of the + * BOM. The default version is '1'. + */ + version?: number; + /** + * Vulnerabilities identified in components or services. + */ + vulnerabilities?: CycloneDXSoftwareBillOfMaterialsStandardVulnerability[]; +}; + +export type Schema = 'http://cyclonedx.org/schema/bom-1.5.schema.json'; + +/** + * A comment, note, explanation, or similar textual content which provides additional + * context to the object(s) being annotated. + */ +export type CycloneDXSoftwareBillOfMaterialsStandardAnnotation = { + /** + * The organization, person, component, or service which created the textual content of the + * annotation. + */ + annotator: PurpleAnnotator; + /** + * An optional identifier which can be used to reference the annotation elsewhere in the + * BOM. Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The object in the BOM identified by its bom-ref. This is often a component or service, + * but may be any object type supporting bom-refs. + */ + subjects: string[]; + /** + * The textual content of the annotation. + */ + text: string; + /** + * The date and time (timestamp) when the annotation was created. + */ + timestamp: Date; +}; + +/** + * The organization, person, component, or service which created the textual content of the + * annotation. + */ +export type PurpleAnnotator = { + /** + * The tool or component that created the annotation + */ + component?: ComponentClass; + /** + * The person that created the annotation + */ + individual?: IndividualElement; + /** + * The organization that created the annotation + */ + organization?: ManufactureElement; + /** + * The service that created the annotation + */ + service?: ServiceClass; +}; + +/** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ +export type PurpleComponentPedigree = { + /** + * Describes zero or more components in which a component is derived from. This is commonly + * used to describe forks from existing projects where the forked version contains a + * ancestor node containing the original component it was forked from. For example, + * Component A is the original component. Component B is the component being used and + * documented in the BOM. However, Component B contains a pedigree node with a single + * ancestor documenting Component A - the original component from which Component B is + * derived from. + */ + ancestors?: ComponentClass[]; + /** + * A list of zero or more commits which provide a trail describing how the component + * deviates from an ancestor, descendant, or variant. + */ + commits?: PurpleCommit[]; + /** + * Descendants are the exact opposite of ancestors. This provides a way to document all + * forks (and their forks) of an original or root component. + */ + descendants?: ComponentClass[]; + /** + * Notes, observations, and other non-structured commentary describing the components + * pedigree. + */ + notes?: string; + /** + * >A list of zero or more patches describing how the component deviates from an ancestor, + * descendant, or variant. Patches may be complimentary to commits or may be used in place + * of commits. + */ + patches?: PurplePatch[]; + /** + * Variants describe relations where the relationship between the components are not known. + * For example, if Component A contains nearly identical code to Component B. They are both + * related, but it is unclear if one is derived from the other, or if they share a common + * ancestor. + */ + variants?: ComponentClass[]; +}; + +/** + * The tool or component that created the annotation + * + * The component that the BOM describes. + */ +export type ComponentClass = { + /** + * The person(s) or organization(s) that authored the component + */ + author?: string; + /** + * An optional identifier which can be used to reference the component elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * A list of software and hardware components included in the parent component. This is not + * a dependency tree. It provides a way to specify a hierarchical representation of + * component assemblies, similar to system → subsystem → parts assembly in + * physical supply chains. + */ + components?: ComponentClass[]; + /** + * A copyright notice informing users of the underlying claims to copyright ownership in a + * published work. + */ + copyright?: string; + /** + * Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See + * [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe) + */ + cpe?: string; + /** + * This object SHOULD be specified for any component of type `data` and MUST NOT be + * specified for other component types. + */ + data?: PurpleComponentData[]; + /** + * Specifies a description for the component + */ + description?: string; + /** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ + evidence?: PurpleEvidence; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: CycloneDXSoftwareBillOfMaterialsStandardExternalReference[]; + /** + * The grouping name or identifier. This will often be a shortened, single name of the + * company or project that produced the component, or the source package or domain name. + * Whitespace and special characters should be avoided. Examples include: apache, + * org.apache.commons, and apache.org. + */ + group?: string; + hashes?: HashClass[]; + licenses?: MultipleLicense[]; + /** + * The optional mime-type of the component. When used on file components, the mime-type can + * provide additional context about the kind of file being represented such as an image, + * font, or executable. Some library or framework components may also have an associated + * mime-type. + */ + 'mime-type'?: string; + modelCard?: PurpleModelCard; + /** + * [Deprecated] - DO NOT USE. This will be removed in a future version. Use the pedigree + * element instead to supply information on exactly how the component was modified. A + * boolean value indicating if the component has been modified from the original. A value of + * true indicates the component is a derivative of the original. A value of false indicates + * the component has not been modified from the original. + */ + modified?: boolean; + /** + * The name of the component. This will often be a shortened, single name of the component. + * Examples: commons-lang3 and jquery + */ + name: string; + /** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ + pedigree?: PurpleComponentPedigree; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * The person(s) or organization(s) that published the component + */ + publisher?: string; + /** + * Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to + * the specification defined at: + * [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec) + */ + purl?: string; + /** + * Specifies optional release notes. + */ + releaseNotes?: PurpleReleaseNotes; + /** + * Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD + * be assumed by the consumer of the BOM. + */ + scope?: ComponentScope; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + */ + supplier?: ManufactureElement; + /** + * Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) + * Tags](https://www.iso.org/standard/65666.html). + */ + swid?: PurpleSWIDTag; + /** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. Types include: + * + * * __application__ = A software application. Refer to + * [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) + * for information about applications. + * * __framework__ = A software framework. Refer to + * [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) + * for information on how frameworks vary slightly from libraries. + * * __library__ = A software library. Refer to + * [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) + * for information about libraries. All third-party and open source reusable components will + * likely be a library. If the library also has key features of a framework, then it should + * be classified as a framework. If not, or is unknown, then specifying library is + * RECOMMENDED. + * * __container__ = A packaging and/or runtime format, not specific to any particular + * technology, which isolates software inside the container from software outside of a + * container through virtualization technology. Refer to + * [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization) + * * __platform__ = A runtime environment which interprets or executes software. This may + * include runtimes such as those that execute bytecode or low-code/no-code application + * platforms. + * * __operating-system__ = A software operating system without regard to deployment model + * (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + * [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system) + * * __device__ = A hardware device such as a processor, or chip-set. A hardware device + * containing firmware SHOULD include a component for the physical hardware itself, and + * another component of type 'firmware' or 'operating-system' (whichever is relevant), + * describing information about the software running on the device. + * See also the list of [known device + * properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md). + * * __device-driver__ = A special type of software that operates or controls a particular + * type of device. Refer to + * [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver) + * * __firmware__ = A special type of software that provides low-level control over a + * devices hardware. Refer to + * [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware) + * * __file__ = A computer file. Refer to + * [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) + * for information about files. + * * __machine-learning-model__ = A model based on training data that can make predictions + * or decisions without being explicitly programmed to do so. + * * __data__ = A collection of discrete values that convey information. + */ + type: FluffyComponentType; + /** + * The component version. The version should ideally comply with semantic versioning but is + * not enforced. + */ + version?: string; +}; + +/** + * Specifies an individual commit + */ +export type PurpleCommit = { + /** + * The author who created the changes in the commit + */ + author?: PurpleIdentifiableAction; + /** + * The person who committed or pushed the commit + */ + committer?: PurpleIdentifiableAction; + /** + * The text description of the contents of the commit + */ + message?: string; + /** + * A unique identifier of the commit. This may be version control specific. For example, + * Subversion uses revision numbers whereas git uses commit hashes. + */ + uid?: string; + /** + * The URL to the commit. This URL will typically point to a commit in a version control + * system. + */ + url?: string; +}; + +/** + * The author who created the changes in the commit + * + * Specifies an individual commit + * + * The person who committed or pushed the commit + */ +export type PurpleIdentifiableAction = { + /** + * The email address of the individual who performed the action + */ + email?: string; + /** + * The name of the individual who performed the action + */ + name?: string; + /** + * The timestamp in which the action occurred + */ + timestamp?: Date; +}; + +/** + * Specifies an individual patch + */ +export type PurplePatch = { + /** + * The patch file (or diff) that show changes. Refer to + * [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff) + */ + diff?: PurpleDiff; + /** + * A collection of issues the patch resolves + */ + resolves?: ResolveClass[]; + /** + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality. + * + * * __unofficial__ = A patch which is not developed by the creators or maintainers of the + * software being patched. Refer to + * [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch) + * * __monkey__ = A patch which dynamically modifies runtime behavior. Refer to + * [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch) + * * __backport__ = A patch which takes code from a newer version of software and applies it + * to older versions of the same software. Refer to + * [https://en.wikipedia.org/wiki/Backporting](https://en.wikipedia.org/wiki/Backporting) + * * __cherry-pick__ = A patch created by selectively applying commits from other versions + * or branches of the same software. + */ + type: PatchType; +}; + +/** + * The patch file (or diff) that show changes. Refer to + * [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff) + * + * The patch file (or diff) that show changes. Refer to https://en.wikipedia.org/wiki/Diff + */ +export type PurpleDiff = { + /** + * Specifies the optional text of the diff + */ + text?: LicenseObjectTextClass; + /** + * Specifies the URL to the diff + */ + url?: string; +}; + +/** + * An optional way to include textual or encoded data. + * + * Specifies the metadata and content for an attachment. + * + * The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + * + * An optional way to include the textual content of a license. + * + * Specifies the optional text of the diff + * + * Specifies the full content of the release note. + * + * Specifies the metadata and content of the SWID tag. + * + * Inputs that have the form of data. + * + * Outputs that have the form of data. + * + * Encoding of the raw event data. + */ +export type LicenseObjectTextClass = { + /** + * The attachment data. Proactive controls such as input validation and sanitization should + * be employed to prevent misuse of attachment text. + */ + content: string; + /** + * Specifies the content type of the text. Defaults to text/plain if not specified. + */ + contentType?: string; + /** + * Specifies the optional encoding the text is represented in. + */ + encoding?: Encoding; +}; + +/** + * An individual issue that has been resolved. + */ +export type ResolveClass = { + /** + * A description of the issue + */ + description?: string; + /** + * The identifier of the issue assigned by the source of the issue + */ + id?: string; + /** + * The name of the issue + */ + name?: string; + /** + * A collection of URL's for reference. Multiple URLs are allowed. + */ + references?: string[]; + /** + * The source of the issue where it is documented + */ + source?: PurpleSource; + /** + * Specifies the type of issue + */ + type: ResolveType; +}; + +/** + * The source of the issue where it is documented + */ +export type PurpleSource = { + /** + * The name of the source. For example 'National Vulnerability Database', 'NVD', and 'Apache' + */ + name?: string; + /** + * The url of the issue documentation as provided by the source + */ + url?: string; +}; + +export type PurpleComponentData = { + /** + * An optional identifier which can be used to reference the dataset elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + classification?: string; + /** + * The contents or references to the contents of the data being described. + */ + contents?: PurpleDataContents; + /** + * A description of the dataset. Can describe size of dataset, whether it's used for source + * code, training, testing, or validation, etc. + */ + description?: string; + governance?: PurpleDataGovernance; + graphics?: PurpleGraphicsCollection; + /** + * The name of the dataset. + */ + name?: string; + /** + * A description of any sensitive data in a dataset. + */ + sensitiveData?: string[]; + /** + * The general theme or subject matter of the data being specified. + * + * * __source-code__ = Any type of code, code snippet, or data-as-code. + * * __configuration__ = Parameters or settings that may be used by other components. + * * __dataset__ = A collection of data. + * * __definition__ = Data that can be used to create new instances of what the definition + * defines. + * * __other__ = Any other type of data that does not fit into existing definitions. + */ + type: TypeOfData; +}; + +/** + * The contents or references to the contents of the data being described. + */ +export type PurpleDataContents = { + /** + * An optional way to include textual or encoded data. + */ + attachment?: LicenseObjectTextClass; + /** + * Provides the ability to document name-value parameters used for configuration. + */ + properties?: LightweightNameValuePairObject[]; + /** + * The URL to where the data can be retrieved. + */ + url?: string; +}; + +/** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ +export type LightweightNameValuePairObject = { + /** + * The name of the property. Duplicate names are allowed, each potentially having a + * different value. + */ + name?: string; + /** + * The value of the property. + */ + value?: string; + [property: string]: any; +}; + +export type PurpleDataGovernance = { + /** + * Data custodians are responsible for the safe custody, transport, and storage of data. + */ + custodians?: PurpleDataGovernanceResponsibleParty[]; + /** + * Data owners are concerned with risk and appropriate access to data. + */ + owners?: PurpleDataGovernanceResponsibleParty[]; + /** + * Data stewards are responsible for data content, context, and associated business rules. + */ + stewards?: PurpleDataGovernanceResponsibleParty[]; +}; + +export type PurpleDataGovernanceResponsibleParty = { + contact?: IndividualElement; + organization?: ManufactureElement; +}; + +/** + * The individual, not associated with an organization, that was granted the license + * + * The individual, not associated with an organization, that granted the license + * + * The individual, not associated with an organization, that purchased the license + * + * The person that created the annotation + */ +export type IndividualElement = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The email address of the contact. + */ + email?: string; + /** + * The name of a contact + */ + name?: string; + /** + * The phone number of the contact. + */ + phone?: string; +}; + +/** + * The organization that was granted the license + * + * The organization that granted the license + * + * The organization that purchased the license + * + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + * + * The organization that created the annotation + * + * The organization that provides the service. + * + * The organization that manufactured the component that the BOM describes. + * + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ +export type ManufactureElement = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * A contact at the organization. Multiple contacts are allowed. + */ + contact?: IndividualElement[]; + /** + * The name of the organization + */ + name?: string; + /** + * The URL of the organization. Multiple URLs are allowed. + */ + url?: string[]; +}; + +/** + * A collection of graphics that represent various measurements. + */ +export type PurpleGraphicsCollection = { + /** + * A collection of graphics. + */ + collection?: Graphic[]; + /** + * A description of this collection of graphics. + */ + description?: string; +}; + +export type Graphic = { + /** + * The graphic (vector or raster). Base64 encoding MUST be specified for binary images. + */ + image?: LicenseObjectTextClass; + /** + * The name of the graphic. + */ + name?: string; +}; + +/** + * The general theme or subject matter of the data being specified. + * + * * __source-code__ = Any type of code, code snippet, or data-as-code. + * * __configuration__ = Parameters or settings that may be used by other components. + * * __dataset__ = A collection of data. + * * __definition__ = Data that can be used to create new instances of what the definition + * defines. + * * __other__ = Any other type of data that does not fit into existing definitions. + * + * The general theme or subject matter of the data being specified. + */ +export type TypeOfData = + | 'source-code' + | 'configuration' + | 'dataset' + | 'definition' + | 'other'; + +/** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ +export type PurpleEvidence = { + /** + * Evidence of the components use through the callstack. + */ + callstack?: Callstack; + copyright?: PurpleCopyright[]; + /** + * Evidence that substantiates the identity of a component. + */ + identity?: Identity; + licenses?: MultipleLicense[]; + /** + * Evidence of individual instances of a component spread across multiple locations. + */ + occurrences?: PurpleOccurrence[]; +}; + +/** + * Evidence of the components use through the callstack. + */ +export type Callstack = { + frames?: FrameElement[]; +}; + +export type FrameElement = { + /** + * The column the code that is called resides. + */ + column?: number; + /** + * The full path and filename of the module. + */ + fullFilename?: string; + /** + * A block of code designed to perform a particular task. + */ + function?: string; + /** + * The line number the code that is called resides on. + */ + line?: number; + /** + * A module or class that encloses functions/methods and other code. + */ + module: string; + /** + * A package organizes modules into namespaces, providing a unique namespace for each type + * it contains. + */ + package?: string; + /** + * Optional arguments that are passed to the module or function. + */ + parameters?: string[]; +}; + +export type PurpleCopyright = { + text: string; +}; + +/** + * Evidence that substantiates the identity of a component. + */ +export type Identity = { + /** + * The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + */ + confidence?: number; + /** + * The identity field of the component which the evidence describes. + */ + field: IdentityField; + /** + * The methods used to extract and/or analyze the evidence. + */ + methods?: IdentityMethod[]; + /** + * The object in the BOM identified by its bom-ref. This is often a component or service, + * but may be any object type supporting bom-refs. Tools used for analysis should already be + * defined in the BOM, either in the metadata/tools, components, or formulation. + */ + tools?: string[]; +}; + +/** + * The identity field of the component which the evidence describes. + */ +export type IdentityField = + | 'group' + | 'name' + | 'version' + | 'purl' + | 'cpe' + | 'swid' + | 'hash'; + +export type IdentityMethod = { + /** + * The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is + * specific to the technique used. Each technique of analysis can have independent + * confidence. + */ + confidence: number; + /** + * The technique used in this method of analysis. + */ + technique: Technique; + /** + * The value or contents of the evidence. + */ + value?: string; +}; + +/** + * The technique used in this method of analysis. + */ +export type Technique = + | 'source-code-analysis' + | 'binary-analysis' + | 'manifest-analysis' + | 'ast-fingerprint' + | 'hash-comparison' + | 'instrumentation' + | 'dynamic-analysis' + | 'filename' + | 'attestation' + | 'other'; + +/** + * A list of SPDX licenses and/or named licenses. + * + * A tuple of exactly one SPDX License Expression. + */ +export type MultipleLicense = { + license?: LicenseObjectClass; + /** + * An optional identifier which can be used to reference the license elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + expression?: string; +}; + +export type LicenseObjectClass = { + /** + * An optional identifier which can be used to reference the license elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * A valid SPDX license ID + */ + id?: SpdxSchema; + /** + * Licensing details describing the licensor/licensee, license type, renewal and expiration + * dates, and other important metadata + */ + licensing?: LicenseObjectLicensing; + /** + * If SPDX does not define the license used, this field may be used to provide the license + * name + */ + name?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * An optional way to include the textual content of a license. + */ + text?: LicenseObjectTextClass; + /** + * The URL to the license file. If specified, a 'license' externalReference should also be + * specified for completeness + */ + url?: string; +}; + +/** + * Licensing details describing the licensor/licensee, license type, renewal and expiration + * dates, and other important metadata + */ +export type LicenseObjectLicensing = { + /** + * License identifiers that may be used to manage licenses and their lifecycle + */ + altIds?: string[]; + /** + * The timestamp indicating when the current license expires (if applicable). + */ + expiration?: Date; + /** + * The timestamp indicating when the license was last renewed. For new purchases, this is + * often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this + * is the timestamp of when the license was last renewed. + */ + lastRenewal?: Date; + /** + * The individual or organization for which a license was granted to + */ + licensee?: PurpleLicensee; + /** + * The type of license(s) that was granted to the licensee + * + * * __academic__ = A license that grants use of software solely for the purpose of + * education or research. + * * __appliance__ = A license covering use of software embedded in a specific piece of + * hardware. + * * __client-access__ = A Client Access License (CAL) allows client computers to access + * services provided by server software. + * * __concurrent-user__ = A Concurrent User license (aka floating license) limits the + * number of licenses for a software application and licenses are shared among a larger + * number of users. + * * __core-points__ = A license where the core of a computer's processor is assigned a + * specific number of points. + * * __custom-metric__ = A license for which consumption is measured by non-standard + * metrics. + * * __device__ = A license that covers a defined number of installations on computers and + * other types of devices. + * * __evaluation__ = A license that grants permission to install and use software for trial + * purposes. + * * __named-user__ = A license that grants access to the software to one or more + * pre-defined users. + * * __node-locked__ = A license that grants access to the software on one or more + * pre-defined computers or devices. + * * __oem__ = An Original Equipment Manufacturer license that is delivered with hardware, + * cannot be transferred to other hardware, and is valid for the life of the hardware. + * * __perpetual__ = A license where the software is sold on a one-time basis and the + * licensee can use a copy of the software indefinitely. + * * __processor-points__ = A license where each installation consumes points per processor. + * * __subscription__ = A license where the licensee pays a fee to use the software or + * service. + * * __user__ = A license that grants access to the software or service by a specified + * number of users. + * * __other__ = Another license type. + */ + licenseTypes?: LicenseType[]; + /** + * The individual or organization that grants a license to another individual or organization + */ + licensor?: PurpleLicensor; + /** + * The purchase order identifier the purchaser sent to a supplier or vendor to authorize a + * purchase + */ + purchaseOrder?: string; + /** + * The individual or organization that purchased the license + */ + purchaser?: PurplePurchaser; +}; + +export type LicenseType = + | 'academic' + | 'appliance' + | 'client-access' + | 'concurrent-user' + | 'core-points' + | 'custom-metric' + | 'device' + | 'evaluation' + | 'named-user' + | 'node-locked' + | 'oem' + | 'perpetual' + | 'processor-points' + | 'subscription' + | 'user' + | 'other'; + +/** + * The individual or organization for which a license was granted to + */ +export type PurpleLicensee = { + /** + * The individual, not associated with an organization, that was granted the license + */ + individual?: IndividualElement; + /** + * The organization that was granted the license + */ + organization?: ManufactureElement; +}; + +/** + * The individual or organization that grants a license to another individual or organization + */ +export type PurpleLicensor = { + /** + * The individual, not associated with an organization, that granted the license + */ + individual?: IndividualElement; + /** + * The organization that granted the license + */ + organization?: ManufactureElement; +}; + +/** + * The individual or organization that purchased the license + */ +export type PurplePurchaser = { + /** + * The individual, not associated with an organization, that purchased the license + */ + individual?: IndividualElement; + /** + * The organization that purchased the license + */ + organization?: ManufactureElement; +}; + +export type PurpleOccurrence = { + /** + * An optional identifier which can be used to reference the occurrence elsewhere in the + * BOM. Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The location or path to where the component was found. + */ + location: string; +}; + +/** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + * + * Reference to an externally accessible resource. + */ +export type CycloneDXSoftwareBillOfMaterialsStandardExternalReference = { + /** + * An optional comment describing the external reference + */ + comment?: string; + /** + * The hashes of the external reference (if applicable). + */ + hashes?: HashClass[]; + /** + * Specifies the type of external reference. + * + * * __vcs__ = Version Control System + * * __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle + * Management (ALM) system + * * __website__ = Website + * * __advisories__ = Security advisories + * * __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc) + * * __mailing-list__ = Mailing list or discussion group + * * __social__ = Social media account + * * __chat__ = Real-time chat platform + * * __documentation__ = Documentation, guides, or how-to instructions + * * __support__ = Community or commercial support + * * __distribution__ = Direct or repository download location + * * __distribution-intake__ = The location where a component was published to. This is + * often the same as "distribution" but may also include specialized publishing processes + * that act as an intermediary + * * __license__ = The URL to the license file. If a license URL has been defined in the + * license node, it should also be defined as an external reference for completeness + * * __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, + * etc) + * * __build-system__ = URL to an automated build system + * * __release-notes__ = URL to release notes + * * __security-contact__ = Specifies a way to contact the maintainer, supplier, or provider + * in the event of a security incident. Common URIs include links to a disclosure procedure, + * a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a + * phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT + * * __model-card__ = A model card describes the intended uses of a machine learning model, + * potential limitations, biases, ethical considerations, training parameters, datasets used + * to train the model, performance metrics, and other relevant data useful for ML + * transparency + * * __log__ = A record of events that occurred in a computer system or application, such as + * problems, errors, or information on current operations + * * __configuration__ = Parameters or settings that may be used by other components or + * services + * * __evidence__ = Information used to substantiate a claim + * * __formulation__ = Describes how a component or service was manufactured or deployed + * * __attestation__ = Human or machine-readable statements containing facts, evidence, or + * testimony + * * __threat-model__ = An enumeration of identified weaknesses, threats, and + * countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation + * in human-readable or machine-readable format + * * __adversary-model__ = The defined assumptions, goals, and capabilities of an adversary. + * * __risk-assessment__ = Identifies and analyzes the potential of future events that may + * negatively impact individuals, assets, and/or the environment. Risk assessments may also + * include judgments on the tolerability of each risk. + * * __vulnerability-assertion__ = A Vulnerability Disclosure Report (VDR) which asserts the + * known and previously unknown vulnerabilities that affect a component, service, or product + * including the analysis and findings describing the impact (or lack of impact) that the + * reported vulnerability has on a component, service, or product. + * * __exploitability-statement__ = A Vulnerability Exploitability eXchange (VEX) which + * asserts the known vulnerabilities that do not affect a product, product family, or + * organization, and optionally the ones that do. The VEX should include the analysis and + * findings describing the impact (or lack of impact) that the reported vulnerability has on + * the product, product family, or organization. + * * __pentest-report__ = Results from an authorized simulated cyberattack on a component or + * service, otherwise known as a penetration test + * * __static-analysis-report__ = SARIF or proprietary machine or human-readable report for + * which static analysis has identified code quality, security, and other potential issues + * with the source code + * * __dynamic-analysis-report__ = Dynamic analysis report that has identified issues such + * as vulnerabilities and misconfigurations + * * __runtime-analysis-report__ = Report generated by analyzing the call stack of a running + * application + * * __component-analysis-report__ = Report generated by Software Composition Analysis + * (SCA), container analysis, or other forms of component analysis + * * __maturity-report__ = Report containing a formal assessment of an organization, + * business unit, or team against a maturity model + * * __certification-report__ = Industry, regulatory, or other certification from an + * accredited (if applicable) certification body + * * __quality-metrics__ = Report or system in which quality metrics can be obtained + * * __codified-infrastructure__ = Code or configuration that defines and provisions + * virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + * * __poam__ = Plans of Action and Milestones (POAM) compliment an "attestation" external + * reference. POAM is defined by NIST as a "document that identifies tasks needing to be + * accomplished. It details resources required to accomplish the elements of the plan, any + * milestones in meeting the tasks and scheduled completion dates for the milestones". + * * __other__ = Use this if no other types accurately describe the purpose of the external + * reference + */ + type: FluffyType; + /** + * The URI (URL or URN) to the external reference. External references are URIs and + * therefore can accept any URL scheme including https + * ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto + * ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel + * ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns + * ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include + * formally registered URNs such as [CycloneDX + * BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any + * object within a BOM. BOM-Link transforms applicable external references into + * relationships that can be expressed in a BOM or across BOMs. + */ + url: string; +}; + +export type HashClass = { + alg: HashAlgorithm; + content: string; +}; + +/** + * Specifies the type of external reference. + * + * * __vcs__ = Version Control System + * * __issue-tracker__ = Issue or defect tracking system, or an Application Lifecycle + * Management (ALM) system + * * __website__ = Website + * * __advisories__ = Security advisories + * * __bom__ = Bill of Materials (SBOM, OBOM, HBOM, SaaSBOM, etc) + * * __mailing-list__ = Mailing list or discussion group + * * __social__ = Social media account + * * __chat__ = Real-time chat platform + * * __documentation__ = Documentation, guides, or how-to instructions + * * __support__ = Community or commercial support + * * __distribution__ = Direct or repository download location + * * __distribution-intake__ = The location where a component was published to. This is + * often the same as "distribution" but may also include specialized publishing processes + * that act as an intermediary + * * __license__ = The URL to the license file. If a license URL has been defined in the + * license node, it should also be defined as an external reference for completeness + * * __build-meta__ = Build-system specific meta file (i.e. pom.xml, package.json, .nuspec, + * etc) + * * __build-system__ = URL to an automated build system + * * __release-notes__ = URL to release notes + * * __security-contact__ = Specifies a way to contact the maintainer, supplier, or provider + * in the event of a security incident. Common URIs include links to a disclosure procedure, + * a mailto (RFC-2368) that specifies an email address, a tel (RFC-3966) that specifies a + * phone number, or dns (RFC-4501) that specifies the records containing DNS Security TXT + * * __model-card__ = A model card describes the intended uses of a machine learning model, + * potential limitations, biases, ethical considerations, training parameters, datasets used + * to train the model, performance metrics, and other relevant data useful for ML + * transparency + * * __log__ = A record of events that occurred in a computer system or application, such as + * problems, errors, or information on current operations + * * __configuration__ = Parameters or settings that may be used by other components or + * services + * * __evidence__ = Information used to substantiate a claim + * * __formulation__ = Describes how a component or service was manufactured or deployed + * * __attestation__ = Human or machine-readable statements containing facts, evidence, or + * testimony + * * __threat-model__ = An enumeration of identified weaknesses, threats, and + * countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation + * in human-readable or machine-readable format + * * __adversary-model__ = The defined assumptions, goals, and capabilities of an adversary. + * * __risk-assessment__ = Identifies and analyzes the potential of future events that may + * negatively impact individuals, assets, and/or the environment. Risk assessments may also + * include judgments on the tolerability of each risk. + * * __vulnerability-assertion__ = A Vulnerability Disclosure Report (VDR) which asserts the + * known and previously unknown vulnerabilities that affect a component, service, or product + * including the analysis and findings describing the impact (or lack of impact) that the + * reported vulnerability has on a component, service, or product. + * * __exploitability-statement__ = A Vulnerability Exploitability eXchange (VEX) which + * asserts the known vulnerabilities that do not affect a product, product family, or + * organization, and optionally the ones that do. The VEX should include the analysis and + * findings describing the impact (or lack of impact) that the reported vulnerability has on + * the product, product family, or organization. + * * __pentest-report__ = Results from an authorized simulated cyberattack on a component or + * service, otherwise known as a penetration test + * * __static-analysis-report__ = SARIF or proprietary machine or human-readable report for + * which static analysis has identified code quality, security, and other potential issues + * with the source code + * * __dynamic-analysis-report__ = Dynamic analysis report that has identified issues such + * as vulnerabilities and misconfigurations + * * __runtime-analysis-report__ = Report generated by analyzing the call stack of a running + * application + * * __component-analysis-report__ = Report generated by Software Composition Analysis + * (SCA), container analysis, or other forms of component analysis + * * __maturity-report__ = Report containing a formal assessment of an organization, + * business unit, or team against a maturity model + * * __certification-report__ = Industry, regulatory, or other certification from an + * accredited (if applicable) certification body + * * __quality-metrics__ = Report or system in which quality metrics can be obtained + * * __codified-infrastructure__ = Code or configuration that defines and provisions + * virtualized infrastructure, commonly referred to as Infrastructure as Code (IaC) + * * __poam__ = Plans of Action and Milestones (POAM) compliment an "attestation" external + * reference. POAM is defined by NIST as a "document that identifies tasks needing to be + * accomplished. It details resources required to accomplish the elements of the plan, any + * milestones in meeting the tasks and scheduled completion dates for the milestones". + * * __other__ = Use this if no other types accurately describe the purpose of the external + * reference + */ +export type FluffyType = + | 'vcs' + | 'issue-tracker' + | 'website' + | 'advisories' + | 'bom' + | 'mailing-list' + | 'social' + | 'chat' + | 'documentation' + | 'support' + | 'distribution' + | 'distribution-intake' + | 'license' + | 'build-meta' + | 'build-system' + | 'release-notes' + | 'security-contact' + | 'model-card' + | 'log' + | 'configuration' + | 'evidence' + | 'formulation' + | 'attestation' + | 'threat-model' + | 'adversary-model' + | 'risk-assessment' + | 'vulnerability-assertion' + | 'exploitability-statement' + | 'pentest-report' + | 'static-analysis-report' + | 'dynamic-analysis-report' + | 'runtime-analysis-report' + | 'component-analysis-report' + | 'maturity-report' + | 'certification-report' + | 'codified-infrastructure' + | 'quality-metrics' + | 'poam' + | 'other'; + +/** + * A model card describes the intended uses of a machine learning model and potential + * limitations, including biases and ethical considerations. Model cards typically contain + * the training parameters, which datasets were used to train the model, performance + * metrics, and other relevant data useful for ML transparency. This object SHOULD be + * specified for any component of type `machine-learning-model` and MUST NOT be specified + * for other component types. + */ +export type PurpleModelCard = { + /** + * An optional identifier which can be used to reference the model card elsewhere in the + * BOM. Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * What considerations should be taken into account regarding the model's construction, + * training, and application? + */ + considerations?: PurpleConsiderations; + /** + * Hyper-parameters for construction of the model. + */ + modelParameters?: PurpleModelParameters; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * A quantitative analysis of the model + */ + quantitativeAnalysis?: PurpleQuantitativeAnalysis; +}; + +/** + * What considerations should be taken into account regarding the model's construction, + * training, and application? + */ +export type PurpleConsiderations = { + /** + * What are the ethical (or environmental) risks involved in the application of this model? + */ + ethicalConsiderations?: Risk[]; + /** + * How does the model affect groups at risk of being systematically disadvantaged? What are + * the harms and benefits to the various affected groups? + */ + fairnessAssessments?: PurpleFairnessAssessment[]; + /** + * What are the known tradeoffs in accuracy/performance of the model? + */ + performanceTradeoffs?: string[]; + /** + * What are the known technical limitations of the model? E.g. What kind(s) of data should + * the model be expected not to perform well on? What are the factors that might degrade + * model performance? + */ + technicalLimitations?: string[]; + /** + * What are the intended use cases of the model? + */ + useCases?: string[]; + /** + * Who are the intended users of the model? + */ + users?: string[]; +}; + +export type Risk = { + /** + * Strategy used to address this risk. + */ + mitigationStrategy?: string; + /** + * The name of the risk. + */ + name?: string; +}; + +/** + * Information about the benefits and harms of the model to an identified at risk group. + */ +export type PurpleFairnessAssessment = { + /** + * Expected benefits to the identified groups. + */ + benefits?: string; + /** + * The groups or individuals at risk of being systematically disadvantaged by the model. + */ + groupAtRisk?: string; + /** + * Expected harms to the identified groups. + */ + harms?: string; + /** + * With respect to the benefits and harms outlined, please describe any mitigation strategy + * implemented. + */ + mitigationStrategy?: string; +}; + +/** + * Hyper-parameters for construction of the model. + */ +export type PurpleModelParameters = { + /** + * The overall approach to learning used by the model for problem solving. + */ + approach?: PurpleApproach; + /** + * The model architecture family such as transformer network, convolutional neural network, + * residual neural network, LSTM neural network, etc. + */ + architectureFamily?: string; + /** + * The datasets used to train and evaluate the model. + */ + datasets?: PurpleDataset[]; + /** + * The input format(s) of the model + */ + inputs?: PurpleInputAndOutputParameters[]; + /** + * The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. + */ + modelArchitecture?: string; + /** + * The output format(s) from the model + */ + outputs?: PurpleInputAndOutputParameters[]; + /** + * Directly influences the input and/or output. Examples include classification, regression, + * clustering, etc. + */ + task?: string; +}; + +/** + * The overall approach to learning used by the model for problem solving. + */ +export type PurpleApproach = { + /** + * Learning types describing the learning problem or hybrid learning problem. + */ + type?: LearningType; +}; + +/** + * Learning types describing the learning problem or hybrid learning problem. + */ +export type LearningType = + | 'supervised' + | 'unsupervised' + | 'reinforcement-learning' + | 'semi-supervised' + | 'self-supervised'; + +export type PurpleDataset = { + /** + * An optional identifier which can be used to reference the dataset elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + classification?: string; + /** + * The contents or references to the contents of the data being described. + */ + contents?: PurpleDataContents; + /** + * A description of the dataset. Can describe size of dataset, whether it's used for source + * code, training, testing, or validation, etc. + */ + description?: string; + governance?: PurpleDataGovernance; + graphics?: PurpleGraphicsCollection; + /** + * The name of the dataset. + */ + name?: string; + /** + * A description of any sensitive data in a dataset. + */ + sensitiveData?: string[]; + /** + * The general theme or subject matter of the data being specified. + * + * * __source-code__ = Any type of code, code snippet, or data-as-code. + * * __configuration__ = Parameters or settings that may be used by other components. + * * __dataset__ = A collection of data. + * * __definition__ = Data that can be used to create new instances of what the definition + * defines. + * * __other__ = Any other type of data that does not fit into existing definitions. + */ + type?: TypeOfData; + /** + * References a data component by the components bom-ref attribute + */ + ref?: string; +}; + +export type PurpleInputAndOutputParameters = { + /** + * The data format for input/output to the model. Example formats include string, image, + * time-series + */ + format?: string; +}; + +/** + * A quantitative analysis of the model + */ +export type PurpleQuantitativeAnalysis = { + graphics?: PurpleGraphicsCollection; + /** + * The model performance metrics being reported. Examples may include accuracy, F1 score, + * precision, top-3 error rates, MSC, etc. + */ + performanceMetrics?: PerformanceMetric[]; +}; + +export type PerformanceMetric = { + /** + * The confidence interval of the metric. + */ + confidenceInterval?: ConfidenceInterval; + /** + * The name of the slice this metric was computed on. By default, assume this metric is not + * sliced. + */ + slice?: string; + /** + * The type of performance metric. + */ + type?: string; + /** + * The value of the performance metric. + */ + value?: string; +}; + +/** + * The confidence interval of the metric. + */ +export type ConfidenceInterval = { + /** + * The lower bound of the confidence interval. + */ + lowerBound?: string; + /** + * The upper bound of the confidence interval. + */ + upperBound?: string; +}; + +/** + * Specifies optional release notes. + */ +export type PurpleReleaseNotes = { + /** + * One or more alternate names the release may be referred to. This may include unofficial + * terms used by development and marketing teams (e.g. code names). + */ + aliases?: string[]; + /** + * A short description of the release. + */ + description?: string; + /** + * The URL to an image that may be prominently displayed with the release note. + */ + featuredImage?: string; + /** + * Zero or more release notes containing the locale and content. Multiple note objects may + * be specified to support release notes in a wide variety of languages. + */ + notes?: PurpleNote[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * A collection of issues that have been resolved. + */ + resolves?: ResolveClass[]; + /** + * The URL to an image that may be used in messaging on social media platforms. + */ + socialImage?: string; + /** + * One or more tags that may aid in search or retrieval of the release note. + */ + tags?: string[]; + /** + * The date and time (timestamp) when the release note was created. + */ + timestamp?: Date; + /** + * The title of the release. + */ + title?: string; + /** + * The software versioning type the release note describes. + */ + type: string; +}; + +/** + * A note containing the locale and content. + */ +export type PurpleNote = { + /** + * The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. + * Examples include: "en", "en-US", "fr" and "fr-CA" + */ + locale?: string; + /** + * Specifies the full content of the release note. + */ + text: LicenseObjectTextClass; +}; + +/** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + * + * Unique top level property for simple signatures. (signaturecore) + */ +export type Signature = { + /** + * Unique top level property for Multiple Signatures. (multisignature) + */ + signers?: ChainElement[]; + /** + * Unique top level property for Signature Chains. (signaturechain) + */ + chain?: ChainElement[]; + algorithm?: string; + /** + * Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must + * contain the signature certificate. The certificate path must be contiguous but is not + * required to be complete. + */ + certificatePath?: string[]; + /** + * Optional. Array holding the names of one or more application level properties that must + * be excluded from the signature process. Note that the "excludes" property itself, must + * also be excluded from the signature process. Since both the "excludes" property and the + * associated data it points to are unsigned, a conforming JSF implementation must provide + * options for specifying which properties to accept. + */ + excludes?: string[]; + /** + * Optional. Application specific string identifying the signature key. + */ + keyId?: string; + /** + * Optional. Public key object. + */ + publicKey?: PublicKey; + /** + * The signature data. Note that the binary representation must follow the JWA [RFC7518] + * specifications. + */ + value?: string; +}; + +/** + * Unique top level property for simple signatures. (signaturecore) + */ +export type ChainElement = { + algorithm: string; + /** + * Optional. Sorted array of X.509 [RFC5280] certificates, where the first element must + * contain the signature certificate. The certificate path must be contiguous but is not + * required to be complete. + */ + certificatePath?: string[]; + /** + * Optional. Array holding the names of one or more application level properties that must + * be excluded from the signature process. Note that the "excludes" property itself, must + * also be excluded from the signature process. Since both the "excludes" property and the + * associated data it points to are unsigned, a conforming JSF implementation must provide + * options for specifying which properties to accept. + */ + excludes?: string[]; + /** + * Optional. Application specific string identifying the signature key. + */ + keyId?: string; + /** + * Optional. Public key object. + */ + publicKey?: PublicKey; + /** + * The signature data. Note that the binary representation must follow the JWA [RFC7518] + * specifications. + */ + value: string; +}; + +/** + * Optional. Public key object. + */ +export type PublicKey = { + kty: KeyType; + [property: string]: any; +}; + +/** + * Key type indicator. + */ +export type KeyType = 'EC' | 'OKP' | 'RSA'; + +/** + * Specifies metadata and content for [ISO-IEC 19770-2 Software Identification (SWID) + * Tags](https://www.iso.org/standard/65666.html). + * + * Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + */ +export type PurpleSWIDTag = { + /** + * Maps to the name of a SoftwareIdentity. + */ + name: string; + /** + * Maps to the patch of a SoftwareIdentity. + */ + patch?: boolean; + /** + * Maps to the tagId of a SoftwareIdentity. + */ + tagId: string; + /** + * Maps to the tagVersion of a SoftwareIdentity. + */ + tagVersion?: number; + /** + * Specifies the metadata and content of the SWID tag. + */ + text?: LicenseObjectTextClass; + /** + * The URL to the SWID file. + */ + url?: string; + /** + * Maps to the version of a SoftwareIdentity. + */ + version?: string; +}; + +/** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. Types include: + * + * * __application__ = A software application. Refer to + * [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) + * for information about applications. + * * __framework__ = A software framework. Refer to + * [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) + * for information on how frameworks vary slightly from libraries. + * * __library__ = A software library. Refer to + * [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) + * for information about libraries. All third-party and open source reusable components will + * likely be a library. If the library also has key features of a framework, then it should + * be classified as a framework. If not, or is unknown, then specifying library is + * RECOMMENDED. + * * __container__ = A packaging and/or runtime format, not specific to any particular + * technology, which isolates software inside the container from software outside of a + * container through virtualization technology. Refer to + * [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization) + * * __platform__ = A runtime environment which interprets or executes software. This may + * include runtimes such as those that execute bytecode or low-code/no-code application + * platforms. + * * __operating-system__ = A software operating system without regard to deployment model + * (i.e. installed on physical hardware, virtual machine, image, etc) Refer to + * [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system) + * * __device__ = A hardware device such as a processor, or chip-set. A hardware device + * containing firmware SHOULD include a component for the physical hardware itself, and + * another component of type 'firmware' or 'operating-system' (whichever is relevant), + * describing information about the software running on the device. + * See also the list of [known device + * properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md). + * * __device-driver__ = A special type of software that operates or controls a particular + * type of device. Refer to + * [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver) + * * __firmware__ = A special type of software that provides low-level control over a + * devices hardware. Refer to + * [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware) + * * __file__ = A computer file. Refer to + * [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) + * for information about files. + * * __machine-learning-model__ = A model based on training data that can make predictions + * or decisions without being explicitly programmed to do so. + * * __data__ = A collection of discrete values that convey information. + */ +export type FluffyComponentType = + | 'application' + | 'framework' + | 'library' + | 'container' + | 'platform' + | 'operating-system' + | 'device' + | 'device-driver' + | 'firmware' + | 'file' + | 'machine-learning-model' + | 'data'; + +/** + * The service that created the annotation + */ +export type ServiceClass = { + /** + * A boolean value indicating if the service requires authentication. A value of true + * indicates the service requires authentication prior to use. A value of false indicates + * the service does not require authentication. + */ + authenticated?: boolean; + /** + * An optional identifier which can be used to reference the service elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * Specifies information about the data including the directional flow of data and the data + * classification. + */ + data?: PurpleHashObjects[]; + /** + * Specifies a description for the service + */ + description?: string; + /** + * The endpoint URIs of the service. Multiple endpoints are allowed. + */ + endpoints?: string[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: CycloneDXSoftwareBillOfMaterialsStandardExternalReference[]; + /** + * The grouping name, namespace, or identifier. This will often be a shortened, single name + * of the company or project that produced the service or domain name. Whitespace and + * special characters should be avoided. + */ + group?: string; + licenses?: MultipleLicense[]; + /** + * The name of the service. This will often be a shortened, single name of the service. + */ + name: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * The organization that provides the service. + */ + provider?: ManufactureElement; + /** + * Specifies optional release notes. + */ + releaseNotes?: PurpleReleaseNotes; + /** + * A list of services included or deployed behind the parent service. This is not a + * dependency tree. It provides a way to specify a hierarchical representation of service + * assemblies. + */ + services?: ServiceClass[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The name of the trust zone the service resides in. + */ + trustZone?: string; + /** + * The service version. + */ + version?: string; + /** + * A boolean value indicating if use of the service crosses a trust zone or boundary. A + * value of true indicates that by using the service, a trust boundary is crossed. A value + * of false indicates that by using the service, a trust boundary is not crossed. + */ + 'x-trust-boundary'?: boolean; +}; + +export type PurpleHashObjects = { + classification: string; + /** + * Short description of the data content and usage + */ + description?: string; + /** + * The URI, URL, or BOM-Link of the components or services the data is sent to + */ + destination?: string[]; + /** + * Specifies the flow direction of the data. Direction is relative to the service. Inbound + * flow states that data enters the service. Outbound flow states that data leaves the + * service. Bi-directional states that data flows both ways, and unknown states that the + * direction is not known. + */ + flow: DataFlowDirection; + governance?: FluffyDataGovernance; + /** + * Name for the defined data + */ + name?: string; + /** + * The URI, URL, or BOM-Link of the components or services the data came in from + */ + source?: string[]; +}; + +export type FluffyDataGovernance = { + /** + * Data custodians are responsible for the safe custody, transport, and storage of data. + */ + custodians?: PurpleDataGovernanceResponsibleParty[]; + /** + * Data owners are concerned with risk and appropriate access to data. + */ + owners?: PurpleDataGovernanceResponsibleParty[]; + /** + * Data stewards are responsible for data content, context, and associated business rules. + */ + stewards?: PurpleDataGovernanceResponsibleParty[]; +}; + +export type CycloneDXSoftwareBillOfMaterialsStandardComposition = { + /** + * Specifies an aggregate type that describe how complete a relationship is. + * + * * __complete__ = The relationship is complete. No further relationships including + * constituent components, services, or dependencies are known to exist. + * * __incomplete__ = The relationship is incomplete. Additional relationships exist and may + * include constituent components, services, or dependencies. + * * __incomplete_first_party_only__ = The relationship is incomplete. Only + * relationships for first-party components, services, or their dependencies are + * represented. + * * __incomplete_first_party_proprietary_only__ = The relationship is + * incomplete. Only relationships for first-party components, services, or their + * dependencies are represented, limited specifically to those that are proprietary. + * * __incomplete_first_party_opensource_only__ = The relationship is + * incomplete. Only relationships for first-party components, services, or their + * dependencies are represented, limited specifically to those that are opensource. + * * __incomplete_third_party_only__ = The relationship is incomplete. Only + * relationships for third-party components, services, or their dependencies are + * represented. + * * __incomplete_third_party_proprietary_only__ = The relationship is + * incomplete. Only relationships for third-party components, services, or their + * dependencies are represented, limited specifically to those that are proprietary. + * * __incomplete_third_party_opensource_only__ = The relationship is + * incomplete. Only relationships for third-party components, services, or their + * dependencies are represented, limited specifically to those that are opensource. + * * __unknown__ = The relationship may be complete or incomplete. This usually signifies a + * 'best-effort' to obtain constituent components, services, or dependencies but the + * completeness is inconclusive. + * * __not_specified__ = The relationship completeness is not specified. + */ + aggregate: FluffyAggregateType; + /** + * The bom-ref identifiers of the components or services being described. Assemblies refer + * to nested relationships whereby a constituent part may include other constituent parts. + * References do not cascade to child parts. References are explicit for the specified + * constituent part only. + */ + assemblies?: string[]; + /** + * An optional identifier which can be used to reference the composition elsewhere in the + * BOM. Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The bom-ref identifiers of the components or services being described. Dependencies refer + * to a relationship whereby an independent constituent part requires another independent + * constituent part. References do not cascade to transitive dependencies. References are + * explicit for the specified dependency only. + */ + dependencies?: string[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The bom-ref identifiers of the vulnerabilities being described. + */ + vulnerabilities?: string[]; +}; + +/** + * Specifies an aggregate type that describe how complete a relationship is. + * + * * __complete__ = The relationship is complete. No further relationships including + * constituent components, services, or dependencies are known to exist. + * * __incomplete__ = The relationship is incomplete. Additional relationships exist and may + * include constituent components, services, or dependencies. + * * __incomplete_first_party_only__ = The relationship is incomplete. Only + * relationships for first-party components, services, or their dependencies are + * represented. + * * __incomplete_first_party_proprietary_only__ = The relationship is + * incomplete. Only relationships for first-party components, services, or their + * dependencies are represented, limited specifically to those that are proprietary. + * * __incomplete_first_party_opensource_only__ = The relationship is + * incomplete. Only relationships for first-party components, services, or their + * dependencies are represented, limited specifically to those that are opensource. + * * __incomplete_third_party_only__ = The relationship is incomplete. Only + * relationships for third-party components, services, or their dependencies are + * represented. + * * __incomplete_third_party_proprietary_only__ = The relationship is + * incomplete. Only relationships for third-party components, services, or their + * dependencies are represented, limited specifically to those that are proprietary. + * * __incomplete_third_party_opensource_only__ = The relationship is + * incomplete. Only relationships for third-party components, services, or their + * dependencies are represented, limited specifically to those that are opensource. + * * __unknown__ = The relationship may be complete or incomplete. This usually signifies a + * 'best-effort' to obtain constituent components, services, or dependencies but the + * completeness is inconclusive. + * * __not_specified__ = The relationship completeness is not specified. + * + * + * Specifies an aggregate type that describe how complete a relationship is. + */ +export type FluffyAggregateType = + | 'complete' + | 'incomplete' + | 'incomplete_first_party_only' + | 'incomplete_first_party_proprietary_only' + | 'incomplete_first_party_opensource_only' + | 'incomplete_third_party_only' + | 'incomplete_third_party_proprietary_only' + | 'incomplete_third_party_opensource_only' + | 'unknown' + | 'not_specified'; + +/** + * Defines the direct dependencies of a component or service. Components or services that do + * not have their own dependencies MUST be declared as empty elements within the graph. + * Components or services that are not represented in the dependency graph MAY have unknown + * dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an + * indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions + * to indicate unknown dependency graphs. + */ +export type CycloneDXSoftwareBillOfMaterialsStandardDependency = { + /** + * The bom-ref identifiers of the components or services that are dependencies of this + * dependency object. + */ + dependsOn?: string[]; + /** + * References a component or service by its bom-ref attribute + */ + ref: string; +}; + +/** + * Describes workflows and resources that captures rules and other aspects of how the + * associated BOM component or service was formed. + */ +export type CycloneDXSoftwareBillOfMaterialsStandardFormulation = { + /** + * An optional identifier which can be used to reference the formula elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * Transient components that are used in tasks that constitute one or more of this formula's + * workflows + */ + components?: ComponentClass[]; + properties?: LightweightNameValuePairObject[]; + /** + * Transient services that are used in tasks that constitute one or more of this formula's + * workflows + */ + services?: ServiceClass[]; + /** + * List of workflows that can be declared to accomplish specific orchestrated goals and + * independently triggered. + */ + workflows?: PurpleWorkflow[]; +}; + +/** + * A specialized orchestration task. + */ +export type PurpleWorkflow = { + /** + * An optional identifier which can be used to reference the workflow elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: PurpleInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: PurpleOutputType[]; + properties?: LightweightNameValuePairObject[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: PurpleResourceReferenceChoice[]; + /** + * A graph of the component runtime topology for workflow's instance. + */ + runtimeTopology?: CycloneDXSoftwareBillOfMaterialsStandardDependency[]; + /** + * The sequence of steps for the task. + */ + steps?: PurpleStep[]; + /** + * The graph of dependencies between tasks within the workflow. + */ + taskDependencies?: CycloneDXSoftwareBillOfMaterialsStandardDependency[]; + /** + * The tasks that comprise the workflow. + */ + tasks?: PurpleTask[]; + /** + * Indicates the types of activities performed by the set of workflow tasks. + */ + taskTypes: TaskType[]; + /** + * The date and time (timestamp) when the task ended. + */ + timeEnd?: Date; + /** + * The date and time (timestamp) when the task started. + */ + timeStart?: Date; + /** + * The trigger that initiated the task. + */ + trigger?: PurpleTrigger; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * A set of named filesystem or data resource shareable by workflow tasks. + */ + workspaces?: PurpleWorkspace[]; +}; + +/** + * Type that represents various input data types and formats. + */ +export type PurpleInputType = { + /** + * Inputs that have the form of data. + */ + data?: LicenseObjectTextClass; + /** + * Inputs that have the form of parameters with names and values. + */ + environmentVars?: Array; + /** + * Inputs that have the form of parameters with names and values. + */ + parameters?: PurpleParameter[]; + properties?: LightweightNameValuePairObject[]; + /** + * A reference to an independent resource provided as an input to a task by the workflow + * runtime. + */ + resource?: PurpleResourceReferenceChoice; + /** + * A references to the component or service that provided the input to the task (e.g., + * reference to a service with data flow value of `inbound`) + */ + source?: PurpleResourceReferenceChoice; + /** + * A reference to the component or service that received or stored the input if not the task + * itself (e.g., a local, named storage workspace) + */ + target?: PurpleResourceReferenceChoice; +}; + +/** + * A representation of a functional parameter. + */ +export type PurpleParameter = { + /** + * The data type of the parameter. + */ + dataType?: string; + /** + * The name of the parameter. + */ + name?: string; + /** + * The value of the parameter. + */ + value?: string; +}; + +/** + * A reference to an independent resource provided as an input to a task by the workflow + * runtime. + * + * A references to the component or service that provided the input to the task (e.g., + * reference to a service with data flow value of `inbound`) + * + * A reference to the component or service that received or stored the input if not the task + * itself (e.g., a local, named storage workspace) + * + * A reference to an independent resource generated as output by the task. + * + * Component or service that generated or provided the output from the task (e.g., a build + * tool) + * + * Component or service that received the output from the task (e.g., reference to an + * artifactory service with data flow value of `outbound`) + * + * References the component or service that was the source of the event + * + * References the component or service that was the target of the event + * + * A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible + * resource. + */ +export type PurpleResourceReferenceChoice = { + /** + * Reference to an externally accessible resource. + */ + externalReference?: CycloneDXSoftwareBillOfMaterialsStandardExternalReference; + /** + * References an object by its bom-ref attribute + */ + ref?: string; +}; + +export type PurpleOutputType = { + /** + * Outputs that have the form of data. + */ + data?: LicenseObjectTextClass; + /** + * Outputs that have the form of environment variables. + */ + environmentVars?: Array; + properties?: LightweightNameValuePairObject[]; + /** + * A reference to an independent resource generated as output by the task. + */ + resource?: PurpleResourceReferenceChoice; + /** + * Component or service that generated or provided the output from the task (e.g., a build + * tool) + */ + source?: PurpleResourceReferenceChoice; + /** + * Component or service that received the output from the task (e.g., reference to an + * artifactory service with data flow value of `outbound`) + */ + target?: PurpleResourceReferenceChoice; + /** + * Describes the type of data output. + */ + type?: OutputTypeType; +}; + +/** + * Describes the type of data output. + */ +export type OutputTypeType = + | 'artifact' + | 'attestation' + | 'log' + | 'evidence' + | 'metrics' + | 'other'; + +/** + * Executes specific commands or tools in order to accomplish its owning task as part of a + * sequence. + */ +export type PurpleStep = { + /** + * Ordered list of commands or directives for the step + */ + commands?: PurpleCommand[]; + /** + * A description of the step. + */ + description?: string; + /** + * A name for the step. + */ + name?: string; + properties?: LightweightNameValuePairObject[]; +}; + +export type PurpleCommand = { + /** + * A text representation of the executed command. + */ + executed?: string; + properties?: LightweightNameValuePairObject[]; +}; + +export type TaskType = + | 'copy' + | 'clone' + | 'lint' + | 'scan' + | 'merge' + | 'build' + | 'test' + | 'deliver' + | 'deploy' + | 'release' + | 'clean' + | 'other'; + +/** + * Describes the inputs, sequence of steps and resources used to accomplish a task and its + * output. + */ +export type PurpleTask = { + /** + * An optional identifier which can be used to reference the task elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: PurpleInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: PurpleOutputType[]; + properties?: LightweightNameValuePairObject[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: PurpleResourceReferenceChoice[]; + /** + * A graph of the component runtime topology for task's instance. + */ + runtimeTopology?: CycloneDXSoftwareBillOfMaterialsStandardDependency[]; + /** + * The sequence of steps for the task. + */ + steps?: PurpleStep[]; + /** + * Indicates the types of activities performed by the set of workflow tasks. + */ + taskTypes: TaskType[]; + /** + * The date and time (timestamp) when the task ended. + */ + timeEnd?: Date; + /** + * The date and time (timestamp) when the task started. + */ + timeStart?: Date; + /** + * The trigger that initiated the task. + */ + trigger?: PurpleTrigger; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * A set of named filesystem or data resource shareable by workflow tasks. + */ + workspaces?: PurpleWorkspace[]; +}; + +/** + * The trigger that initiated the task. + * + * Represents a resource that can conditionally activate (or fire) tasks based upon + * associated events and their data. + */ +export type PurpleTrigger = { + /** + * An optional identifier which can be used to reference the trigger elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref': string; + conditions?: PurpleCondition[]; + /** + * A description of the resource instance. + */ + description?: string; + /** + * The event data that caused the associated trigger to activate. + */ + event?: PurpleEvent; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: PurpleInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: PurpleOutputType[]; + properties?: LightweightNameValuePairObject[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: PurpleResourceReferenceChoice[]; + /** + * The date and time (timestamp) when the trigger was activated. + */ + timeActivated?: Date; + /** + * The source type of event which caused the trigger to fire. + */ + type: TriggerType; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; +}; + +/** + * A condition that was used to determine a trigger should be activated. + */ +export type PurpleCondition = { + /** + * Describes the set of conditions which cause the trigger to activate. + */ + description?: string; + /** + * The logical expression that was evaluated that determined the trigger should be fired. + */ + expression?: string; + properties?: LightweightNameValuePairObject[]; +}; + +/** + * The event data that caused the associated trigger to activate. + * + * Represents something that happened that may trigger a response. + */ +export type PurpleEvent = { + /** + * Encoding of the raw event data. + */ + data?: LicenseObjectTextClass; + /** + * A description of the event. + */ + description?: string; + properties?: LightweightNameValuePairObject[]; + /** + * References the component or service that was the source of the event + */ + source?: PurpleResourceReferenceChoice; + /** + * References the component or service that was the target of the event + */ + target?: PurpleResourceReferenceChoice; + /** + * The date and time (timestamp) when the event was received. + */ + timeReceived?: Date; + /** + * The unique identifier of the event. + */ + uid?: string; +}; + +/** + * The source type of event which caused the trigger to fire. + */ +export type TriggerType = 'manual' | 'api' | 'webhook' | 'scheduled'; + +/** + * A named filesystem or data resource shareable by workflow tasks. + */ +export type PurpleWorkspace = { + /** + * Describes the read-write access control for the workspace relative to the owning resource + * instance. + */ + accessMode?: AccessMode; + /** + * The names for the workspace as referenced by other workflow tasks. Effectively, a name + * mapping so other tasks can use their own local name in their steps. + */ + aliases?: string[]; + /** + * An optional identifier which can be used to reference the workspace elsewhere in the BOM. + * Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * The name of a domain-specific data type the workspace represents. + */ + managedDataType?: string; + /** + * A path to a location on disk where the workspace will be available to the associated + * task's steps. + */ + mountPath?: string; + /** + * The name of the resource instance. + */ + name?: string; + properties?: LightweightNameValuePairObject[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: PurpleResourceReferenceChoice[]; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * Information about the actual volume instance allocated to the workspace. + */ + volume?: PurpleVolume; + /** + * Identifies the reference to the request for a specific volume type and parameters. + */ + volumeRequest?: string; +}; + +/** + * Describes the read-write access control for the workspace relative to the owning resource + * instance. + */ +export type AccessMode = + | 'read-only' + | 'read-write' + | 'read-write-once' + | 'write-once' + | 'write-only'; + +/** + * Information about the actual volume instance allocated to the workspace. + * + * An identifiable, logical unit of data storage tied to a physical device. + */ +export type PurpleVolume = { + /** + * The mode for the volume instance. + */ + mode?: VolumeMode; + /** + * The name of the volume instance + */ + name?: string; + /** + * The underlying path created from the actual volume. + */ + path?: string; + /** + * Indicates if the volume persists beyond the life of the resource it is associated with. + */ + persistent?: boolean; + properties?: LightweightNameValuePairObject[]; + /** + * Indicates if the volume is remotely (i.e., network) attached. + */ + remote?: boolean; + /** + * The allocated size of the volume accessible to the associated workspace. This should + * include the scalar size as well as IEC standard unit in either decimal or binary form. + */ + sizeAllocated?: string; + /** + * The unique identifier for the volume instance within its deployment context. + */ + uid?: string; +}; + +/** + * The mode for the volume instance. + */ +export type VolumeMode = 'filesystem' | 'block'; + +/** + * Provides additional information about a BOM. + */ +export type MetadataClass = { + /** + * The person(s) who created the BOM. Authors are common in BOMs created through manual + * processes. BOMs created through automated means may not have authors. + */ + authors?: IndividualElement[]; + /** + * The component that the BOM describes. + */ + component?: ComponentClass; + licenses?: MultipleLicense[]; + lifecycles?: PurpleLifecycle[]; + /** + * The organization that manufactured the component that the BOM describes. + */ + manufacture?: ManufactureElement; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ + supplier?: ManufactureElement; + /** + * The date and time (timestamp) when the BOM was created. + */ + timestamp?: Date; + tools?: CreationToolsLegacyElement[] | CreationTools; +}; + +/** + * The product lifecycle(s) that this BOM represents. + */ +export type PurpleLifecycle = { + /** + * A pre-defined phase in the product lifecycle. + * + * * __design__ = BOM produced early in the development lifecycle containing inventory of + * components and services that are proposed or planned to be used. The inventory may need + * to be procured, retrieved, or resourced prior to use. + * * __pre-build__ = BOM consisting of information obtained prior to a build process and may + * contain source files and development artifacts and manifests. The inventory may need to + * be resolved and retrieved prior to use. + * * __build__ = BOM consisting of information obtained during a build process where + * component inventory is available for use. The precise versions of resolved components are + * usually available at this time as well as the provenance of where the components were + * retrieved from. + * * __post-build__ = BOM consisting of information obtained after a build process has + * completed and the resulting components(s) are available for further analysis. Built + * components may exist as the result of a CI/CD process, may have been installed or + * deployed to a system or device, and may need to be retrieved or extracted from the system + * or device. + * * __operations__ = BOM produced that represents inventory that is running and + * operational. This may include staging or production environments and will generally + * encompass multiple SBOMs describing the applications and operating system, along with + * HBOMs describing the hardware that makes up the system. Operations Bill of Materials + * (OBOM) can provide full-stack inventory of runtime environments, configurations, and + * additional dependencies. + * * __discovery__ = BOM consisting of information observed through network discovery + * providing point-in-time enumeration of embedded, on-premise, and cloud-native services + * such as server applications, connected devices, microservices, and serverless functions. + * * __decommission__ = BOM containing inventory that will be, or has been retired from + * operations. + */ + phase?: Phase; + /** + * The description of the lifecycle phase + */ + description?: string; + /** + * The name of the lifecycle phase + */ + name?: string; +}; + +/** + * A pre-defined phase in the product lifecycle. + * + * * __design__ = BOM produced early in the development lifecycle containing inventory of + * components and services that are proposed or planned to be used. The inventory may need + * to be procured, retrieved, or resourced prior to use. + * * __pre-build__ = BOM consisting of information obtained prior to a build process and may + * contain source files and development artifacts and manifests. The inventory may need to + * be resolved and retrieved prior to use. + * * __build__ = BOM consisting of information obtained during a build process where + * component inventory is available for use. The precise versions of resolved components are + * usually available at this time as well as the provenance of where the components were + * retrieved from. + * * __post-build__ = BOM consisting of information obtained after a build process has + * completed and the resulting components(s) are available for further analysis. Built + * components may exist as the result of a CI/CD process, may have been installed or + * deployed to a system or device, and may need to be retrieved or extracted from the system + * or device. + * * __operations__ = BOM produced that represents inventory that is running and + * operational. This may include staging or production environments and will generally + * encompass multiple SBOMs describing the applications and operating system, along with + * HBOMs describing the hardware that makes up the system. Operations Bill of Materials + * (OBOM) can provide full-stack inventory of runtime environments, configurations, and + * additional dependencies. + * * __discovery__ = BOM consisting of information observed through network discovery + * providing point-in-time enumeration of embedded, on-premise, and cloud-native services + * such as server applications, connected devices, microservices, and serverless functions. + * * __decommission__ = BOM containing inventory that will be, or has been retired from + * operations. + * + * A pre-defined phase in the product lifecycle. + */ +export type Phase = + | 'design' + | 'pre-build' + | 'build' + | 'post-build' + | 'operations' + | 'discovery' + | 'decommission'; + +/** + * [Deprecated] The tool(s) used in the creation of the BOM. + * + * [Deprecated] - DO NOT USE. This will be removed in a future version. This will be removed + * in a future version. Use component or service instead. Information about the automated or + * manual tool used + * + * [Deprecated] The tool(s) used to identify, confirm, or score the vulnerability. + */ +export type CreationToolsLegacyElement = { + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: CycloneDXSoftwareBillOfMaterialsStandardExternalReference[]; + /** + * The hashes of the tool (if applicable). + */ + hashes?: HashClass[]; + /** + * The name of the tool + */ + name?: string; + /** + * The name of the vendor who created the tool + */ + vendor?: string; + /** + * The version of the tool + */ + version?: string; +}; + +/** + * The tool(s) used in the creation of the BOM. + */ +export type CreationTools = { + /** + * A list of software and hardware components used as tools + */ + components?: ComponentClass[]; + /** + * A list of services used as tools. This may include microservices, function-as-a-service, + * and other types of network or intra-process services. + */ + services?: ServiceClass[]; +}; + +/** + * Defines a weakness in a component or service that could be exploited or triggered by a + * threat source. + */ +export type CycloneDXSoftwareBillOfMaterialsStandardVulnerability = { + /** + * Published advisories of the vulnerability if provided. + */ + advisories?: PurpleAdvisory[]; + /** + * The components or services that are affected by the vulnerability. + */ + affects?: PurpleAffect[]; + /** + * An assessment of the impact and exploitability of the vulnerability. + */ + analysis?: PurpleImpactAnalysis; + /** + * An optional identifier which can be used to reference the vulnerability elsewhere in the + * BOM. Every bom-ref MUST be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The date and time (timestamp) when the vulnerability record was created in the + * vulnerability database. + */ + created?: Date; + /** + * Individuals or organizations credited with the discovery of the vulnerability. + */ + credits?: PurpleCredits; + /** + * List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + * For example 399 (of https://cwe.mitre.org/data/definitions/399.html) + */ + cwes?: number[]; + /** + * A description of the vulnerability as provided by the source. + */ + description?: string; + /** + * If available, an in-depth description of the vulnerability as provided by the source + * organization. Details often include information useful in understanding root cause. + */ + detail?: string; + /** + * The identifier that uniquely identifies the vulnerability. + */ + id?: string; + /** + * Evidence used to reproduce the vulnerability. + */ + proofOfConcept?: PurpleProofOfConcept; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is OPTIONAL. + */ + properties?: LightweightNameValuePairObject[]; + /** + * The date and time (timestamp) when the vulnerability record was first published. + */ + published?: Date; + /** + * List of vulnerability ratings + */ + ratings?: PurpleRating[]; + /** + * Recommendations of how the vulnerability can be remediated or mitigated. + */ + recommendation?: string; + /** + * Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability + * specified. Often times, the same vulnerability may exist in multiple sources of + * vulnerability intelligence, but have different identifiers. References provide a way to + * correlate vulnerabilities across multiple sources of vulnerability intelligence. + */ + references?: PurpleReference[]; + /** + * The date and time (timestamp) when the vulnerability record was rejected (if applicable). + */ + rejected?: Date; + /** + * The source that published the vulnerability. + */ + source?: FluffySource; + tools?: CreationToolsLegacyElement[] | ToolsTools; + /** + * The date and time (timestamp) when the vulnerability record was last updated. + */ + updated?: Date; + /** + * A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or + * impact. Workarounds often involve changes to configuration or deployments. + */ + workaround?: string; +}; + +/** + * Title and location where advisory information can be obtained. An advisory is a + * notification of a threat to a component, service, or system. + */ +export type PurpleAdvisory = { + /** + * An optional name of the advisory. + */ + title?: string; + /** + * Location where the advisory can be obtained. + */ + url: string; +}; + +export type PurpleAffect = { + /** + * References a component or service by the objects bom-ref + */ + ref: string; + /** + * Zero or more individual versions or range of versions. + */ + versions?: PurpleVersion[]; +}; + +export type PurpleVersion = { + /** + * A version range specified in Package URL Version Range syntax (vers) which is defined at + * https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + */ + range?: string; + /** + * The vulnerability status for the version or range of versions. + */ + status?: AffectedStatus; + /** + * A single version of a component or service. + */ + version?: string; +}; + +/** + * The vulnerability status for the version or range of versions. + * + * The vulnerability status of a given version or range of versions of a product. The + * statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected + * by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified + * whether the given version is affected. There can be many reasons for an 'unknown' status, + * including that an investigation has not been undertaken or that a vendor has not + * disclosed the status. + */ +export type AffectedStatus = 'affected' | 'unaffected' | 'unknown'; + +/** + * An assessment of the impact and exploitability of the vulnerability. + */ +export type PurpleImpactAnalysis = { + /** + * Detailed description of the impact including methods used during assessment. If a + * vulnerability is not exploitable, this field should include specific details on why the + * component or service is not impacted by this vulnerability. + */ + detail?: string; + /** + * The date and time (timestamp) when the analysis was first issued. + */ + firstIssued?: Date; + justification?: ImpactAnalysisJustification; + /** + * The date and time (timestamp) when the analysis was last updated. + */ + lastUpdated?: Date; + /** + * A response to the vulnerability by the manufacturer, supplier, or project responsible for + * the affected component or service. More than one response is allowed. Responses are + * strongly encouraged for vulnerabilities where the analysis state is exploitable. + */ + response?: Response[]; + state?: ImpactAnalysisState; +}; + +/** + * The rationale of why the impact analysis state was asserted. + * + * * __code\_not\_present__ = the code has been removed or tree-shaked. + * * __code\_not\_reachable__ = the vulnerable code is not invoked at runtime. + * * __requires\_configuration__ = exploitability requires a configurable option to be + * set/unset. + * * __requires\_dependency__ = exploitability requires a dependency that is not present. + * * __requires\_environment__ = exploitability requires a certain environment which is not + * present. + * * __protected\_by\_compiler__ = exploitability requires a compiler flag to be set/unset. + * * __protected\_at\_runtime__ = exploits are prevented at runtime. + * * __protected\_at\_perimeter__ = attacks are blocked at physical, logical, or network + * perimeter. + * * __protected\_by\_mitigating\_control__ = preventative measures have been implemented + * that reduce the likelihood and/or impact of the vulnerability. + * + * The rationale of why the impact analysis state was asserted. + */ +export type ImpactAnalysisJustification = + | 'code_not_present' + | 'code_not_reachable' + | 'requires_configuration' + | 'requires_dependency' + | 'requires_environment' + | 'protected_by_compiler' + | 'protected_at_runtime' + | 'protected_at_perimeter' + | 'protected_by_mitigating_control'; + +export type Response = + | 'can_not_fix' + | 'will_not_fix' + | 'update' + | 'rollback' + | 'workaround_available'; + +/** + * Declares the current state of an occurrence of a vulnerability, after automated or manual + * analysis. + * + * * __resolved__ = the vulnerability has been remediated. + * * __resolved\_with\_pedigree__ = the vulnerability has been remediated and evidence of + * the changes are provided in the affected components pedigree containing verifiable commit + * history and/or diff(s). + * * __exploitable__ = the vulnerability may be directly or indirectly exploitable. + * * __in\_triage__ = the vulnerability is being investigated. + * * __false\_positive__ = the vulnerability is not specific to the component or service and + * was falsely identified or associated. + * * __not\_affected__ = the component or service is not affected by the vulnerability. + * Justification should be specified for all not_affected cases. + * + * Declares the current state of an occurrence of a vulnerability, after automated or manual + * analysis. + */ +export type ImpactAnalysisState = + | 'resolved' + | 'resolved_with_pedigree' + | 'exploitable' + | 'in_triage' + | 'false_positive' + | 'not_affected'; + +/** + * Individuals or organizations credited with the discovery of the vulnerability. + */ +export type PurpleCredits = { + /** + * The individuals, not associated with organizations, that are credited with vulnerability + * discovery. + */ + individuals?: IndividualElement[]; + /** + * The organizations credited with vulnerability discovery. + */ + organizations?: ManufactureElement[]; +}; + +/** + * Evidence used to reproduce the vulnerability. + */ +export type PurpleProofOfConcept = { + /** + * A description of the environment in which reproduction was possible. + */ + environment?: string; + /** + * Precise steps to reproduce the vulnerability. + */ + reproductionSteps?: string; + /** + * Supporting material that helps in reproducing or understanding how reproduction is + * possible. This may include screenshots, payloads, and PoC exploit code. + */ + supportingMaterial?: LicenseObjectTextClass[]; + [property: string]: any; +}; + +/** + * Defines the severity or risk ratings of a vulnerability. + */ +export type PurpleRating = { + /** + * An optional reason for rating the vulnerability as it was + */ + justification?: string; + method?: MethodEnum; + /** + * The numerical score of the rating. + */ + score?: number; + /** + * Textual representation of the severity that corresponds to the numerical score of the + * rating. + */ + severity?: Severity; + /** + * The source that calculated the severity or risk rating of the vulnerability. + */ + source?: FluffySource; + /** + * Textual representation of the metric values used to score the vulnerability + */ + vector?: string; +}; + +/** + * Specifies the severity or risk scoring methodology or standard used. + * + * * CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/) + * * CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/) + * * CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/) + * * CVSSv4 - [Common Vulnerability Scoring System v4](https://www.first.org/cvss/v4-0/) + * * OWASP - [OWASP Risk Rating + * Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology) + * * SSVC - [Stakeholder Specific Vulnerability + * Categorization](https://github.com/CERTCC/SSVC) (all versions) + * + * Specifies the severity or risk scoring methodology or standard used. + */ +export type MethodEnum = + | 'CVSSv2' + | 'CVSSv3' + | 'CVSSv31' + | 'CVSSv4' + | 'OWASP' + | 'SSVC' + | 'other'; + +/** + * Textual representation of the severity that corresponds to the numerical score of the + * rating. + * + * Textual representation of the severity of the vulnerability adopted by the analysis + * method. If the analysis method uses values other than what is provided, the user is + * expected to translate appropriately. + */ +export type Severity = + | 'critical' + | 'high' + | 'medium' + | 'low' + | 'info' + | 'none' + | 'unknown'; + +/** + * The source that calculated the severity or risk rating of the vulnerability. + * + * The source of vulnerability information. This is often the organization that published + * the vulnerability. + * + * The source that published the vulnerability. + */ +export type FluffySource = { + /** + * The name of the source. + */ + name?: string; + /** + * The url of the vulnerability documentation as provided by the source. + */ + url?: string; +}; + +export type PurpleReference = { + /** + * An identifier that uniquely identifies the vulnerability. + */ + id: string; + /** + * The source that published the vulnerability. + */ + source: FluffySource; +}; + +/** + * The tool(s) used to identify, confirm, or score the vulnerability. + */ +export type ToolsTools = { + /** + * A list of software and hardware components used as tools + */ + components?: ComponentClass[]; + /** + * A list of services used as tools. This may include microservices, function-as-a-service, + * and other types of network or intra-process services. + */ + services?: ServiceClass[]; +}; + +export type CycloneDXBillOfMaterialsStandard = { + $schema?: string; + /** + * Comments made by people, organizations, or tools about any object with a bom-ref, such as + * components, services, vulnerabilities, or the BOM itself. Unlike inventory information, + * annotations may contain opinions or commentary from various stakeholders. Annotations may + * be inline (with inventory) or externalized via BOM-Link and may optionally be signed. + */ + annotations?: CycloneDXBillOfMaterialsStandardAnnotation[]; + /** + * Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs + * do not have a filename convention, nor does JSON schema support namespaces. This value + * must be "CycloneDX". + */ + bomFormat: BOMFormat; + /** + * A list of software and hardware components. + */ + components?: Component[]; + /** + * Compositions describe constituent parts (including components, services, and dependency + * relationships) and their completeness. The completeness of vulnerabilities expressed in a + * BOM may also be described. + */ + compositions?: CycloneDXBillOfMaterialsStandardComposition[]; + /** + * The list of declarations which describe the conformance to standards. Each declaration + * may include attestations, claims, and evidence. + */ + declarations?: Declarations; + /** + * A collection of reusable objects that are defined and may be used elsewhere in the BOM. + */ + definitions?: Definitions; + /** + * Provides the ability to document dependency relationships including provided & + * implemented components. + */ + dependencies?: CycloneDXBillOfMaterialsStandardDependency[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * Describes how a component or service was manufactured or deployed. This is achieved + * through the use of formulas, workflows, tasks, and steps, which declare the precise steps + * to reproduce along with the observed formulas describing the steps which transpired in + * the manufacturing process. + */ + formulation?: CycloneDXBillOfMaterialsStandardFormulation[]; + /** + * Provides additional information about a BOM. + */ + metadata?: BOMMetadata; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM + * have not changed over time. If specified, the serial number must conform to [RFC + * 4122](https://www.ietf.org/rfc/rfc4122.html). Use of serial numbers is recommended. + */ + serialNumber?: string; + /** + * A list of services. This may include microservices, function-as-a-service, and other + * types of network or intra-process services. + */ + services?: Service[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The version of the CycloneDX specification the BOM conforms to. + */ + specVersion: string; + /** + * Whenever an existing BOM is modified, either manually or through automated processes, the + * version of the BOM SHOULD be incremented by 1. When a system is presented with multiple + * BOMs with identical serial numbers, the system SHOULD use the most recent version of the + * BOM. The default version is '1'. + */ + version?: number; + /** + * Vulnerabilities identified in components or services. + */ + vulnerabilities?: CycloneDXBillOfMaterialsStandardVulnerability[]; +}; + +/** + * A comment, note, explanation, or similar textual content which provides additional + * context to the object(s) being annotated. + */ +export type CycloneDXBillOfMaterialsStandardAnnotation = { + /** + * The organization, person, component, or service which created the textual content of the + * annotation. + */ + annotator: FluffyAnnotator; + /** + * An optional identifier which can be used to reference the annotation elsewhere in the + * BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The object in the BOM identified by its bom-ref. This is often a component or service, + * but may be any object type supporting bom-refs. + */ + subjects: string[]; + /** + * The textual content of the annotation. + */ + text: string; + /** + * The date and time (timestamp) when the annotation was created. + */ + timestamp: Date; +}; + +/** + * The organization, person, component, or service which created the textual content of the + * annotation. + */ +export type FluffyAnnotator = { + /** + * The tool or component that created the annotation + */ + component?: Component; + /** + * The person that created the annotation + */ + individual?: OrganizationalContact; + /** + * The organization that created the annotation + */ + organization?: OrganizationalEntity; + /** + * The service that created the annotation + */ + service?: Service; +}; + +/** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ +export type FluffyComponentPedigree = { + /** + * Describes zero or more components in which a component is derived from. This is commonly + * used to describe forks from existing projects where the forked version contains a + * ancestor node containing the original component it was forked from. For example, + * Component A is the original component. Component B is the component being used and + * documented in the BOM. However, Component B contains a pedigree node with a single + * ancestor documenting Component A - the original component from which Component B is + * derived from. + */ + ancestors?: Component[]; + /** + * A list of zero or more commits which provide a trail describing how the component + * deviates from an ancestor, descendant, or variant. + */ + commits?: FluffyCommit[]; + /** + * Descendants are the exact opposite of ancestors. This provides a way to document all + * forks (and their forks) of an original or root component. + */ + descendants?: Component[]; + /** + * Notes, observations, and other non-structured commentary describing the components + * pedigree. + */ + notes?: string; + /** + * >A list of zero or more patches describing how the component deviates from an ancestor, + * descendant, or variant. Patches may be complementary to commits or may be used in place + * of commits. + */ + patches?: FluffyPatch[]; + /** + * Variants describe relations where the relationship between the components is not known. + * For example, if Component A contains nearly identical code to Component B. They are both + * related, but it is unclear if one is derived from the other, or if they share a common + * ancestor. + */ + variants?: Component[]; +}; + +/** + * The tool or component that created the annotation + * + * The component that the BOM describes. + */ +export type Component = { + /** + * [Deprecated] This will be removed in a future version. Use `@.authors` or + * `@.manufacturer` instead. + * The person(s) or organization(s) that authored the component + */ + author?: string; + /** + * The person(s) who created the component. + * Authors are common in components created through manual processes. Components created + * through automated means may have `@.manufacturer` instead. + */ + authors?: OrganizationalContact[]; + /** + * An optional identifier which can be used to reference the component elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A list of software and hardware components included in the parent component. This is not + * a dependency tree. It provides a way to specify a hierarchical representation of + * component assemblies, similar to system → subsystem → parts assembly in + * physical supply chains. + */ + components?: Component[]; + /** + * A copyright notice informing users of the underlying claims to copyright ownership in a + * published work. + */ + copyright?: string; + /** + * Asserts the identity of the component using CPE. The CPE must conform to the CPE 2.2 or + * 2.3 specification. See + * [https://nvd.nist.gov/products/cpe](https://nvd.nist.gov/products/cpe). Refer to + * `@.evidence.identity` to optionally provide evidence that substantiates the assertion of + * the component's identity. + */ + cpe?: string; + cryptoProperties?: CryptographicProperties; + /** + * This object SHOULD be specified for any component of type `data` and must not be + * specified for other component types. + */ + data?: FluffyComponentData[]; + /** + * Specifies a description for the component + */ + description?: string; + /** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ + evidence?: FluffyEvidence; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The grouping name or identifier. This will often be a shortened, single name of the + * company or project that produced the component, or the source package or domain name. + * Whitespace and special characters should be avoided. Examples include: apache, + * org.apache.commons, and apache.org. + */ + group?: string; + /** + * The hashes of the component. + */ + hashes?: Hash[]; + licenses?: LicenseChoiceElement[]; + /** + * The organization that created the component. + * Manufacturer is common in components created through automated processes. Components + * created through manual means may have `@.authors` instead. + */ + manufacturer?: OrganizationalEntity; + /** + * The optional mime-type of the component. When used on file components, the mime-type can + * provide additional context about the kind of file being represented, such as an image, + * font, or executable. Some library or framework components may also have an associated + * mime-type. + */ + 'mime-type'?: string; + modelCard?: FluffyModelCard; + /** + * [Deprecated] This will be removed in a future version. Use the pedigree element instead + * to supply information on exactly how the component was modified. A boolean value + * indicating if the component has been modified from the original. A value of true + * indicates the component is a derivative of the original. A value of false indicates the + * component has not been modified from the original. + */ + modified?: boolean; + /** + * The name of the component. This will often be a shortened, single name of the component. + * Examples: commons-lang3 and jquery + */ + name: string; + /** + * Asserts the identity of the component using the OmniBOR Artifact ID. The OmniBOR, if + * specified, must be valid and conform to the specification defined at: + * [https://www.iana.org/assignments/uri-schemes/prov/gitoid](https://www.iana.org/assignments/uri-schemes/prov/gitoid). + * Refer to `@.evidence.identity` to optionally provide evidence that substantiates the + * assertion of the component's identity. + */ + omniborId?: string[]; + /** + * Component pedigree is a way to document complex supply chain scenarios where components + * are created, distributed, modified, redistributed, combined with other components, etc. + * Pedigree supports viewing this complex chain from the beginning, the end, or anywhere in + * the middle. It also provides a way to document variants where the exact relation may not + * be known. + */ + pedigree?: FluffyComponentPedigree; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The person(s) or organization(s) that published the component + */ + publisher?: string; + /** + * Asserts the identity of the component using package-url (purl). The purl, if specified, + * must be valid and conform to the specification defined at: + * [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). + * Refer to `@.evidence.identity` to optionally provide evidence that substantiates the + * assertion of the component's identity. + */ + purl?: string; + /** + * Specifies optional release notes. + */ + releaseNotes?: FluffyReleaseNotes; + /** + * Specifies the scope of the component. If scope is not specified, 'required' scope SHOULD + * be assumed by the consumer of the BOM. + */ + scope?: ComponentScope; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + */ + supplier?: OrganizationalEntity; + /** + * Asserts the identity of the component using the Software Heritage persistent identifier + * (SWHID). The SWHID, if specified, must be valid and conform to the specification defined + * at: + * [https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html](https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html). + * Refer to `@.evidence.identity` to optionally provide evidence that substantiates the + * assertion of the component's identity. + */ + swhid?: string[]; + /** + * Asserts the identity of the component using [ISO-IEC 19770-2 Software Identification + * (SWID) Tags](https://www.iso.org/standard/65666.html). Refer to `@.evidence.identity` to + * optionally provide evidence that substantiates the assertion of the component's identity. + */ + swid?: FluffySWIDTag; + tags?: string[]; + /** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. + */ + type: TentacledComponentType; + /** + * The component version. The version should ideally comply with semantic versioning but is + * not enforced. + */ + version?: string; +}; + +/** + * Specifies an individual commit + */ +export type FluffyCommit = { + /** + * The author who created the changes in the commit + */ + author?: FluffyIdentifiableAction; + /** + * The person who committed or pushed the commit + */ + committer?: FluffyIdentifiableAction; + /** + * The text description of the contents of the commit + */ + message?: string; + /** + * A unique identifier of the commit. This may be version control specific. For example, + * Subversion uses revision numbers whereas git uses commit hashes. + */ + uid?: string; + /** + * The URL to the commit. This URL will typically point to a commit in a version control + * system. + */ + url?: string; +}; + +/** + * The author who created the changes in the commit + * + * Specifies an individual commit + * + * The person who committed or pushed the commit + */ +export type FluffyIdentifiableAction = { + /** + * The email address of the individual who performed the action + */ + email?: string; + /** + * The name of the individual who performed the action + */ + name?: string; + /** + * The timestamp in which the action occurred + */ + timestamp?: Date; +}; + +/** + * Specifies an individual patch + */ +export type FluffyPatch = { + /** + * The patch file (or diff) that shows changes. Refer to + * [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff) + */ + diff?: FluffyDiff; + /** + * A collection of issues the patch resolves + */ + resolves?: Issue[]; + /** + * Specifies the purpose for the patch including the resolution of defects, security issues, + * or new behavior or functionality. + */ + type: PatchType; +}; + +/** + * The patch file (or diff) that shows changes. Refer to + * [https://en.wikipedia.org/wiki/Diff](https://en.wikipedia.org/wiki/Diff) + * + * The patch file (or diff) that shows changes. Refer to https://en.wikipedia.org/wiki/Diff + */ +export type FluffyDiff = { + /** + * Specifies the optional text of the diff + */ + text?: LicenseText; + /** + * Specifies the URL to the diff + */ + url?: string; +}; + +/** + * An optional way to include textual or encoded data. + * + * Specifies the metadata and content for an attachment. + * + * The graphic (vector or raster). Base64 encoding must be specified for binary images. + * + * An optional way to include the textual content of a license. + * + * Specifies the optional text of the diff + * + * Specifies the full content of the release note. + * + * Specifies the metadata and content of the SWID tag. + * + * Inputs that have the form of data. + * + * Outputs that have the form of data. + * + * Encoding of the raw event data. + */ +export type LicenseText = { + /** + * The attachment data. Proactive controls such as input validation and sanitization should + * be employed to prevent misuse of attachment text. + */ + content: string; + /** + * Specifies the format and nature of the data being attached, helping systems correctly + * interpret and process the content. Common content type examples include + * `application/json` for JSON data and `text/plain` for plan text documents. + * [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the + * structure and use of content types. For a comprehensive list of registered content types, + * refer to the [IANA media types + * registry](https://www.iana.org/assignments/media-types/media-types.xhtml). + */ + contentType?: string; + /** + * Specifies the optional encoding the text is represented in. + */ + encoding?: Encoding; +}; + +/** + * An individual issue that has been resolved. + */ +export type Issue = { + /** + * A description of the issue + */ + description?: string; + /** + * The identifier of the issue assigned by the source of the issue + */ + id?: string; + /** + * The name of the issue + */ + name?: string; + /** + * A collection of URL's for reference. Multiple URLs are allowed. + */ + references?: string[]; + /** + * The source of the issue where it is documented + */ + source?: TentacledSource; + /** + * Specifies the type of issue + */ + type: ResolveType; +}; + +/** + * The source of the issue where it is documented + */ +export type TentacledSource = { + /** + * The name of the source. + */ + name?: string; + /** + * The url of the issue documentation as provided by the source + */ + url?: string; +}; + +/** + * The individual that is responsible for specific data governance role(s). + * + * The individual, not associated with an organization, that was granted the license + * + * The individual, not associated with an organization, that granted the license + * + * The individual, not associated with an organization, that purchased the license + * + * The person that created the annotation + * + * The author of the evidence. + * + * The reviewer of the evidence. + */ +export type OrganizationalContact = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * The email address of the contact. + */ + email?: string; + /** + * The name of a contact + */ + name?: string; + /** + * The phone number of the contact. + */ + phone?: string; +}; + +/** + * Cryptographic assets have properties that uniquely define them and that make them + * actionable for further reasoning. As an example, it makes a difference if one knows the + * algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). + * This is because the security level and the algorithm primitive (authenticated encryption) + * are only defined by the definition of the algorithm variant. The presence of a weak + * cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference. + */ +export type CryptographicProperties = { + /** + * Additional properties specific to a cryptographic algorithm. + */ + algorithmProperties?: AlgorithmProperties; + /** + * Cryptographic assets occur in several forms. Algorithms and protocols are most commonly + * implemented in specialized cryptographic libraries. They may, however, also be + * 'hardcoded' in software components. Certificates and related cryptographic material like + * keys, tokens, secrets or passwords are other cryptographic assets to be modelled. + */ + assetType: AssetType; + /** + * Properties for cryptographic assets of asset type 'certificate' + */ + certificateProperties?: CertificateProperties; + /** + * The object identifier (OID) of the cryptographic asset. + */ + oid?: string; + /** + * Properties specific to cryptographic assets of type: `protocol`. + */ + protocolProperties?: ProtocolProperties; + /** + * Properties for cryptographic assets of asset type: `related-crypto-material` + */ + relatedCryptoMaterialProperties?: RelatedCryptographicMaterialProperties; +}; + +/** + * Additional properties specific to a cryptographic algorithm. + */ +export type AlgorithmProperties = { + /** + * The certification that the implementation of the cryptographic algorithm has received, if + * any. Certifications include revisions and levels of FIPS 140 or Common Criteria of + * different Extended Assurance Levels (CC-EAL). + */ + certificationLevel?: CertificationLevel[]; + /** + * The classical security level that a cryptographic algorithm provides (in bits). + */ + classicalSecurityLevel?: number; + /** + * The cryptographic functions implemented by the cryptographic algorithm. + */ + cryptoFunctions?: CryptographicFunction[]; + /** + * The specific underlying Elliptic Curve (EC) definition employed which is an indicator of + * the level of security strength, performance and complexity. Absent an authoritative + * source of curve names, CycloneDX recommends using curve names as defined at + * [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be + * found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves). + */ + curve?: string; + /** + * The target and execution environment in which the algorithm is implemented in. + */ + executionEnvironment?: ExecutionEnvironment; + /** + * The target platform for which the algorithm is implemented. The implementation can be + * 'generic', running on any platform or for a specific platform. + */ + implementationPlatform?: ImplementationPlatform; + /** + * The mode of operation in which the cryptographic algorithm (block cipher) is used. + */ + mode?: AlgorithmPropertiesMode; + /** + * The NIST security strength category as defined in + * https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). + * A value of 0 indicates that none of the categories are met. + */ + nistQuantumSecurityLevel?: number; + /** + * The padding scheme that is used for the cryptographic algorithm. + */ + padding?: Padding; + /** + * An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, + * '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, + * '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' + * identifies a parameter set used in SLH-DSA (FIPS205). + */ + parameterSetIdentifier?: string; + /** + * Cryptographic building blocks used in higher-level cryptographic systems and protocols. + * Primitives represent different cryptographic routines: deterministic random bit + * generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes + * (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), + * signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes + * (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions + * (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. + * ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple + * algorithms (combiner, e.g. SP800-56Cr2). + */ + primitive?: Primitive; +}; + +export type CertificationLevel = + | 'none' + | 'fips140-1-l1' + | 'fips140-1-l2' + | 'fips140-1-l3' + | 'fips140-1-l4' + | 'fips140-2-l1' + | 'fips140-2-l2' + | 'fips140-2-l3' + | 'fips140-2-l4' + | 'fips140-3-l1' + | 'fips140-3-l2' + | 'fips140-3-l3' + | 'fips140-3-l4' + | 'cc-eal1' + | 'cc-eal1+' + | 'cc-eal2' + | 'cc-eal2+' + | 'cc-eal3' + | 'cc-eal3+' + | 'cc-eal4' + | 'cc-eal4+' + | 'cc-eal5' + | 'cc-eal5+' + | 'cc-eal6' + | 'cc-eal6+' + | 'cc-eal7' + | 'cc-eal7+' + | 'other' + | 'unknown'; + +export type CryptographicFunction = + | 'generate' + | 'keygen' + | 'encrypt' + | 'decrypt' + | 'digest' + | 'tag' + | 'keyderive' + | 'sign' + | 'verify' + | 'encapsulate' + | 'decapsulate' + | 'other' + | 'unknown'; + +/** + * The target and execution environment in which the algorithm is implemented in. + */ +export type ExecutionEnvironment = + | 'software-plain-ram' + | 'software-encrypted-ram' + | 'software-tee' + | 'hardware' + | 'other' + | 'unknown'; + +/** + * The target platform for which the algorithm is implemented. The implementation can be + * 'generic', running on any platform or for a specific platform. + */ +export type ImplementationPlatform = + | 'generic' + | 'x86_32' + | 'x86_64' + | 'armv7-a' + | 'armv7-m' + | 'armv8-a' + | 'armv8-m' + | 'armv9-a' + | 'armv9-m' + | 's390x' + | 'ppc64' + | 'ppc64le' + | 'other' + | 'unknown'; + +/** + * The mode of operation in which the cryptographic algorithm (block cipher) is used. + */ +export type AlgorithmPropertiesMode = + | 'cbc' + | 'ecb' + | 'ccm' + | 'gcm' + | 'cfb' + | 'ofb' + | 'ctr' + | 'other' + | 'unknown'; + +/** + * The padding scheme that is used for the cryptographic algorithm. + */ +export type Padding = + | 'pkcs5' + | 'pkcs7' + | 'pkcs1v15' + | 'oaep' + | 'raw' + | 'other' + | 'unknown'; + +/** + * Cryptographic building blocks used in higher-level cryptographic systems and protocols. + * Primitives represent different cryptographic routines: deterministic random bit + * generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes + * (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), + * signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes + * (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions + * (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. + * ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple + * algorithms (combiner, e.g. SP800-56Cr2). + */ +export type Primitive = + | 'drbg' + | 'mac' + | 'block-cipher' + | 'stream-cipher' + | 'signature' + | 'hash' + | 'pke' + | 'xof' + | 'kdf' + | 'key-agree' + | 'kem' + | 'ae' + | 'combiner' + | 'other' + | 'unknown'; + +/** + * Cryptographic assets occur in several forms. Algorithms and protocols are most commonly + * implemented in specialized cryptographic libraries. They may, however, also be + * 'hardcoded' in software components. Certificates and related cryptographic material like + * keys, tokens, secrets or passwords are other cryptographic assets to be modelled. + */ +export type AssetType = + | 'algorithm' + | 'certificate' + | 'protocol' + | 'related-crypto-material'; + +/** + * Properties for cryptographic assets of asset type 'certificate' + */ +export type CertificateProperties = { + /** + * The file extension of the certificate + */ + certificateExtension?: string; + /** + * The format of the certificate + */ + certificateFormat?: string; + /** + * The issuer name for the certificate + */ + issuerName?: string; + /** + * The date and time according to ISO-8601 standard from which the certificate is not valid + * anymore + */ + notValidAfter?: Date; + /** + * The date and time according to ISO-8601 standard from which the certificate is valid + */ + notValidBefore?: Date; + /** + * The bom-ref to signature algorithm used by the certificate + */ + signatureAlgorithmRef?: string; + /** + * The subject name for the certificate + */ + subjectName?: string; + /** + * The bom-ref to the public key of the subject + */ + subjectPublicKeyRef?: string; +}; + +/** + * Properties specific to cryptographic assets of type: `protocol`. + */ +export type ProtocolProperties = { + /** + * A list of cipher suites related to the protocol. + */ + cipherSuites?: CipherSuite[]; + /** + * A list of protocol-related cryptographic assets + */ + cryptoRefArray?: string[]; + /** + * The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section + * 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties. + */ + ikev2TransformTypes?: IKEv2TransformTypes; + /** + * The concrete protocol type. + */ + type?: ProtocolPropertiesType; + /** + * The version of the protocol. + */ + version?: string; +}; + +/** + * Object representing a cipher suite + */ +export type CipherSuite = { + /** + * A list of algorithms related to the cipher suite. + */ + algorithms?: string[]; + /** + * A list of common identifiers for the cipher suite. + */ + identifiers?: string[]; + /** + * A common name for the cipher suite. + */ + name?: string; +}; + +/** + * The IKEv2 transform types supported (types 1-4), defined in [RFC 7296 section + * 3.3.2](https://www.ietf.org/rfc/rfc7296.html#section-3.3.2), and additional properties. + */ +export type IKEv2TransformTypes = { + /** + * IKEv2 Authentication method + */ + auth?: string[]; + /** + * Transform Type 1: encryption algorithms + */ + encr?: string[]; + /** + * Specifies if an Extended Sequence Number (ESN) is used. + */ + esn?: boolean; + /** + * Transform Type 3: integrity algorithms + */ + integ?: string[]; + /** + * Transform Type 4: Key Exchange Method (KE) per [RFC + * 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H). + */ + ke?: string[]; + /** + * Transform Type 2: pseudorandom functions + */ + prf?: string[]; +}; + +/** + * The concrete protocol type. + */ +export type ProtocolPropertiesType = + | 'tls' + | 'ssh' + | 'ipsec' + | 'ike' + | 'sstp' + | 'wpa' + | 'other' + | 'unknown'; + +/** + * Properties for cryptographic assets of asset type: `related-crypto-material` + */ +export type RelatedCryptographicMaterialProperties = { + /** + * The date and time (timestamp) when the related cryptographic material was activated. + */ + activationDate?: Date; + /** + * The bom-ref to the algorithm used to generate the related cryptographic material. + */ + algorithmRef?: string; + /** + * The date and time (timestamp) when the related cryptographic material was created. + */ + creationDate?: Date; + /** + * The date and time (timestamp) when the related cryptographic material expires. + */ + expirationDate?: Date; + /** + * The format of the related cryptographic material (e.g. P8, PEM, DER). + */ + format?: string; + /** + * The optional unique identifier for the related cryptographic material. + */ + id?: string; + /** + * The mechanism by which the cryptographic asset is secured by. + */ + securedBy?: SecuredBy; + /** + * The size of the cryptographic asset (in bits). + */ + size?: number; + /** + * The key state as defined by NIST SP 800-57. + */ + state?: State; + /** + * The type for the related cryptographic material + */ + type?: RelatedCryptoMaterialType; + /** + * The date and time (timestamp) when the related cryptographic material was updated. + */ + updateDate?: Date; + /** + * The associated value of the cryptographic material. + */ + value?: string; +}; + +/** + * The mechanism by which the cryptographic asset is secured by. + * + * Specifies the mechanism by which the cryptographic asset is secured by + */ +export type SecuredBy = { + /** + * The bom-ref to the algorithm. + */ + algorithmRef?: string; + /** + * Specifies the mechanism by which the cryptographic asset is secured by. + */ + mechanism?: string; +}; + +/** + * The key state as defined by NIST SP 800-57. + */ +export type State = + | 'pre-activation' + | 'active' + | 'suspended' + | 'deactivated' + | 'compromised' + | 'destroyed'; + +/** + * The type for the related cryptographic material + */ +export type RelatedCryptoMaterialType = + | 'private-key' + | 'public-key' + | 'secret-key' + | 'key' + | 'ciphertext' + | 'signature' + | 'digest' + | 'initialization-vector' + | 'nonce' + | 'seed' + | 'salt' + | 'shared-secret' + | 'tag' + | 'additional-data' + | 'password' + | 'credential' + | 'token' + | 'other' + | 'unknown'; + +export type FluffyComponentData = { + /** + * An optional identifier which can be used to reference the dataset elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + classification?: string; + /** + * The contents or references to the contents of the data being described. + */ + contents?: FluffyDataContents; + /** + * A description of the dataset. Can describe size of dataset, whether it's used for source + * code, training, testing, or validation, etc. + */ + description?: string; + governance?: TentacledDataGovernance; + graphics?: FluffyGraphicsCollection; + /** + * The name of the dataset. + */ + name?: string; + /** + * A description of any sensitive data in a dataset. + */ + sensitiveData?: string[]; + /** + * The general theme or subject matter of the data being specified. + */ + type: TypeOfData; +}; + +/** + * The contents or references to the contents of the data being described. + */ +export type FluffyDataContents = { + /** + * An optional way to include textual or encoded data. + */ + attachment?: LicenseText; + /** + * Provides the ability to document name-value parameters used for configuration. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The URL to where the data can be retrieved. + */ + url?: string; +}; + +/** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ +export type LightweightNameValuePairClass = { + /** + * The name of the property. Duplicate names are allowed, each potentially having a + * different value. + */ + name: string; + /** + * The value of the property. + */ + value?: string; +}; + +/** + * Data governance captures information regarding data ownership, stewardship, and + * custodianship, providing insights into the individuals or entities responsible for + * managing, overseeing, and safeguarding the data throughout its lifecycle. + */ +export type TentacledDataGovernance = { + /** + * Data custodians are responsible for the safe custody, transport, and storage of data. + */ + custodians?: FluffyDataGovernanceResponsibleParty[]; + /** + * Data owners are concerned with risk and appropriate access to data. + */ + owners?: FluffyDataGovernanceResponsibleParty[]; + /** + * Data stewards are responsible for data content, context, and associated business rules. + */ + stewards?: FluffyDataGovernanceResponsibleParty[]; +}; + +export type FluffyDataGovernanceResponsibleParty = { + /** + * The individual that is responsible for specific data governance role(s). + */ + contact?: OrganizationalContact; + /** + * The organization that is responsible for specific data governance role(s). + */ + organization?: OrganizationalEntity; +}; + +/** + * The organization that is responsible for specific data governance role(s). + * + * The organization that was granted the license + * + * The organization that granted the license + * + * The organization that purchased the license + * + * The organization that created the component. + * Manufacturer is common in components created through automated processes. Components + * created through manual means may have `@.authors` instead. + * + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + * + * The organization that created the annotation + * + * The organization that provides the service. + * + * The signatory's organization. + * + * The entity issuing the assessment. + * + * [Deprecated] This will be removed in a future version. Use the `@.component.manufacturer` + * instead. + * The organization that manufactured the component that the BOM describes. + * + * The organization that created the BOM. + * Manufacturer is common in BOMs created through automated processes. BOMs created through + * manual means may have `@.authors` instead. + * + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ +export type OrganizationalEntity = { + /** + * The physical address (location) of the organization + */ + address?: PostalAddress; + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A contact at the organization. Multiple contacts are allowed. + */ + contact?: OrganizationalContact[]; + /** + * The name of the organization + */ + name?: string; + /** + * The URL of the organization. Multiple URLs are allowed. + */ + url?: string[]; +}; + +/** + * The physical address (location) of the organization + * + * An address used to identify a contactable location. + */ +export type PostalAddress = { + /** + * An optional identifier which can be used to reference the address elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * The country name or the two-letter ISO 3166-1 country code. + */ + country?: string; + /** + * The locality or city within the country. + */ + locality?: string; + /** + * The postal code. + */ + postalCode?: string; + /** + * The post office box number. + */ + postOfficeBoxNumber?: string; + /** + * The region or state in the country. + */ + region?: string; + /** + * The street address. + */ + streetAddress?: string; +}; + +/** + * A collection of graphics that represent various measurements. + */ +export type FluffyGraphicsCollection = { + /** + * A collection of graphics. + */ + collection?: PurpleGraphic[]; + /** + * A description of this collection of graphics. + */ + description?: string; +}; + +export type PurpleGraphic = { + /** + * The graphic (vector or raster). Base64 encoding must be specified for binary images. + */ + image?: LicenseText; + /** + * The name of the graphic. + */ + name?: string; +}; + +/** + * Provides the ability to document evidence collected through various forms of extraction + * or analysis. + */ +export type FluffyEvidence = { + /** + * Evidence of the components use through the callstack. + */ + callstack?: CallStack; + /** + * Copyright evidence captures intellectual property assertions, providing evidence of + * possible ownership and legal protection. + */ + copyright?: FluffyCopyright[]; + /** + * Evidence that substantiates the identity of a component. The identity may be an object or + * an array of identity objects. Support for specifying identity as a single object was + * introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all + * implementations use arrays, even if only one identity object is specified. + */ + identity?: IdentityEvidenceElement[] | IdentityEvidenceElement; + licenses?: LicenseChoiceElement[]; + /** + * Evidence of individual instances of a component spread across multiple locations. + */ + occurrences?: FluffyOccurrence[]; +}; + +/** + * Evidence of the components use through the callstack. + */ +export type CallStack = { + /** + * Within a call stack, a frame is a discrete unit that encapsulates an execution context, + * including local variables, parameters, and the return address. As function calls are + * made, frames are pushed onto the stack, forming an array-like structure that orchestrates + * the flow of program execution and manages the sequence of function invocations. + */ + frames?: Frame[]; +}; + +export type Frame = { + /** + * The column the code that is called resides. + */ + column?: number; + /** + * The full path and filename of the module. + */ + fullFilename?: string; + /** + * A block of code designed to perform a particular task. + */ + function?: string; + /** + * The line number the code that is called resides on. + */ + line?: number; + /** + * A module or class that encloses functions/methods and other code. + */ + module: string; + /** + * A package organizes modules into namespaces, providing a unique namespace for each type + * it contains. + */ + package?: string; + /** + * Optional arguments that are passed to the module or function. + */ + parameters?: string[]; +}; + +/** + * A copyright notice informing users of the underlying claims to copyright ownership in a + * published work. + */ +export type FluffyCopyright = { + /** + * The textual content of the copyright. + */ + text: string; +}; + +/** + * Evidence that substantiates the identity of a component. + * + * [Deprecated] + */ +export type IdentityEvidenceElement = { + /** + * The value of the field (cpe, purl, etc) that has been concluded based on the aggregate of + * all methods (if available). + */ + concludedValue?: string; + /** + * The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. + */ + confidence?: number; + /** + * The identity field of the component which the evidence describes. + */ + field: IdentityEvidenceField; + /** + * The methods used to extract and/or analyze the evidence. + */ + methods?: IdentityEvidenceMethod[]; + /** + * The object in the BOM identified by its bom-ref. This is often a component or service but + * may be any object type supporting bom-refs. Tools used for analysis should already be + * defined in the BOM, either in the metadata/tools, components, or formulation. + */ + tools?: string[]; +}; + +/** + * The identity field of the component which the evidence describes. + */ +export type IdentityEvidenceField = + | 'group' + | 'name' + | 'version' + | 'purl' + | 'cpe' + | 'omniborId' + | 'swhid' + | 'swid' + | 'hash'; + +export type IdentityEvidenceMethod = { + /** + * The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is + * specific to the technique used. Each technique of analysis can have independent + * confidence. + */ + confidence: number; + /** + * The technique used in this method of analysis. + */ + technique: Technique; + /** + * The value or contents of the evidence. + */ + value?: string; +}; + +/** + * A list of SPDX licenses and/or named licenses. + * + * A tuple of exactly one SPDX License Expression. + */ +export type LicenseChoiceElement = { + license?: License; + acknowledgement?: LicenseAcknowledgement; + /** + * An optional identifier which can be used to reference the license elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A valid SPDX license expression. + * Refer to https://spdx.org/specifications for syntax requirements + */ + expression?: string; +}; + +/** + * Declared licenses and concluded licenses represent two different stages in the licensing + * process within software development. Declared licenses refer to the initial intention of + * the software authors regarding the licensing terms under which their code is released. On + * the other hand, concluded licenses are the result of a comprehensive analysis of the + * project's codebase to identify and confirm the actual licenses of the components used, + * which may differ from the initially declared licenses. While declared licenses provide an + * upfront indication of the licensing intentions, concluded licenses offer a more thorough + * understanding of the actual licensing within a project, facilitating proper compliance + * and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed + * licenses form the evidence necessary to substantiate a concluded license. + */ +export type LicenseAcknowledgement = 'declared' | 'concluded'; + +/** + * Specifies the details and attributes related to a software license. It can either include + * a valid SPDX license identifier or a named license, along with additional properties such + * as license acknowledgment, comprehensive commercial licensing information, and the full + * text of the license. + */ +export type License = { + acknowledgement?: LicenseAcknowledgement; + /** + * An optional identifier which can be used to reference the license elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A valid SPDX license identifier. If specified, this value must be one of the enumeration + * of valid SPDX license identifiers defined in the spdx.schema.json (or spdx.xml) subschema + * which is synchronized with the official SPDX license list. + */ + id?: SpdxSchema; + /** + * Licensing details describing the licensor/licensee, license type, renewal and expiration + * dates, and other important metadata + */ + licensing?: LicenseLicensing; + /** + * The name of the license. This may include the name of a commercial or proprietary license + * or an open source license that may not be defined by SPDX. + */ + name?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * An optional way to include the textual content of a license. + */ + text?: LicenseText; + /** + * The URL to the license file. If specified, a 'license' externalReference should also be + * specified for completeness + */ + url?: string; +}; + +/** + * Licensing details describing the licensor/licensee, license type, renewal and expiration + * dates, and other important metadata + */ +export type LicenseLicensing = { + /** + * License identifiers that may be used to manage licenses and their lifecycle + */ + altIds?: string[]; + /** + * The timestamp indicating when the current license expires (if applicable). + */ + expiration?: Date; + /** + * The timestamp indicating when the license was last renewed. For new purchases, this is + * often the purchase or acquisition date. For non-perpetual licenses or subscriptions, this + * is the timestamp of when the license was last renewed. + */ + lastRenewal?: Date; + /** + * The individual or organization for which a license was granted to + */ + licensee?: FluffyLicensee; + /** + * The type of license(s) that was granted to the licensee. + */ + licenseTypes?: LicenseType[]; + /** + * The individual or organization that grants a license to another individual or organization + */ + licensor?: FluffyLicensor; + /** + * The purchase order identifier the purchaser sent to a supplier or vendor to authorize a + * purchase + */ + purchaseOrder?: string; + /** + * The individual or organization that purchased the license + */ + purchaser?: FluffyPurchaser; +}; + +/** + * The individual or organization for which a license was granted to + */ +export type FluffyLicensee = { + /** + * The individual, not associated with an organization, that was granted the license + */ + individual?: OrganizationalContact; + /** + * The organization that was granted the license + */ + organization?: OrganizationalEntity; +}; + +/** + * The individual or organization that grants a license to another individual or organization + */ +export type FluffyLicensor = { + /** + * The individual, not associated with an organization, that granted the license + */ + individual?: OrganizationalContact; + /** + * The organization that granted the license + */ + organization?: OrganizationalEntity; +}; + +/** + * The individual or organization that purchased the license + */ +export type FluffyPurchaser = { + /** + * The individual, not associated with an organization, that purchased the license + */ + individual?: OrganizationalContact; + /** + * The organization that purchased the license + */ + organization?: OrganizationalEntity; +}; + +export type FluffyOccurrence = { + /** + * Any additional context of the detected component (e.g. a code snippet). + */ + additionalContext?: string; + /** + * An optional identifier which can be used to reference the occurrence elsewhere in the + * BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * The line number where the component was found. + */ + line?: number; + /** + * The location or path to where the component was found. + */ + location: string; + /** + * The offset where the component was found. + */ + offset?: number; + /** + * The symbol name that was found associated with the component. + */ + symbol?: string; +}; + +/** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + * + * Reference to an externally accessible resource. + */ +export type EnergyProviderExternalReference = { + /** + * An optional comment describing the external reference + */ + comment?: string; + /** + * The hashes of the external reference (if applicable). + */ + hashes?: Hash[]; + /** + * Specifies the type of external reference. + */ + type: TentacledType; + /** + * The URI (URL or URN) to the external reference. External references are URIs and + * therefore can accept any URL scheme including https + * ([RFC-7230](https://www.ietf.org/rfc/rfc7230.txt)), mailto + * ([RFC-2368](https://www.ietf.org/rfc/rfc2368.txt)), tel + * ([RFC-3966](https://www.ietf.org/rfc/rfc3966.txt)), and dns + * ([RFC-4501](https://www.ietf.org/rfc/rfc4501.txt)). External references may also include + * formally registered URNs such as [CycloneDX + * BOM-Link](https://cyclonedx.org/capabilities/bomlink/) to reference CycloneDX BOMs or any + * object within a BOM. BOM-Link transforms applicable external references into + * relationships that can be expressed in a BOM or across BOMs. + */ + url: string; +}; + +export type Hash = { + alg: HashAlgorithm; + content: string; +}; + +/** + * Specifies the type of external reference. + */ +export type TentacledType = + | 'vcs' + | 'issue-tracker' + | 'website' + | 'advisories' + | 'bom' + | 'mailing-list' + | 'social' + | 'chat' + | 'documentation' + | 'support' + | 'source-distribution' + | 'distribution' + | 'distribution-intake' + | 'license' + | 'build-meta' + | 'build-system' + | 'release-notes' + | 'security-contact' + | 'model-card' + | 'log' + | 'configuration' + | 'evidence' + | 'formulation' + | 'attestation' + | 'threat-model' + | 'adversary-model' + | 'risk-assessment' + | 'vulnerability-assertion' + | 'exploitability-statement' + | 'pentest-report' + | 'static-analysis-report' + | 'dynamic-analysis-report' + | 'runtime-analysis-report' + | 'component-analysis-report' + | 'maturity-report' + | 'certification-report' + | 'codified-infrastructure' + | 'quality-metrics' + | 'poam' + | 'electronic-signature' + | 'digital-signature' + | 'rfc-9116' + | 'other'; + +/** + * A model card describes the intended uses of a machine learning model and potential + * limitations, including biases and ethical considerations. Model cards typically contain + * the training parameters, which datasets were used to train the model, performance + * metrics, and other relevant data useful for ML transparency. This object SHOULD be + * specified for any component of type `machine-learning-model` and must not be specified + * for other component types. + */ +export type FluffyModelCard = { + /** + * An optional identifier which can be used to reference the model card elsewhere in the + * BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * What considerations should be taken into account regarding the model's construction, + * training, and application? + */ + considerations?: FluffyConsiderations; + /** + * Hyper-parameters for construction of the model. + */ + modelParameters?: FluffyModelParameters; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * A quantitative analysis of the model + */ + quantitativeAnalysis?: FluffyQuantitativeAnalysis; +}; + +/** + * What considerations should be taken into account regarding the model's construction, + * training, and application? + */ +export type FluffyConsiderations = { + /** + * What are the various environmental impacts the corresponding machine learning model has + * exhibited across its lifecycle? + */ + environmentalConsiderations?: EnvironmentalConsiderations; + /** + * What are the ethical risks involved in the application of this model? + */ + ethicalConsiderations?: PurpleRisk[]; + /** + * How does the model affect groups at risk of being systematically disadvantaged? What are + * the harms and benefits to the various affected groups? + */ + fairnessAssessments?: FluffyFairnessAssessment[]; + /** + * What are the known tradeoffs in accuracy/performance of the model? + */ + performanceTradeoffs?: string[]; + /** + * What are the known technical limitations of the model? E.g. What kind(s) of data should + * the model be expected not to perform well on? What are the factors that might degrade + * model performance? + */ + technicalLimitations?: string[]; + /** + * What are the intended use cases of the model? + */ + useCases?: string[]; + /** + * Who are the intended users of the model? + */ + users?: string[]; +}; + +/** + * What are the various environmental impacts the corresponding machine learning model has + * exhibited across its lifecycle? + * + * Describes various environmental impact metrics. + */ +export type EnvironmentalConsiderations = { + /** + * Describes energy consumption information incurred for one or more component lifecycle + * activities. + */ + energyConsumptions?: EnergyConsumption[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; +}; + +/** + * Describes energy consumption information incurred for the specified lifecycle activity. + */ +export type EnergyConsumption = { + /** + * The type of activity that is part of a machine learning model development or operational + * lifecycle. + */ + activity: Activity; + /** + * The total energy cost associated with the model lifecycle activity. + */ + activityEnergyCost: EnergyMeasure; + /** + * The CO2 cost (debit) equivalent to the total energy cost. + */ + co2CostEquivalent?: CO2Measure; + /** + * The CO2 offset (credit) for the CO2 equivalent cost. + */ + co2CostOffset?: CO2Measure; + /** + * The provider(s) of the energy consumed by the associated model development lifecycle + * activity. + */ + energyProviders: EnergyProvider[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; +}; + +/** + * The type of activity that is part of a machine learning model development or operational + * lifecycle. + */ +export type Activity = + | 'design' + | 'data-collection' + | 'data-preparation' + | 'training' + | 'fine-tuning' + | 'validation' + | 'deployment' + | 'inference' + | 'other'; + +/** + * The total energy cost associated with the model lifecycle activity. + * + * A measure of energy. + * + * The energy provided by the energy source for an associated activity. + */ +export type EnergyMeasure = { + /** + * Unit of energy. + */ + unit: ActivityEnergyCostUnit; + /** + * Quantity of energy. + */ + value: number; +}; + +/** + * Unit of energy. + */ +export type ActivityEnergyCostUnit = 'kWh'; + +/** + * The CO2 cost (debit) equivalent to the total energy cost. + * + * A measure of carbon dioxide (CO2). + * + * The CO2 offset (credit) for the CO2 equivalent cost. + */ +export type CO2Measure = { + /** + * Unit of carbon dioxide (CO2). + */ + unit: Co2CostEquivalentUnit; + /** + * Quantity of carbon dioxide (CO2). + */ + value: number; +}; + +/** + * Unit of carbon dioxide (CO2). + */ +export type Co2CostEquivalentUnit = 'tCO2eq'; + +/** + * Describes the physical provider of energy used for model development or operations. + */ +export type EnergyProvider = { + /** + * An optional identifier which can be used to reference the energy provider elsewhere in + * the BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A description of the energy provider. + */ + description?: string; + /** + * The energy provided by the energy source for an associated activity. + */ + energyProvided: EnergyMeasure; + /** + * The energy source for the energy provider. + */ + energySource: EnergySource; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The organization that provides energy. + */ + organization: Organization; +}; + +/** + * The energy source for the energy provider. + */ +export type EnergySource = + | 'coal' + | 'oil' + | 'natural-gas' + | 'nuclear' + | 'wind' + | 'solar' + | 'geothermal' + | 'hydropower' + | 'biofuel' + | 'unknown' + | 'other'; + +/** + * The organization that provides energy. + * + * The organization that is responsible for specific data governance role(s). + * + * The organization that was granted the license + * + * The organization that granted the license + * + * The organization that purchased the license + * + * The organization that created the component. + * Manufacturer is common in components created through automated processes. Components + * created through manual means may have `@.authors` instead. + * + * The organization that supplied the component. The supplier may often be the manufacturer, + * but may also be a distributor or repackager. + * + * The organization that created the annotation + * + * The organization that provides the service. + * + * The signatory's organization. + * + * The entity issuing the assessment. + * + * [Deprecated] This will be removed in a future version. Use the `@.component.manufacturer` + * instead. + * The organization that manufactured the component that the BOM describes. + * + * The organization that created the BOM. + * Manufacturer is common in BOMs created through automated processes. BOMs created through + * manual means may have `@.authors` instead. + * + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ +export type Organization = { + /** + * The physical address (location) of the organization + */ + address?: PostalAddress; + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * A contact at the organization. Multiple contacts are allowed. + */ + contact?: OrganizationalContact[]; + /** + * The name of the organization + */ + name?: string; + /** + * The URL of the organization. Multiple URLs are allowed. + */ + url?: string[]; +}; + +export type PurpleRisk = { + /** + * Strategy used to address this risk. + */ + mitigationStrategy?: string; + /** + * The name of the risk. + */ + name?: string; +}; + +/** + * Information about the benefits and harms of the model to an identified at risk group. + */ +export type FluffyFairnessAssessment = { + /** + * Expected benefits to the identified groups. + */ + benefits?: string; + /** + * The groups or individuals at risk of being systematically disadvantaged by the model. + */ + groupAtRisk?: string; + /** + * Expected harms to the identified groups. + */ + harms?: string; + /** + * With respect to the benefits and harms outlined, please describe any mitigation strategy + * implemented. + */ + mitigationStrategy?: string; +}; + +/** + * Hyper-parameters for construction of the model. + */ +export type FluffyModelParameters = { + /** + * The overall approach to learning used by the model for problem solving. + */ + approach?: FluffyApproach; + /** + * The model architecture family such as transformer network, convolutional neural network, + * residual neural network, LSTM neural network, etc. + */ + architectureFamily?: string; + /** + * The datasets used to train and evaluate the model. + */ + datasets?: FluffyDataset[]; + /** + * The input format(s) of the model + */ + inputs?: FluffyInputAndOutputParameters[]; + /** + * The specific architecture of the model such as GPT-1, ResNet-50, YOLOv3, etc. + */ + modelArchitecture?: string; + /** + * The output format(s) from the model + */ + outputs?: FluffyInputAndOutputParameters[]; + /** + * Directly influences the input and/or output. Examples include classification, regression, + * clustering, etc. + */ + task?: string; +}; + +/** + * The overall approach to learning used by the model for problem solving. + */ +export type FluffyApproach = { + /** + * Learning types describing the learning problem or hybrid learning problem. + */ + type?: LearningType; +}; + +export type FluffyDataset = { + /** + * An optional identifier which can be used to reference the dataset elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + classification?: string; + /** + * The contents or references to the contents of the data being described. + */ + contents?: FluffyDataContents; + /** + * A description of the dataset. Can describe size of dataset, whether it's used for source + * code, training, testing, or validation, etc. + */ + description?: string; + governance?: TentacledDataGovernance; + graphics?: FluffyGraphicsCollection; + /** + * The name of the dataset. + */ + name?: string; + /** + * A description of any sensitive data in a dataset. + */ + sensitiveData?: string[]; + /** + * The general theme or subject matter of the data being specified. + */ + type?: TypeOfData; + /** + * References a data component by the components bom-ref attribute + */ + ref?: string; +}; + +export type FluffyInputAndOutputParameters = { + /** + * The data format for input/output to the model. + */ + format?: string; +}; + +/** + * A quantitative analysis of the model + */ +export type FluffyQuantitativeAnalysis = { + graphics?: FluffyGraphicsCollection; + /** + * The model performance metrics being reported. Examples may include accuracy, F1 score, + * precision, top-3 error rates, MSC, etc. + */ + performanceMetrics?: PurplePerformanceMetric[]; +}; + +export type PurplePerformanceMetric = { + /** + * The confidence interval of the metric. + */ + confidenceInterval?: PurpleConfidenceInterval; + /** + * The name of the slice this metric was computed on. By default, assume this metric is not + * sliced. + */ + slice?: string; + /** + * The type of performance metric. + */ + type?: string; + /** + * The value of the performance metric. + */ + value?: string; +}; + +/** + * The confidence interval of the metric. + */ +export type PurpleConfidenceInterval = { + /** + * The lower bound of the confidence interval. + */ + lowerBound?: string; + /** + * The upper bound of the confidence interval. + */ + upperBound?: string; +}; + +/** + * Specifies optional release notes. + */ +export type FluffyReleaseNotes = { + /** + * One or more alternate names the release may be referred to. This may include unofficial + * terms used by development and marketing teams (e.g. code names). + */ + aliases?: string[]; + /** + * A short description of the release. + */ + description?: string; + /** + * The URL to an image that may be prominently displayed with the release note. + */ + featuredImage?: string; + /** + * Zero or more release notes containing the locale and content. Multiple note objects may + * be specified to support release notes in a wide variety of languages. + */ + notes?: FluffyNote[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * A collection of issues that have been resolved. + */ + resolves?: Issue[]; + /** + * The URL to an image that may be used in messaging on social media platforms. + */ + socialImage?: string; + tags?: string[]; + /** + * The date and time (timestamp) when the release note was created. + */ + timestamp?: Date; + /** + * The title of the release. + */ + title?: string; + /** + * The software versioning type the release note describes. + */ + type: string; +}; + +/** + * A note containing the locale and content. + */ +export type FluffyNote = { + /** + * The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code. + * Examples include: "en", "en-US", "fr" and "fr-CA" + */ + locale?: string; + /** + * Specifies the full content of the release note. + */ + text: LicenseText; +}; + +/** + * Asserts the identity of the component using [ISO-IEC 19770-2 Software Identification + * (SWID) Tags](https://www.iso.org/standard/65666.html). Refer to `@.evidence.identity` to + * optionally provide evidence that substantiates the assertion of the component's + * identity. + * + * Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags. + */ +export type FluffySWIDTag = { + /** + * Maps to the name of a SoftwareIdentity. + */ + name: string; + /** + * Maps to the patch of a SoftwareIdentity. + */ + patch?: boolean; + /** + * Maps to the tagId of a SoftwareIdentity. + */ + tagId: string; + /** + * Maps to the tagVersion of a SoftwareIdentity. + */ + tagVersion?: number; + /** + * Specifies the metadata and content of the SWID tag. + */ + text?: LicenseText; + /** + * The URL to the SWID file. + */ + url?: string; + /** + * Maps to the version of a SoftwareIdentity. + */ + version?: string; +}; + +/** + * Specifies the type of component. For software components, classify as application if no + * more specific appropriate classification is available or cannot be determined for the + * component. + */ +export type TentacledComponentType = + | 'application' + | 'framework' + | 'library' + | 'container' + | 'platform' + | 'operating-system' + | 'device' + | 'device-driver' + | 'firmware' + | 'file' + | 'machine-learning-model' + | 'data' + | 'cryptographic-asset'; + +/** + * The service that created the annotation + */ +export type Service = { + /** + * A boolean value indicating if the service requires authentication. A value of true + * indicates the service requires authentication prior to use. A value of false indicates + * the service does not require authentication. + */ + authenticated?: boolean; + /** + * An optional identifier which can be used to reference the service elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * Specifies information about the data including the directional flow of data and the data + * classification. + */ + data?: FluffyHashObjects[]; + /** + * Specifies a description for the service + */ + description?: string; + /** + * The endpoint URIs of the service. Multiple endpoints are allowed. + */ + endpoints?: string[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The grouping name, namespace, or identifier. This will often be a shortened, single name + * of the company or project that produced the service or domain name. Whitespace and + * special characters should be avoided. + */ + group?: string; + licenses?: LicenseChoiceElement[]; + /** + * The name of the service. This will often be a shortened, single name of the service. + */ + name: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The organization that provides the service. + */ + provider?: OrganizationalEntity; + /** + * Specifies optional release notes. + */ + releaseNotes?: FluffyReleaseNotes; + /** + * A list of services included or deployed behind the parent service. This is not a + * dependency tree. It provides a way to specify a hierarchical representation of service + * assemblies. + */ + services?: Service[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + tags?: string[]; + /** + * The name of the trust zone the service resides in. + */ + trustZone?: string; + /** + * The service version. + */ + version?: string; + /** + * A boolean value indicating if use of the service crosses a trust zone or boundary. A + * value of true indicates that by using the service, a trust boundary is crossed. A value + * of false indicates that by using the service, a trust boundary is not crossed. + */ + 'x-trust-boundary'?: boolean; +}; + +export type FluffyHashObjects = { + classification: string; + /** + * Short description of the data content and usage + */ + description?: string; + /** + * The URI, URL, or BOM-Link of the components or services the data is sent to + */ + destination?: string[]; + /** + * Specifies the flow direction of the data. Direction is relative to the service. Inbound + * flow states that data enters the service. Outbound flow states that data leaves the + * service. Bi-directional states that data flows both ways and unknown states that the + * direction is not known. + */ + flow: DataFlowDirection; + governance?: TentacledDataGovernance; + /** + * Name for the defined data + */ + name?: string; + /** + * The URI, URL, or BOM-Link of the components or services the data came in from + */ + source?: string[]; +}; + +export type CycloneDXBillOfMaterialsStandardComposition = { + /** + * Specifies an aggregate type that describe how complete a relationship is. + */ + aggregate: FluffyAggregateType; + /** + * The bom-ref identifiers of the components or services being described. Assemblies refer + * to nested relationships whereby a constituent part may include other constituent parts. + * References do not cascade to child parts. References are explicit for the specified + * constituent part only. + */ + assemblies?: string[]; + /** + * An optional identifier which can be used to reference the composition elsewhere in the + * BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * The bom-ref identifiers of the components or services being described. Dependencies refer + * to a relationship whereby an independent constituent part requires another independent + * constituent part. References do not cascade to transitive dependencies. References are + * explicit for the specified dependency only. + */ + dependencies?: string[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The bom-ref identifiers of the vulnerabilities being described. + */ + vulnerabilities?: string[]; +}; + +/** + * The list of declarations which describe the conformance to standards. Each declaration + * may include attestations, claims, and evidence. + */ +export type Declarations = { + /** + * A concise statement affirmed by an individual regarding all declarations, often used for + * third-party auditor acceptance or recipient acknowledgment. It includes a list of + * authorized signatories who assert the validity of the document on behalf of the + * organization. + */ + affirmation?: Affirmation; + /** + * The list of assessors evaluating claims and determining conformance to requirements and + * confidence in that assessment. + */ + assessors?: Assessor[]; + /** + * The list of attestations asserted by an assessor that maps requirements to claims. + */ + attestations?: Attestation[]; + /** + * The list of claims. + */ + claims?: Claim[]; + /** + * The list of evidence + */ + evidence?: EvidenceElement[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The list of targets which claims are made against. + */ + targets?: Targets; +}; + +/** + * A concise statement affirmed by an individual regarding all declarations, often used for + * third-party auditor acceptance or recipient acknowledgment. It includes a list of + * authorized signatories who assert the validity of the document on behalf of the + * organization. + */ +export type Affirmation = { + /** + * The list of signatories authorized on behalf of an organization to assert validity of + * this document. + */ + signatories?: Signatory[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The brief statement affirmed by an individual regarding all declarations. + * *- Notes This could be an affirmation of acceptance by a third-party auditor or receiving + * individual of a file. + */ + statement?: string; +}; + +export type Signatory = { + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReference?: EnergyProviderExternalReference; + /** + * The signatory's name. + */ + name?: string; + /** + * The signatory's organization. + */ + organization?: OrganizationalEntity; + /** + * The signatory's role within an organization. + */ + role?: string; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; +}; + +/** + * The assessor who evaluates claims and determines conformance to requirements and + * confidence in that assessment. + */ +export type Assessor = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The entity issuing the assessment. + */ + organization?: OrganizationalEntity; + /** + * The boolean indicating if the assessor is outside the organization generating claims. A + * value of false indicates a self assessor. + */ + thirdParty?: boolean; +}; + +export type Attestation = { + /** + * The `bom-ref` to the assessor asserting the attestation. + */ + assessor?: string; + /** + * The grouping of requirements to claims and the attestors declared conformance and + * confidence thereof. + */ + map?: Map[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The short description explaining the main points of the attestation. + */ + summary?: string; +}; + +export type Map = { + /** + * The list of `bom-ref` to the claims being attested to. + */ + claims?: string[]; + /** + * The confidence of the claim meeting the requirement. + */ + confidence?: Confidence; + /** + * The conformance of the claim meeting a requirement. + */ + conformance?: Conformance; + /** + * The list of `bom-ref` to the counter claims being attested to. + */ + counterClaims?: string[]; + /** + * The `bom-ref` to the requirement being attested to. + */ + requirement?: string; +}; + +/** + * The confidence of the claim meeting the requirement. + */ +export type Confidence = { + /** + * The rationale for the confidence score. + */ + rationale?: string; + /** + * The confidence of the claim between and inclusive of 0 and 1, where 1 is 100% confidence. + */ + score?: number; +}; + +/** + * The conformance of the claim meeting a requirement. + */ +export type Conformance = { + /** + * The list of `bom-ref` to the evidence provided describing the mitigation strategies. + */ + mitigationStrategies?: string[]; + /** + * The rationale for the conformance score. + */ + rationale?: string; + /** + * The conformance of the claim between and inclusive of 0 and 1, where 1 is 100% + * conformance. + */ + score?: number; +}; + +export type Claim = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The list of `bom-ref` to counterEvidence that supports this claim. + */ + counterEvidence?: string[]; + /** + * The list of `bom-ref` to evidence that supports this claim. + */ + evidence?: string[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The list of `bom-ref` to the evidence provided describing the mitigation strategies. + * Each mitigation strategy should include an explanation of how any weaknesses in the + * evidence will be mitigated. + */ + mitigationStrategies?: string[]; + /** + * The specific statement or assertion about the target. + */ + predicate?: string; + /** + * The written explanation of why the evidence provided substantiates the claim. + */ + reasoning?: string; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The `bom-ref` to a target representing a specific system, application, API, module, team, + * person, process, business unit, company, etc... that this claim is being applied to. + */ + target?: string; +}; + +export type EvidenceElement = { + /** + * The author of the evidence. + */ + author?: OrganizationalContact; + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The date and time (timestamp) when the evidence was created. + */ + created?: Date; + /** + * The output or analysis that supports claims. + */ + data?: Data[]; + /** + * The written description of what this evidence is and how it was created. + */ + description?: string; + /** + * The optional date and time (timestamp) when the evidence is no longer valid. + */ + expires?: Date; + /** + * The reference to the property name as defined in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy/). + */ + propertyName?: string; + /** + * The reviewer of the evidence. + */ + reviewer?: OrganizationalContact; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; +}; + +export type Data = { + classification?: string; + /** + * The contents or references to the contents of the data being described. + */ + contents?: TentacledDataContents; + governance?: TentacledDataGovernance; + /** + * The name of the data. + */ + name?: string; + /** + * A description of any sensitive data included. + */ + sensitiveData?: string[]; +}; + +/** + * The contents or references to the contents of the data being described. + */ +export type TentacledDataContents = { + /** + * An optional way to include textual or encoded data. + */ + attachment?: LicenseText; + /** + * The URL to where the data can be retrieved. + */ + url?: string; +}; + +/** + * The list of targets which claims are made against. + */ +export type Targets = { + /** + * The list of components which claims are made against. + */ + components?: Component[]; + /** + * The list of organizations which claims are made against. + */ + organizations?: OrganizationalEntity[]; + /** + * The list of services which claims are made against. + */ + services?: Service[]; +}; + +/** + * A collection of reusable objects that are defined and may be used elsewhere in the BOM. + */ +export type Definitions = { + /** + * The list of standards which may consist of regulations, industry or + * organizational-specific standards, maturity models, best practices, or any other + * requirements which can be evaluated against or attested to. + */ + standards?: Standard[]; +}; + +/** + * A standard may consist of regulations, industry or organizational-specific standards, + * maturity models, best practices, or any other requirements which can be evaluated against + * or attested to. + */ +export type Standard = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The description of the standard. + */ + description?: string; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The list of levels associated with the standard. Some standards have different levels of + * compliance. + */ + levels?: Level[]; + /** + * The name of the standard. This will often be a shortened, single name of the standard. + */ + name?: string; + /** + * The owner of the standard, often the entity responsible for its release. + */ + owner?: string; + /** + * The list of requirements comprising the standard. + */ + requirements?: Requirement[]; + /** + * Enveloped signature in [JSON Signature Format + * (JSF)](https://cyberphone.github.io/doc/security/jsf.html). + */ + signature?: Signature; + /** + * The version of the standard. + */ + version?: string; +}; + +export type Level = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The description of the level. + */ + description?: string; + /** + * The identifier used in the standard to identify a specific level. + */ + identifier?: string; + /** + * The list of requirement `bom-ref`s that comprise the level. + */ + requirements?: string[]; + /** + * The title of the level. + */ + title?: string; +}; + +export type Requirement = { + /** + * An optional identifier which can be used to reference the object elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + */ + 'bom-ref'?: string; + /** + * The supplemental text that provides additional guidance or context to the requirement, + * but is not directly part of the requirement. + */ + descriptions?: string[]; + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The unique identifier used in the standard to identify a specific requirement. This + * should match what is in the standard and should not be the requirements bom-ref. + */ + identifier?: string; + /** + * The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and + * standardized framework for uniting security standards and guidelines. CRE links each + * section of a resource to a shared topic identifier (a Common Requirement). Through this + * shared topic link, all resources map to each other. Use of CRE promotes clear and + * unambiguous communication among stakeholders. + */ + openCre?: string[]; + /** + * The optional `bom-ref` to a parent requirement. This establishes a hierarchy of + * requirements. Top-level requirements must not define a parent. Only child requirements + * should define parents. + */ + parent?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The textual content of the requirement. + */ + text?: string; + /** + * The title of the requirement. + */ + title?: string; +}; + +/** + * Defines the direct dependencies of a component, service, or the components + * provided/implemented by a given component. Components or services that do not have their + * own dependencies must be declared as empty elements within the graph. Components or + * services that are not represented in the dependency graph may have unknown dependencies. + * It is recommended that implementations assume this to be opaque and not an indicator of + * an object being dependency-free. It is recommended to leverage compositions to indicate + * unknown dependency graphs. + */ +export type CycloneDXBillOfMaterialsStandardDependency = { + /** + * The bom-ref identifiers of the components or services that are dependencies of this + * dependency object. + */ + dependsOn?: string[]; + /** + * The bom-ref identifiers of the components or services that define a given specification + * or standard, which are provided or implemented by this dependency object. + * For example, a cryptographic library which implements a cryptographic algorithm. A + * component which implements another component does not imply that the implementation is in + * use. + */ + provides?: string[]; + /** + * References a component or service by its bom-ref attribute + */ + ref: string; +}; + +/** + * Describes workflows and resources that captures rules and other aspects of how the + * associated BOM component or service was formed. + */ +export type CycloneDXBillOfMaterialsStandardFormulation = { + /** + * An optional identifier which can be used to reference the formula elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * Transient components that are used in tasks that constitute one or more of this formula's + * workflows + */ + components?: Component[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * Transient services that are used in tasks that constitute one or more of this formula's + * workflows + */ + services?: Service[]; + /** + * List of workflows that can be declared to accomplish specific orchestrated goals and + * independently triggered. + */ + workflows?: FluffyWorkflow[]; +}; + +/** + * A specialized orchestration task. + */ +export type FluffyWorkflow = { + /** + * An optional identifier which can be used to reference the workflow elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: FluffyInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: FluffyOutputType[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: FluffyResourceReferenceChoice[]; + /** + * A graph of the component runtime topology for workflow's instance. + */ + runtimeTopology?: CycloneDXBillOfMaterialsStandardDependency[]; + /** + * The sequence of steps for the task. + */ + steps?: FluffyStep[]; + /** + * The graph of dependencies between tasks within the workflow. + */ + taskDependencies?: CycloneDXBillOfMaterialsStandardDependency[]; + /** + * The tasks that comprise the workflow. + */ + tasks?: FluffyTask[]; + /** + * Indicates the types of activities performed by the set of workflow tasks. + */ + taskTypes: TaskType[]; + /** + * The date and time (timestamp) when the task ended. + */ + timeEnd?: Date; + /** + * The date and time (timestamp) when the task started. + */ + timeStart?: Date; + /** + * The trigger that initiated the task. + */ + trigger?: FluffyTrigger; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * A set of named filesystem or data resource shareable by workflow tasks. + */ + workspaces?: FluffyWorkspace[]; +}; + +/** + * Type that represents various input data types and formats. + */ +export type FluffyInputType = { + /** + * Inputs that have the form of data. + */ + data?: LicenseText; + /** + * Inputs that have the form of parameters with names and values. + */ + environmentVars?: Array; + /** + * Inputs that have the form of parameters with names and values. + */ + parameters?: FluffyParameter[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * A reference to an independent resource provided as an input to a task by the workflow + * runtime. + */ + resource?: FluffyResourceReferenceChoice; + /** + * A reference to the component or service that provided the input to the task (e.g., + * reference to a service with data flow value of `inbound`) + */ + source?: FluffyResourceReferenceChoice; + /** + * A reference to the component or service that received or stored the input if not the task + * itself (e.g., a local, named storage workspace) + */ + target?: FluffyResourceReferenceChoice; +}; + +/** + * A representation of a functional parameter. + */ +export type FluffyParameter = { + /** + * The data type of the parameter. + */ + dataType?: string; + /** + * The name of the parameter. + */ + name?: string; + /** + * The value of the parameter. + */ + value?: string; +}; + +/** + * A reference to an independent resource provided as an input to a task by the workflow + * runtime. + * + * A reference to the component or service that provided the input to the task (e.g., + * reference to a service with data flow value of `inbound`) + * + * A reference to the component or service that received or stored the input if not the task + * itself (e.g., a local, named storage workspace) + * + * A reference to an independent resource generated as output by the task. + * + * Component or service that generated or provided the output from the task (e.g., a build + * tool) + * + * Component or service that received the output from the task (e.g., reference to an + * artifactory service with data flow value of `outbound`) + * + * References the component or service that was the source of the event + * + * References the component or service that was the target of the event + * + * A reference to a locally defined resource (e.g., a bom-ref) or an externally accessible + * resource. + */ +export type FluffyResourceReferenceChoice = { + /** + * Reference to an externally accessible resource. + */ + externalReference?: EnergyProviderExternalReference; + /** + * References an object by its bom-ref attribute + */ + ref?: string; +}; + +export type FluffyOutputType = { + /** + * Outputs that have the form of data. + */ + data?: LicenseText; + /** + * Outputs that have the form of environment variables. + */ + environmentVars?: Array; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * A reference to an independent resource generated as output by the task. + */ + resource?: FluffyResourceReferenceChoice; + /** + * Component or service that generated or provided the output from the task (e.g., a build + * tool) + */ + source?: FluffyResourceReferenceChoice; + /** + * Component or service that received the output from the task (e.g., reference to an + * artifactory service with data flow value of `outbound`) + */ + target?: FluffyResourceReferenceChoice; + /** + * Describes the type of data output. + */ + type?: OutputTypeType; +}; + +/** + * Executes specific commands or tools in order to accomplish its owning task as part of a + * sequence. + */ +export type FluffyStep = { + /** + * Ordered list of commands or directives for the step + */ + commands?: FluffyCommand[]; + /** + * A description of the step. + */ + description?: string; + /** + * A name for the step. + */ + name?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; +}; + +export type FluffyCommand = { + /** + * A text representation of the executed command. + */ + executed?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; +}; + +/** + * Describes the inputs, sequence of steps and resources used to accomplish a task and its + * output. + */ +export type FluffyTask = { + /** + * An optional identifier which can be used to reference the task elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: FluffyInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: FluffyOutputType[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: FluffyResourceReferenceChoice[]; + /** + * A graph of the component runtime topology for task's instance. + */ + runtimeTopology?: CycloneDXBillOfMaterialsStandardDependency[]; + /** + * The sequence of steps for the task. + */ + steps?: FluffyStep[]; + /** + * Indicates the types of activities performed by the set of workflow tasks. + */ + taskTypes: TaskType[]; + /** + * The date and time (timestamp) when the task ended. + */ + timeEnd?: Date; + /** + * The date and time (timestamp) when the task started. + */ + timeStart?: Date; + /** + * The trigger that initiated the task. + */ + trigger?: FluffyTrigger; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * A set of named filesystem or data resource shareable by workflow tasks. + */ + workspaces?: FluffyWorkspace[]; +}; + +/** + * The trigger that initiated the task. + * + * Represents a resource that can conditionally activate (or fire) tasks based upon + * associated events and their data. + */ +export type FluffyTrigger = { + /** + * An optional identifier which can be used to reference the trigger elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref': string; + /** + * A list of conditions used to determine if a trigger should be activated. + */ + conditions?: FluffyCondition[]; + /** + * A description of the resource instance. + */ + description?: string; + /** + * The event data that caused the associated trigger to activate. + */ + event?: FluffyEvent; + /** + * Represents resources and data brought into a task at runtime by executor or task commands + */ + inputs?: FluffyInputType[]; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Represents resources and data output from a task at runtime by executor or task commands + */ + outputs?: FluffyOutputType[]; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: FluffyResourceReferenceChoice[]; + /** + * The date and time (timestamp) when the trigger was activated. + */ + timeActivated?: Date; + /** + * The source type of event which caused the trigger to fire. + */ + type: TriggerType; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; +}; + +/** + * A condition that was used to determine a trigger should be activated. + */ +export type FluffyCondition = { + /** + * Describes the set of conditions which cause the trigger to activate. + */ + description?: string; + /** + * The logical expression that was evaluated that determined the trigger should be fired. + */ + expression?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; +}; + +/** + * The event data that caused the associated trigger to activate. + * + * Represents something that happened that may trigger a response. + */ +export type FluffyEvent = { + /** + * Encoding of the raw event data. + */ + data?: LicenseText; + /** + * A description of the event. + */ + description?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * References the component or service that was the source of the event + */ + source?: FluffyResourceReferenceChoice; + /** + * References the component or service that was the target of the event + */ + target?: FluffyResourceReferenceChoice; + /** + * The date and time (timestamp) when the event was received. + */ + timeReceived?: Date; + /** + * The unique identifier of the event. + */ + uid?: string; +}; + +/** + * A named filesystem or data resource shareable by workflow tasks. + */ +export type FluffyWorkspace = { + /** + * Describes the read-write access control for the workspace relative to the owning resource + * instance. + */ + accessMode?: AccessMode; + /** + * The names for the workspace as referenced by other workflow tasks. Effectively, a name + * mapping so other tasks can use their own local name in their steps. + */ + aliases?: string[]; + /** + * An optional identifier which can be used to reference the workspace elsewhere in the BOM. + * Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref': string; + /** + * A description of the resource instance. + */ + description?: string; + /** + * The name of a domain-specific data type the workspace represents. + */ + managedDataType?: string; + /** + * A path to a location on disk where the workspace will be available to the associated + * task's steps. + */ + mountPath?: string; + /** + * The name of the resource instance. + */ + name?: string; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * References to component or service resources that are used to realize the resource + * instance. + */ + resourceReferences?: FluffyResourceReferenceChoice[]; + /** + * The unique identifier for the resource instance within its deployment context. + */ + uid: string; + /** + * Information about the actual volume instance allocated to the workspace. + */ + volume?: FluffyVolume; + /** + * Identifies the reference to the request for a specific volume type and parameters. + */ + volumeRequest?: string; +}; + +/** + * Information about the actual volume instance allocated to the workspace. + * + * An identifiable, logical unit of data storage tied to a physical device. + */ +export type FluffyVolume = { + /** + * The mode for the volume instance. + */ + mode?: VolumeMode; + /** + * The name of the volume instance + */ + name?: string; + /** + * The underlying path created from the actual volume. + */ + path?: string; + /** + * Indicates if the volume persists beyond the life of the resource it is associated with. + */ + persistent?: boolean; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * Indicates if the volume is remotely (i.e., network) attached. + */ + remote?: boolean; + /** + * The allocated size of the volume accessible to the associated workspace. This should + * include the scalar size as well as IEC standard unit in either decimal or binary form. + */ + sizeAllocated?: string; + /** + * The unique identifier for the volume instance within its deployment context. + */ + uid?: string; +}; + +/** + * Provides additional information about a BOM. + */ +export type BOMMetadata = { + /** + * The person(s) who created the BOM. + * Authors are common in BOMs created through manual processes. BOMs created through + * automated means may have `@.manufacturer` instead. + */ + authors?: OrganizationalContact[]; + /** + * The component that the BOM describes. + */ + component?: Component; + /** + * The license information for the BOM document. + * This may be different from the license(s) of the component(s) that the BOM describes. + */ + licenses?: LicenseChoiceElement[]; + /** + * Lifecycles communicate the stage(s) in which data in the BOM was captured. Different + * types of data may be available at various phases of a lifecycle, such as the Software + * Development Lifecycle (SDLC), IT Asset Management (ITAM), and Software Asset Management + * (SAM). Thus, a BOM may include data specific to or only obtainable in a given lifecycle. + */ + lifecycles?: FluffyLifecycle[]; + /** + * [Deprecated] This will be removed in a future version. Use the `@.component.manufacturer` + * instead. + * The organization that manufactured the component that the BOM describes. + */ + manufacture?: OrganizationalEntity; + /** + * The organization that created the BOM. + * Manufacturer is common in BOMs created through automated processes. BOMs created through + * manual means may have `@.authors` instead. + */ + manufacturer?: OrganizationalEntity; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The organization that supplied the component that the BOM describes. The supplier may + * often be the manufacturer, but may also be a distributor or repackager. + */ + supplier?: OrganizationalEntity; + /** + * The date and time (timestamp) when the BOM was created. + */ + timestamp?: Date; + /** + * The tool(s) used in the creation, enrichment, and validation of the BOM. + */ + tools?: ToolsToolsLegacy[] | PurpleTools; +}; + +/** + * The product lifecycle(s) that this BOM represents. + */ +export type FluffyLifecycle = { + /** + * A pre-defined phase in the product lifecycle. + */ + phase?: Phase; + /** + * The description of the lifecycle phase + */ + description?: string; + /** + * The name of the lifecycle phase + */ + name?: string; +}; + +/** + * [Deprecated] The tool(s) used in the creation, enrichment, and validation of the BOM. + * + * [Deprecated] This will be removed in a future version. Use component or service instead. + * Information about the automated or manual tool used + * + * [Deprecated] The tool(s) used to identify, confirm, or score the vulnerability. + */ +export type ToolsToolsLegacy = { + /** + * External references provide a way to document systems, sites, and information that may be + * relevant, but are not included with the BOM. They may also establish specific + * relationships within or external to the BOM. + */ + externalReferences?: EnergyProviderExternalReference[]; + /** + * The hashes of the tool (if applicable). + */ + hashes?: Hash[]; + /** + * The name of the tool + */ + name?: string; + /** + * The name of the vendor who created the tool + */ + vendor?: string; + /** + * The version of the tool + */ + version?: string; +}; + +/** + * The tool(s) used in the creation, enrichment, and validation of the BOM. + */ +export type PurpleTools = { + /** + * A list of software and hardware components used as tools. + */ + components?: Component[]; + /** + * A list of services used as tools. This may include microservices, function-as-a-service, + * and other types of network or intra-process services. + */ + services?: Service[]; +}; + +/** + * Defines a weakness in a component or service that could be exploited or triggered by a + * threat source. + */ +export type CycloneDXBillOfMaterialsStandardVulnerability = { + /** + * Published advisories of the vulnerability if provided. + */ + advisories?: FluffyAdvisory[]; + /** + * The components or services that are affected by the vulnerability. + */ + affects?: FluffyAffect[]; + /** + * An assessment of the impact and exploitability of the vulnerability. + */ + analysis?: FluffyImpactAnalysis; + /** + * An optional identifier which can be used to reference the vulnerability elsewhere in the + * BOM. Every bom-ref must be unique within the BOM. + * Value SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with + * BOM-Links. + */ + 'bom-ref'?: string; + /** + * The date and time (timestamp) when the vulnerability record was created in the + * vulnerability database. + */ + created?: Date; + /** + * Individuals or organizations credited with the discovery of the vulnerability. + */ + credits?: FluffyCredits; + /** + * List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. + */ + cwes?: number[]; + /** + * A description of the vulnerability as provided by the source. + */ + description?: string; + /** + * If available, an in-depth description of the vulnerability as provided by the source + * organization. Details often include information useful in understanding root cause. + */ + detail?: string; + /** + * The identifier that uniquely identifies the vulnerability. + */ + id?: string; + /** + * Evidence used to reproduce the vulnerability. + */ + proofOfConcept?: FluffyProofOfConcept; + /** + * Provides the ability to document properties in a name-value store. This provides + * flexibility to include data not officially supported in the standard without having to + * use additional namespaces or create extensions. Unlike key-value stores, properties + * support duplicate names, each potentially having different values. Property names of + * interest to the general public are encouraged to be registered in the [CycloneDX Property + * Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration + * is optional. + */ + properties?: LightweightNameValuePairClass[]; + /** + * The date and time (timestamp) when the vulnerability record was first published. + */ + published?: Date; + /** + * List of vulnerability ratings + */ + ratings?: FluffyRating[]; + /** + * Recommendations of how the vulnerability can be remediated or mitigated. + */ + recommendation?: string; + /** + * Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability + * specified. Often times, the same vulnerability may exist in multiple sources of + * vulnerability intelligence, but have different identifiers. References provide a way to + * correlate vulnerabilities across multiple sources of vulnerability intelligence. + */ + references?: FluffyReference[]; + /** + * The date and time (timestamp) when the vulnerability record was rejected (if applicable). + */ + rejected?: Date; + /** + * The source that published the vulnerability. + */ + source?: StickySource; + /** + * The tool(s) used to identify, confirm, or score the vulnerability. + */ + tools?: ToolsToolsLegacy[] | FluffyTools; + /** + * The date and time (timestamp) when the vulnerability record was last updated. + */ + updated?: Date; + /** + * A bypass, usually temporary, of the vulnerability that reduces its likelihood and/or + * impact. Workarounds often involve changes to configuration or deployments. + */ + workaround?: string; +}; + +/** + * Title and location where advisory information can be obtained. An advisory is a + * notification of a threat to a component, service, or system. + */ +export type FluffyAdvisory = { + /** + * An optional name of the advisory. + */ + title?: string; + /** + * Location where the advisory can be obtained. + */ + url: string; +}; + +export type FluffyAffect = { + /** + * References a component or service by the objects bom-ref + */ + ref: string; + /** + * Zero or more individual versions or range of versions. + */ + versions?: FluffyVersion[]; +}; + +export type FluffyVersion = { + /** + * A version range specified in Package URL Version Range syntax (vers) which is defined at + * https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst + */ + range?: string; + /** + * The vulnerability status for the version or range of versions. + */ + status?: AffectedStatus; + /** + * A single version of a component or service. + */ + version?: string; +}; + +/** + * An assessment of the impact and exploitability of the vulnerability. + */ +export type FluffyImpactAnalysis = { + /** + * Detailed description of the impact including methods used during assessment. If a + * vulnerability is not exploitable, this field should include specific details on why the + * component or service is not impacted by this vulnerability. + */ + detail?: string; + /** + * The date and time (timestamp) when the analysis was first issued. + */ + firstIssued?: Date; + justification?: ImpactAnalysisJustification; + /** + * The date and time (timestamp) when the analysis was last updated. + */ + lastUpdated?: Date; + /** + * A response to the vulnerability by the manufacturer, supplier, or project responsible for + * the affected component or service. More than one response is allowed. Responses are + * strongly encouraged for vulnerabilities where the analysis state is exploitable. + */ + response?: Response[]; + state?: ImpactAnalysisState; +}; + +/** + * Individuals or organizations credited with the discovery of the vulnerability. + */ +export type FluffyCredits = { + /** + * The individuals, not associated with organizations, that are credited with vulnerability + * discovery. + */ + individuals?: OrganizationalContact[]; + /** + * The organizations credited with vulnerability discovery. + */ + organizations?: OrganizationalEntity[]; +}; + +/** + * Evidence used to reproduce the vulnerability. + */ +export type FluffyProofOfConcept = { + /** + * A description of the environment in which reproduction was possible. + */ + environment?: string; + /** + * Precise steps to reproduce the vulnerability. + */ + reproductionSteps?: string; + /** + * Supporting material that helps in reproducing or understanding how reproduction is + * possible. This may include screenshots, payloads, and PoC exploit code. + */ + supportingMaterial?: LicenseText[]; + [property: string]: any; +}; + +/** + * Defines the severity or risk ratings of a vulnerability. + */ +export type FluffyRating = { + /** + * An optional reason for rating the vulnerability as it was + */ + justification?: string; + method?: MethodEnum; + /** + * The numerical score of the rating. + */ + score?: number; + /** + * Textual representation of the severity that corresponds to the numerical score of the + * rating. + */ + severity?: Severity; + /** + * The source that calculated the severity or risk rating of the vulnerability. + */ + source?: StickySource; + /** + * Textual representation of the metric values used to score the vulnerability + */ + vector?: string; +}; + +/** + * The source that calculated the severity or risk rating of the vulnerability. + * + * The source of vulnerability information. This is often the organization that published + * the vulnerability. + * + * The source that published the vulnerability. + */ +export type StickySource = { + /** + * The name of the source. + */ + name?: string; + /** + * The url of the vulnerability documentation as provided by the source. + */ + url?: string; +}; + +export type FluffyReference = { + /** + * An identifier that uniquely identifies the vulnerability. + */ + id: string; + /** + * The source that published the vulnerability. + */ + source: StickySource; +}; + +/** + * The tool(s) used to identify, confirm, or score the vulnerability. + */ +export type FluffyTools = { + /** + * A list of software and hardware components used as tools. + */ + components?: Component[]; + /** + * A list of services used as tools. This may include microservices, function-as-a-service, + * and other types of network or intra-process services. + */ + services?: Service[]; +}; diff --git a/libs/inspecjs/Gemfile.lock b/libs/inspecjs/Gemfile.lock index d6d1755e9d..eff9552f97 100644 --- a/libs/inspecjs/Gemfile.lock +++ b/libs/inspecjs/Gemfile.lock @@ -425,8 +425,8 @@ GEM trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) retriable (3.1.2) - rexml (3.2.8) - strscan (>= 3.0.9) + rexml (3.3.6) + strscan rspec (3.11.0) rspec-core (~> 3.11.0) rspec-expectations (~> 3.11.0) diff --git a/libs/inspecjs/package.json b/libs/inspecjs/package.json index 60c760d9e8..ebf01ad6a9 100644 --- a/libs/inspecjs/package.json +++ b/libs/inspecjs/package.json @@ -1,6 +1,6 @@ { "name": "inspecjs", - "version": "2.10.8", + "version": "2.10.13", "description": "Schema definitions, classes on top, and utilities to deal with HDF files", "files": [ "lib" @@ -11,7 +11,7 @@ }, "devDependencies": { "@types/jest": "^27.0.0", - "@types/node": "^20.1.0", + "@types/node": "^22.0.0", "jest": "^27.0.6", "quicktype": "^23.0.170", "ts-jest": "^29.1.0", diff --git a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts index 4b35123c81..129866c8aa 100644 --- a/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts +++ b/libs/inspecjs/src/compat_impl/compat_inspec_1_0.ts @@ -7,7 +7,9 @@ import { HDFControl, HDFControlSegment, SegmentStatus, - Severity + Severity, + convertImpactToSeverity, + severities } from '../compat_wrappers'; import { ControlResult as ControlResult_1_0, @@ -164,17 +166,16 @@ abstract class HDFControl10 implements HDFControl { private static compute_severity( raw: ResultControl_1_0 | ProfileControl_1_0 ): Severity { - if (raw.impact < 0.1) { - return 'none'; - } else if (raw.impact < 0.4) { - return 'low'; - } else if (raw.impact < 0.7) { - return 'medium'; - } else if (raw.impact < 0.9) { - return 'high'; - } else { - return 'critical'; - } + // use severity override tag if it exists + if (severities.includes(raw.tags['severityoverride']?.toLowerCase())) + return raw.tags['severityoverride']; + + // use severity tag if it exists + if (severities.includes(raw.tags['severity']?.toLowerCase())) + return raw.tags['severity']; + + // otherwise, compute severity with impact + return convertImpactToSeverity(raw.impact); } } diff --git a/libs/inspecjs/src/compat_wrappers.ts b/libs/inspecjs/src/compat_wrappers.ts index c96b324408..bf358c64df 100644 --- a/libs/inspecjs/src/compat_wrappers.ts +++ b/libs/inspecjs/src/compat_wrappers.ts @@ -23,13 +23,25 @@ import {CanonizationConfig, NistControl, NistRevision} from './nist'; * 8. from profile -> "From Profile" * These cases are in theory comprehensive, but if somehow no apply, it is still Profile Error */ -export type ControlStatus = - | 'Not Applicable' - | 'From Profile' - | 'Profile Error' - | 'Passed' - | 'Failed' - | 'Not Reviewed'; +export const controlStatuses = [ + 'Not Applicable', + 'From Profile', + 'Profile Error', + 'Passed', + 'Failed', + 'Not Reviewed' +] as const; +export type ControlStatus = (typeof controlStatuses)[number]; +export const lowercasedControlStatuses = [ + 'not applicable', + 'from profile', + 'profile error', + 'passed', + 'failed', + 'not reviewed' +] as const; +export type LowercasedControlStatus = + (typeof lowercasedControlStatuses)[number]; /** The severities a control can have. These map numeric impact values to No/Low/Medium/High/Crtiical impact * [0, 0.01) => No impact @@ -38,7 +50,22 @@ export type ControlStatus = * [0.7, 0.9) => High impact * [0.9, 1.0] => Critical impact */ -export type Severity = 'none' | 'low' | 'medium' | 'high' | 'critical'; +export const severities = [ + 'none', + 'low', + 'medium', + 'high', + 'critical' +] as const; +export type Severity = (typeof severities)[number]; +export const titleCasedSeverities = [ + 'None', + 'Low', + 'Medium', + 'High', + 'Critical' +] as const; +export type TitleCasedSeverity = (typeof titleCasedSeverities)[number]; /** The statuses that a segment of a control (IE a describe block) might have. */ export type SegmentStatus = @@ -48,6 +75,20 @@ export type SegmentStatus = | 'error' | 'no_status'; +export function convertImpactToSeverity(impact: number): Severity { + if (impact < 0.1) { + return 'none'; + } else if (impact < 0.4) { + return 'low'; + } else if (impact < 0.7) { + return 'medium'; + } else if (impact < 0.9) { + return 'high'; + } else { + return 'critical'; + } +} + /** * This interface acts as a polyfill on controls for our HDF "guaranteed" derived types, to provide a stable * method for acessing their properties across different schemas. diff --git a/libs/inspecjs/src/index.ts b/libs/inspecjs/src/index.ts index 8a71763394..3f5584988a 100644 --- a/libs/inspecjs/src/index.ts +++ b/libs/inspecjs/src/index.ts @@ -1,13 +1,20 @@ // Our foreign package API. -// Export types +// Export types and helper functions export { ControlStatus, + controlStatuses, HDFControl, HDFControlSegment, hdfWrapControl, + LowercasedControlStatus, + lowercasedControlStatuses, SegmentStatus, - Severity + severities, + Severity, + titleCasedSeverities, + TitleCasedSeverity, + convertImpactToSeverity } from './compat_wrappers'; // Export Conversion functions export * from './context'; diff --git a/libs/interfaces/config/startup-settings.interface.ts b/libs/interfaces/config/startup-settings.interface.ts index c304fadc0d..c9b7352a34 100644 --- a/libs/interfaces/config/startup-settings.interface.ts +++ b/libs/interfaces/config/startup-settings.interface.ts @@ -9,4 +9,6 @@ export interface IStartupSettings { readonly ldap: boolean; readonly registrationEnabled: boolean; readonly localLoginEnabled: boolean; + readonly tenableHostUrl: string; + readonly splunkHostUrl: string; } diff --git a/package.json b/package.json index b1a3c36f6a..52604c58cf 100644 --- a/package.json +++ b/package.json @@ -29,19 +29,12 @@ "eslint-plugin-prettier": "^5.0.0", "lerna": "^8.1.2", "prettier": "^3.2.4", - "prettier-plugin-organize-imports": "^3.0.0", - "typescript": "^4.9.3", - "vue": "^2.7.16", - "vue-template-compiler": "^2.7.16" + "prettier-plugin-organize-imports": "^4.0.0", + "typescript": "^4.9.3" }, "devDependencies": { "dotenv-cli": "^7.0.0" }, - "resolutions": { - "prismjs": "1.29.0", - "vue": "^2.7.16", - "vue-template-compiler": "^2.7.16" - }, "engines": { "node": "^18.19.0" }, diff --git a/test/integration/results.cy.ts b/test/integration/results.cy.ts index abf4bfb5eb..39f765d148 100644 --- a/test/integration/results.cy.ts +++ b/test/integration/results.cy.ts @@ -40,6 +40,17 @@ context('Results', () => { // Scroll controls into view cy.scrollTo('bottom'); }); + + it('it displays severity override indicators when present', () => { + // Load sample with severity overrides + uploadModal.loadSample('Small Profile With Severity Overrides'); + // Open profile info + resultsPage.openProfileInfo(); + // Scroll controls into view + cy.scrollTo('bottom'); + // Make results data is correct + resultsPageVerifier.severityOverridesCorrect(); + }); }); describe('User Modal', () => { diff --git a/test/package.json b/test/package.json index d1ce015e44..f1c324c378 100644 --- a/test/package.json +++ b/test/package.json @@ -1,6 +1,6 @@ { "name": "@heimdall/cypress-tests", - "version": "2.10.10", + "version": "2.10.15", "private": true, "description": "", "scripts": { @@ -10,10 +10,10 @@ "mock-openid": "node support/server/oidc-server.js" }, "devDependencies": { - "cypress": "13.12.0" + "cypress": "13.14.2" }, "dependencies": { - "cypress-wait-until": "^1.7.1", + "cypress-wait-until": "^3.0.2", "eslint-plugin-cypress": "^3.0.0", "json-server": "^0.17.0", "oauth2-mock-server": "^7.0.0" diff --git a/test/support/components/UploadModal.ts b/test/support/components/UploadModal.ts index 3de2b097e4..f07b76de94 100644 --- a/test/support/components/UploadModal.ts +++ b/test/support/components/UploadModal.ts @@ -14,6 +14,7 @@ export default class UploadModal { } loadFile(domElement: string, name: string): void { + cy.get('[data-cy=fileSearchField]').type(name); cy.get(`#${domElement}`).within(() => { cy.contains(name).click({force: true}); }); diff --git a/test/support/verifiers/ResultsPageVerifier.ts b/test/support/verifiers/ResultsPageVerifier.ts index d25adfb9c4..748223b003 100644 --- a/test/support/verifiers/ResultsPageVerifier.ts +++ b/test/support/verifiers/ResultsPageVerifier.ts @@ -37,4 +37,11 @@ export default class ResultsPageVerifier { expect(card[0].innerText).to.be.oneOf(correctCards); }); } + + severityOverridesCorrect() { + const overrideCount = 3; + cy.get('[data-cy=severityOverride]').then((result) => { + expect(result.length).to.equal(overrideCount); + }); + } } diff --git a/yarn.lock b/yarn.lock index 57fe1b2f6c..9f02f76067 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,14 +2,6 @@ # yarn lockfile v1 -"@75lb/deep-merge@^1.1.1": - version "1.1.1" - resolved "https://registry.yarnpkg.com/@75lb/deep-merge/-/deep-merge-1.1.1.tgz#3b06155b90d34f5f8cc2107d796f1853ba02fd6d" - integrity sha512-xvgv6pkMGBA6GwdyJbNAnDmfAIR/DfWhrj9jgWh3TY7gRm3KO46x/GPjRg6wJ0nOepwqrNxFfojebh0Df4h4Tw== - dependencies: - lodash.assignwith "^4.2.0" - typical "^7.1.1" - "@aashutoshrathi/word-wrap@^1.2.3": version "1.2.6" resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz#bd9154aec9983f77b3a034ecaa015c2e4201f6cf" @@ -44,38 +36,38 @@ "@jridgewell/gen-mapping" "^0.3.5" "@jridgewell/trace-mapping" "^0.3.24" -"@angular-devkit/core@17.1.2": - version "17.1.2" - resolved "https://registry.npmjs.org/@angular-devkit/core/-/core-17.1.2.tgz#bf2c3475e9ff853dc53d8dc8ce9bbf8b2f1193f8" - integrity sha512-ku+/W/HMCBacSWFppenr9y6Lx8mDuTuQvn1IkTyBLiJOpWnzgVbx9kHDeaDchGa1PwLlJUBBrv27t3qgJOIDPw== +"@angular-devkit/core@17.3.8": + version "17.3.8" + resolved "https://registry.yarnpkg.com/@angular-devkit/core/-/core-17.3.8.tgz#8679cacf84cf79764f027811020e235ab32016d2" + integrity sha512-Q8q0voCGudbdCgJ7lXdnyaxKHbNQBARH68zPQV72WT8NWy+Gw/tys870i6L58NWbBaCJEUcIj/kb6KoakSRu+Q== dependencies: ajv "8.12.0" ajv-formats "2.1.1" - jsonc-parser "3.2.0" - picomatch "3.0.1" + jsonc-parser "3.2.1" + picomatch "4.0.1" rxjs "7.8.1" source-map "0.7.4" -"@angular-devkit/schematics-cli@17.1.2": - version "17.1.2" - resolved "https://registry.npmjs.org/@angular-devkit/schematics-cli/-/schematics-cli-17.1.2.tgz#7a77e8294071e5ba569e2ffb567b3301d1db3f07" - integrity sha512-bvXykYzSST05qFdlgIzUguNOb3z0hCa8HaTwtqdmQo9aFPf+P+/AC56I64t1iTchMjQtf3JrBQhYM25gUdcGbg== +"@angular-devkit/schematics-cli@17.3.8": + version "17.3.8" + resolved "https://registry.yarnpkg.com/@angular-devkit/schematics-cli/-/schematics-cli-17.3.8.tgz#26eeb9b581309be474868d01d9f87555760557c3" + integrity sha512-TjmiwWJarX7oqvNiRAroQ5/LeKUatxBOCNEuKXO/PV8e7pn/Hr/BqfFm+UcYrQoFdZplmtNAfqmbqgVziKvCpA== dependencies: - "@angular-devkit/core" "17.1.2" - "@angular-devkit/schematics" "17.1.2" + "@angular-devkit/core" "17.3.8" + "@angular-devkit/schematics" "17.3.8" ansi-colors "4.1.3" - inquirer "9.2.12" + inquirer "9.2.15" symbol-observable "4.0.0" yargs-parser "21.1.1" -"@angular-devkit/schematics@17.1.2": - version "17.1.2" - resolved "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-17.1.2.tgz#ca77a86ed44ab227614aff6e1f7ce4f3cd0c6ded" - integrity sha512-8S9RuM8olFN/gwN+mjbuF1CwHX61f0i59EGXz9tXLnKRUTjsRR+8vVMTAmX0dvVAT5fJTG/T69X+HX7FeumdqA== +"@angular-devkit/schematics@17.3.8": + version "17.3.8" + resolved "https://registry.yarnpkg.com/@angular-devkit/schematics/-/schematics-17.3.8.tgz#f853eb21682aadfb6667e090b5b509fc95ce8442" + integrity sha512-QRVEYpIfgkprNHc916JlPuNbLzOgrm9DZalHasnLUz4P6g7pR21olb8YCyM2OTJjombNhya9ZpckcADU5Qyvlg== dependencies: - "@angular-devkit/core" "17.1.2" - jsonc-parser "3.2.0" - magic-string "0.30.5" + "@angular-devkit/core" "17.3.8" + jsonc-parser "3.2.1" + magic-string "0.30.8" ora "5.4.1" rxjs "7.8.1" @@ -256,522 +248,517 @@ tslib "^2.6.2" "@aws-sdk/client-config-service@^3.95.0": - version "3.606.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-config-service/-/client-config-service-3.606.0.tgz#9db68304e868a4503f4d52f8aaa9f275c1aa3e6b" - integrity sha512-E4nvNxXHQDoYx7+LhDH0+3W2KXLtj6UY8Hh6rCPRT7dJ0q7EhbfgbAkOB56L5X5VIF6UuKG2qlsjdD87iU2K+A== + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-config-service/-/client-config-service-3.649.0.tgz#b2d3937fe55214a5cea3f023915fd7e665213467" + integrity sha512-lRTyZupZPt5C4LNbw6U1pRy+bfNB5G6xlsCKaykyn4YeqQWvySSiFAlzLw51t9YDgmaESJO3fL2QV6zMnhFhwQ== dependencies: "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.606.0" - "@aws-sdk/client-sts" "3.606.0" - "@aws-sdk/core" "3.598.0" - "@aws-sdk/credential-provider-node" "3.600.0" - "@aws-sdk/middleware-host-header" "3.598.0" - "@aws-sdk/middleware-logger" "3.598.0" - "@aws-sdk/middleware-recursion-detection" "3.598.0" - "@aws-sdk/middleware-user-agent" "3.598.0" - "@aws-sdk/region-config-resolver" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@aws-sdk/util-user-agent-browser" "3.598.0" - "@aws-sdk/util-user-agent-node" "3.598.0" - "@smithy/config-resolver" "^3.0.2" - "@smithy/core" "^2.2.1" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/hash-node" "^3.0.1" - "@smithy/invalid-dependency" "^3.0.1" - "@smithy/middleware-content-length" "^3.0.1" - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@aws-sdk/client-sso-oidc" "3.649.0" + "@aws-sdk/client-sts" "3.649.0" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/credential-provider-node" "3.649.0" + "@aws-sdk/middleware-host-header" "3.649.0" + "@aws-sdk/middleware-logger" "3.649.0" + "@aws-sdk/middleware-recursion-detection" "3.649.0" + "@aws-sdk/middleware-user-agent" "3.649.0" + "@aws-sdk/region-config-resolver" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@aws-sdk/util-user-agent-browser" "3.649.0" + "@aws-sdk/util-user-agent-node" "3.649.0" + "@smithy/config-resolver" "^3.0.6" + "@smithy/core" "^2.4.1" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/hash-node" "^3.0.4" + "@smithy/invalid-dependency" "^3.0.4" + "@smithy/middleware-content-length" "^3.0.6" + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" "@smithy/util-base64" "^3.0.0" "@smithy/util-body-length-browser" "^3.0.0" "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.4" - "@smithy/util-defaults-mode-node" "^3.0.4" - "@smithy/util-endpoints" "^2.0.2" - "@smithy/util-middleware" "^3.0.1" - "@smithy/util-retry" "^3.0.1" + "@smithy/util-defaults-mode-browser" "^3.0.16" + "@smithy/util-defaults-mode-node" "^3.0.16" + "@smithy/util-endpoints" "^2.1.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" "@aws-sdk/client-s3@^3.425.0": - version "3.606.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.606.0.tgz#ff9d7e029591387522783b7aae3d458d4cb0b473" - integrity sha512-IGM/E8kVk/NY/kZwLdmGRsX1QYtuPljoNutM5kBRdtGahQL5VwVAve5PElPUArcsTkfTyW+LfXpznDeeHxMCcA== + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.649.0.tgz#7040496b4662d68a986488c55b01d74f41e1cb54" + integrity sha512-eM65Q2rz/5mGkxOtUrceboe6iru5TEii3n3kfD48MPRVF6OF2x+Wyj1w+tuYIkUXemEi5lm5EEmupMTTkW3hlw== dependencies: "@aws-crypto/sha1-browser" "5.2.0" "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.606.0" - "@aws-sdk/client-sts" "3.606.0" - "@aws-sdk/core" "3.598.0" - "@aws-sdk/credential-provider-node" "3.600.0" - "@aws-sdk/middleware-bucket-endpoint" "3.598.0" - "@aws-sdk/middleware-expect-continue" "3.598.0" - "@aws-sdk/middleware-flexible-checksums" "3.598.0" - "@aws-sdk/middleware-host-header" "3.598.0" - "@aws-sdk/middleware-location-constraint" "3.598.0" - "@aws-sdk/middleware-logger" "3.598.0" - "@aws-sdk/middleware-recursion-detection" "3.598.0" - "@aws-sdk/middleware-sdk-s3" "3.598.0" - "@aws-sdk/middleware-signing" "3.598.0" - "@aws-sdk/middleware-ssec" "3.598.0" - "@aws-sdk/middleware-user-agent" "3.598.0" - "@aws-sdk/region-config-resolver" "3.598.0" - "@aws-sdk/signature-v4-multi-region" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@aws-sdk/util-user-agent-browser" "3.598.0" - "@aws-sdk/util-user-agent-node" "3.598.0" - "@aws-sdk/xml-builder" "3.598.0" - "@smithy/config-resolver" "^3.0.2" - "@smithy/core" "^2.2.1" - "@smithy/eventstream-serde-browser" "^3.0.2" - "@smithy/eventstream-serde-config-resolver" "^3.0.1" - "@smithy/eventstream-serde-node" "^3.0.2" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/hash-blob-browser" "^3.1.0" - "@smithy/hash-node" "^3.0.1" - "@smithy/hash-stream-node" "^3.1.0" - "@smithy/invalid-dependency" "^3.0.1" - "@smithy/md5-js" "^3.0.1" - "@smithy/middleware-content-length" "^3.0.1" - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@aws-sdk/client-sso-oidc" "3.649.0" + "@aws-sdk/client-sts" "3.649.0" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/credential-provider-node" "3.649.0" + "@aws-sdk/middleware-bucket-endpoint" "3.649.0" + "@aws-sdk/middleware-expect-continue" "3.649.0" + "@aws-sdk/middleware-flexible-checksums" "3.649.0" + "@aws-sdk/middleware-host-header" "3.649.0" + "@aws-sdk/middleware-location-constraint" "3.649.0" + "@aws-sdk/middleware-logger" "3.649.0" + "@aws-sdk/middleware-recursion-detection" "3.649.0" + "@aws-sdk/middleware-sdk-s3" "3.649.0" + "@aws-sdk/middleware-ssec" "3.649.0" + "@aws-sdk/middleware-user-agent" "3.649.0" + "@aws-sdk/region-config-resolver" "3.649.0" + "@aws-sdk/signature-v4-multi-region" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@aws-sdk/util-user-agent-browser" "3.649.0" + "@aws-sdk/util-user-agent-node" "3.649.0" + "@aws-sdk/xml-builder" "3.649.0" + "@smithy/config-resolver" "^3.0.6" + "@smithy/core" "^2.4.1" + "@smithy/eventstream-serde-browser" "^3.0.7" + "@smithy/eventstream-serde-config-resolver" "^3.0.4" + "@smithy/eventstream-serde-node" "^3.0.6" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/hash-blob-browser" "^3.1.3" + "@smithy/hash-node" "^3.0.4" + "@smithy/hash-stream-node" "^3.1.3" + "@smithy/invalid-dependency" "^3.0.4" + "@smithy/md5-js" "^3.0.4" + "@smithy/middleware-content-length" "^3.0.6" + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" "@smithy/util-base64" "^3.0.0" "@smithy/util-body-length-browser" "^3.0.0" "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.4" - "@smithy/util-defaults-mode-node" "^3.0.4" - "@smithy/util-endpoints" "^2.0.2" - "@smithy/util-retry" "^3.0.1" - "@smithy/util-stream" "^3.0.2" + "@smithy/util-defaults-mode-browser" "^3.0.16" + "@smithy/util-defaults-mode-node" "^3.0.16" + "@smithy/util-endpoints" "^2.1.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" + "@smithy/util-stream" "^3.1.4" "@smithy/util-utf8" "^3.0.0" - "@smithy/util-waiter" "^3.0.1" + "@smithy/util-waiter" "^3.1.3" tslib "^2.6.2" -"@aws-sdk/client-sso-oidc@3.606.0": - version "3.606.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.606.0.tgz#19d4818b9d04e5d1b6a7fe50a86b0c98a2b30c42" - integrity sha512-gL1FHPS6hwgMNS/A+Qh5bUyHOeRVOqdb7c6+i+9gR3wtGvt2lvoSm8w5DhS08Xiiacz2AqYRDEapp0xuyCrbBQ== +"@aws-sdk/client-sso-oidc@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.649.0.tgz#23d0177d1c0a2b670e1f149d134f3baca4eefcd6" + integrity sha512-yaKbOFLk1F1lqAAPUbpoN95pDxgqB/7Rd03yndtV+o3/QLK+etKcgzuIkqGpYycvi6YLYLCxkwPNFEg/NzpW6Q== dependencies: "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/core" "3.598.0" - "@aws-sdk/credential-provider-node" "3.600.0" - "@aws-sdk/middleware-host-header" "3.598.0" - "@aws-sdk/middleware-logger" "3.598.0" - "@aws-sdk/middleware-recursion-detection" "3.598.0" - "@aws-sdk/middleware-user-agent" "3.598.0" - "@aws-sdk/region-config-resolver" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@aws-sdk/util-user-agent-browser" "3.598.0" - "@aws-sdk/util-user-agent-node" "3.598.0" - "@smithy/config-resolver" "^3.0.2" - "@smithy/core" "^2.2.1" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/hash-node" "^3.0.1" - "@smithy/invalid-dependency" "^3.0.1" - "@smithy/middleware-content-length" "^3.0.1" - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/credential-provider-node" "3.649.0" + "@aws-sdk/middleware-host-header" "3.649.0" + "@aws-sdk/middleware-logger" "3.649.0" + "@aws-sdk/middleware-recursion-detection" "3.649.0" + "@aws-sdk/middleware-user-agent" "3.649.0" + "@aws-sdk/region-config-resolver" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@aws-sdk/util-user-agent-browser" "3.649.0" + "@aws-sdk/util-user-agent-node" "3.649.0" + "@smithy/config-resolver" "^3.0.6" + "@smithy/core" "^2.4.1" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/hash-node" "^3.0.4" + "@smithy/invalid-dependency" "^3.0.4" + "@smithy/middleware-content-length" "^3.0.6" + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" "@smithy/util-base64" "^3.0.0" "@smithy/util-body-length-browser" "^3.0.0" "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.4" - "@smithy/util-defaults-mode-node" "^3.0.4" - "@smithy/util-endpoints" "^2.0.2" - "@smithy/util-middleware" "^3.0.1" - "@smithy/util-retry" "^3.0.1" + "@smithy/util-defaults-mode-browser" "^3.0.16" + "@smithy/util-defaults-mode-node" "^3.0.16" + "@smithy/util-endpoints" "^2.1.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sso@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.598.0.tgz#aef58e198e504d3b3d1ba345355650a67d21facb" - integrity sha512-nOI5lqPYa+YZlrrzwAJywJSw3MKVjvu6Ge2fCqQUNYMfxFB0NAaDFnl0EPjXi+sEbtCuz/uWE77poHbqiZ+7Iw== +"@aws-sdk/client-sso@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.649.0.tgz#c8b01f9260dd07d64e4b4ad338132c67757422db" + integrity sha512-G6RZhG+yRdIlR069djAN/v4/Vd7CS8SDnUKkw32n7wJfcpoq0t+Lzcdh73kpIJ+/VslKYwMhbE5lCW+9+jDTdw== dependencies: "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/core" "3.598.0" - "@aws-sdk/middleware-host-header" "3.598.0" - "@aws-sdk/middleware-logger" "3.598.0" - "@aws-sdk/middleware-recursion-detection" "3.598.0" - "@aws-sdk/middleware-user-agent" "3.598.0" - "@aws-sdk/region-config-resolver" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@aws-sdk/util-user-agent-browser" "3.598.0" - "@aws-sdk/util-user-agent-node" "3.598.0" - "@smithy/config-resolver" "^3.0.2" - "@smithy/core" "^2.2.1" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/hash-node" "^3.0.1" - "@smithy/invalid-dependency" "^3.0.1" - "@smithy/middleware-content-length" "^3.0.1" - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/middleware-host-header" "3.649.0" + "@aws-sdk/middleware-logger" "3.649.0" + "@aws-sdk/middleware-recursion-detection" "3.649.0" + "@aws-sdk/middleware-user-agent" "3.649.0" + "@aws-sdk/region-config-resolver" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@aws-sdk/util-user-agent-browser" "3.649.0" + "@aws-sdk/util-user-agent-node" "3.649.0" + "@smithy/config-resolver" "^3.0.6" + "@smithy/core" "^2.4.1" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/hash-node" "^3.0.4" + "@smithy/invalid-dependency" "^3.0.4" + "@smithy/middleware-content-length" "^3.0.6" + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" "@smithy/util-base64" "^3.0.0" "@smithy/util-body-length-browser" "^3.0.0" "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.4" - "@smithy/util-defaults-mode-node" "^3.0.4" - "@smithy/util-endpoints" "^2.0.2" - "@smithy/util-middleware" "^3.0.1" - "@smithy/util-retry" "^3.0.1" + "@smithy/util-defaults-mode-browser" "^3.0.16" + "@smithy/util-defaults-mode-node" "^3.0.16" + "@smithy/util-endpoints" "^2.1.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sts@3.606.0", "@aws-sdk/client-sts@^3.427.0": - version "3.606.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.606.0.tgz#81d61a6240761230fbb0e36ac782485c535ac4a2" - integrity sha512-b11mAhjrkm3MMiAPoMGcmd6vsaz2120lg8rHG/NZCo9vB1K6Kc7WP+a1Q05TRMseer2egTtpWJfn44aVO97VqA== +"@aws-sdk/client-sts@3.649.0", "@aws-sdk/client-sts@^3.427.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.649.0.tgz#6b12a5070badb8c4e742607fb05901ff49d379ff" + integrity sha512-aKrLTPpA+Ew4JswWBGtoYT+LiA+uewKyCsYXwJtdjj20TY4qX9/fjJyEt39ETjMGE55UmQcVFUZWL2m9f/aiAg== dependencies: "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.606.0" - "@aws-sdk/core" "3.598.0" - "@aws-sdk/credential-provider-node" "3.600.0" - "@aws-sdk/middleware-host-header" "3.598.0" - "@aws-sdk/middleware-logger" "3.598.0" - "@aws-sdk/middleware-recursion-detection" "3.598.0" - "@aws-sdk/middleware-user-agent" "3.598.0" - "@aws-sdk/region-config-resolver" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@aws-sdk/util-user-agent-browser" "3.598.0" - "@aws-sdk/util-user-agent-node" "3.598.0" - "@smithy/config-resolver" "^3.0.2" - "@smithy/core" "^2.2.1" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/hash-node" "^3.0.1" - "@smithy/invalid-dependency" "^3.0.1" - "@smithy/middleware-content-length" "^3.0.1" - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@aws-sdk/client-sso-oidc" "3.649.0" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/credential-provider-node" "3.649.0" + "@aws-sdk/middleware-host-header" "3.649.0" + "@aws-sdk/middleware-logger" "3.649.0" + "@aws-sdk/middleware-recursion-detection" "3.649.0" + "@aws-sdk/middleware-user-agent" "3.649.0" + "@aws-sdk/region-config-resolver" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@aws-sdk/util-user-agent-browser" "3.649.0" + "@aws-sdk/util-user-agent-node" "3.649.0" + "@smithy/config-resolver" "^3.0.6" + "@smithy/core" "^2.4.1" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/hash-node" "^3.0.4" + "@smithy/invalid-dependency" "^3.0.4" + "@smithy/middleware-content-length" "^3.0.6" + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" "@smithy/util-base64" "^3.0.0" "@smithy/util-body-length-browser" "^3.0.0" "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.4" - "@smithy/util-defaults-mode-node" "^3.0.4" - "@smithy/util-endpoints" "^2.0.2" - "@smithy/util-middleware" "^3.0.1" - "@smithy/util-retry" "^3.0.1" + "@smithy/util-defaults-mode-browser" "^3.0.16" + "@smithy/util-defaults-mode-node" "^3.0.16" + "@smithy/util-endpoints" "^2.1.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/core@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.598.0.tgz#82a069d703be0cafe3ddeacb1de51981ee4faa25" - integrity sha512-HaSjt7puO5Cc7cOlrXFCW0rtA0BM9lvzjl56x0A20Pt+0wxXGeTOZZOkXQIepbrFkV2e/HYukuT9e99vXDm59g== - dependencies: - "@smithy/core" "^2.2.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/signature-v4" "^3.1.0" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - fast-xml-parser "4.2.5" +"@aws-sdk/core@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.649.0.tgz#8c2a375e3c2e937e2f699f38cbbe031882ce99de" + integrity sha512-dheG/X2y25RHE7K+TlS32kcy7TgDg1OpWV44BQRoE0OBPAWmFR1D1qjjTZ7WWrdqRPKzcnDj1qED8ncyncOX8g== + dependencies: + "@smithy/core" "^2.4.1" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/property-provider" "^3.1.4" + "@smithy/protocol-http" "^4.1.1" + "@smithy/signature-v4" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/util-middleware" "^3.0.4" + fast-xml-parser "4.4.1" tslib "^2.6.2" -"@aws-sdk/credential-provider-env@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.598.0.tgz#ea1f30cfc9948017dd0608518868d3f50074164f" - integrity sha512-vi1khgn7yXzLCcgSIzQrrtd2ilUM0dWodxj3PQ6BLfP0O+q1imO3hG1nq7DVyJtq7rFHs6+9N8G4mYvTkxby2w== +"@aws-sdk/credential-provider-env@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.649.0.tgz#8832e8a3b396c54c3663c2730e41746969fb7e49" + integrity sha512-tViwzM1dauksA3fdRjsg0T8mcHklDa8EfveyiQKK6pUJopkqV6FQx+X5QNda0t/LrdEVlFZvwHNdXqOEfc83TA== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/credential-provider-http@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.598.0.tgz#58144440e698aef63b5cb459780325817c0acf10" - integrity sha512-N7cIafi4HVlQvEgvZSo1G4T9qb/JMLGMdBsDCT5XkeJrF0aptQWzTFH0jIdZcLrMYvzPcuEyO3yCBe6cy/ba0g== - dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/property-provider" "^3.1.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/util-stream" "^3.0.2" +"@aws-sdk/credential-provider-http@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.649.0.tgz#5c7f8556ea79f23435b0b637a96acf7367df9469" + integrity sha512-ODAJ+AJJq6ozbns6ejGbicpsQ0dyMOpnGlg0J9J0jITQ05DKQZ581hdB8APDOZ9N8FstShP6dLZflSj8jb5fNA== + dependencies: + "@aws-sdk/types" "3.649.0" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/util-stream" "^3.1.4" tslib "^2.6.2" -"@aws-sdk/credential-provider-ini@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.598.0.tgz#fd0ba8ab5c3701e05567d1c6f7752cfd9f4ba111" - integrity sha512-/ppcIVUbRwDIwJDoYfp90X3+AuJo2mvE52Y1t2VSrvUovYn6N4v95/vXj6LS8CNDhz2jvEJYmu+0cTMHdhI6eA== - dependencies: - "@aws-sdk/credential-provider-env" "3.598.0" - "@aws-sdk/credential-provider-http" "3.598.0" - "@aws-sdk/credential-provider-process" "3.598.0" - "@aws-sdk/credential-provider-sso" "3.598.0" - "@aws-sdk/credential-provider-web-identity" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@smithy/credential-provider-imds" "^3.1.1" - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" +"@aws-sdk/credential-provider-ini@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.649.0.tgz#95a9737f4faea97d54bdfc909d94b805b1db4d59" + integrity sha512-2CcvYEi76gSXsCTb3izRfUpyDWmX+uGhjBckj3Lt6I2Jh+dxF9AEQAoMhvO7LM12Gx8v3w2JEC+GOZOVO4uq/A== + dependencies: + "@aws-sdk/credential-provider-env" "3.649.0" + "@aws-sdk/credential-provider-http" "3.649.0" + "@aws-sdk/credential-provider-process" "3.649.0" + "@aws-sdk/credential-provider-sso" "3.649.0" + "@aws-sdk/credential-provider-web-identity" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@smithy/credential-provider-imds" "^3.2.1" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/credential-provider-node@3.600.0": - version "3.600.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.600.0.tgz#33b32364972bd7167d000cdded92b9398346a3ca" - integrity sha512-1pC7MPMYD45J7yFjA90SxpR0yaSvy+yZiq23aXhAPZLYgJBAxHLu0s0mDCk/piWGPh8+UGur5K0bVdx4B1D5hw== - dependencies: - "@aws-sdk/credential-provider-env" "3.598.0" - "@aws-sdk/credential-provider-http" "3.598.0" - "@aws-sdk/credential-provider-ini" "3.598.0" - "@aws-sdk/credential-provider-process" "3.598.0" - "@aws-sdk/credential-provider-sso" "3.598.0" - "@aws-sdk/credential-provider-web-identity" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@smithy/credential-provider-imds" "^3.1.1" - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" +"@aws-sdk/credential-provider-node@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.649.0.tgz#d415bd8f3f19f6ca8a6be533c62d9aa6713f1759" + integrity sha512-5g0HhP9DQ3SCvU6pm3yLZz5SUYSL5TP0UGluZN2OMEJG9ZL+tSZSgH21PcEQmpltP0UdS7vvuq++bHv7Bdo9qQ== + dependencies: + "@aws-sdk/credential-provider-env" "3.649.0" + "@aws-sdk/credential-provider-http" "3.649.0" + "@aws-sdk/credential-provider-ini" "3.649.0" + "@aws-sdk/credential-provider-process" "3.649.0" + "@aws-sdk/credential-provider-sso" "3.649.0" + "@aws-sdk/credential-provider-web-identity" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@smithy/credential-provider-imds" "^3.2.1" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/credential-provider-process@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.598.0.tgz#f48ff6f964cd6726499b207f45bfecda4be922ce" - integrity sha512-rM707XbLW8huMk722AgjVyxu2tMZee++fNA8TJVNgs1Ma02Wx6bBrfIvlyK0rCcIRb0WdQYP6fe3Xhiu4e8IBA== +"@aws-sdk/credential-provider-process@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.649.0.tgz#9924873a68cfec037c83f7bebf113ad86098bc79" + integrity sha512-6VYPQpEVpU+6DDS/gLoI40ppuNM5RPIEprK30qZZxnhTr5wyrGOeJ7J7wbbwPOZ5dKwta290BiJDU2ipV8Y9BQ== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/credential-provider-sso@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.598.0.tgz#52781e2b60b1f61752829c44a5e0b9fedd0694d6" - integrity sha512-5InwUmrAuqQdOOgxTccRayMMkSmekdLk6s+az9tmikq0QFAHUCtofI+/fllMXSR9iL6JbGYi1940+EUmS4pHJA== - dependencies: - "@aws-sdk/client-sso" "3.598.0" - "@aws-sdk/token-providers" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" +"@aws-sdk/credential-provider-sso@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.649.0.tgz#0c0221459e325a1d779bab0b30a349b8a4f4eac0" + integrity sha512-1Fh0Ov7LAVlrEpZfHwvslzyWhT+FyFA8RnN56pF3rwypm9s/WbINKEJiEcTYCBAvD4b27iSC0AJzzHdEgkdsxA== + dependencies: + "@aws-sdk/client-sso" "3.649.0" + "@aws-sdk/token-providers" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/credential-provider-web-identity@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.598.0.tgz#d737e9c2b7c4460b8e31a55b4979bf4d88913900" - integrity sha512-GV5GdiMbz5Tz9JO4NJtRoFXjW0GPEujA0j+5J/B723rTN+REHthJu48HdBKouHGhdzkDWkkh1bu52V02Wprw8w== +"@aws-sdk/credential-provider-web-identity@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.649.0.tgz#9b111964076ba238640c0a6338e5f6740d2d4510" + integrity sha512-XVk3WsDa0g3kQFPmnCH/LaCtGY/0R2NDv7gscYZSXiBZcG/fixasglTprgWSp8zcA0t7tEIGu9suyjz8ZwhymQ== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-bucket-endpoint@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.598.0.tgz#033b08921f9f284483a7337ed165743ee0dc598d" - integrity sha512-PM7BcFfGUSkmkT6+LU9TyJiB4S8yI7dfuKQDwK5ZR3P7MKaK4Uj4yyDiv0oe5xvkF6+O2+rShj+eh8YuWkOZ/Q== +"@aws-sdk/middleware-bucket-endpoint@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.649.0.tgz#6fe42dad034bcafcb4ce4a82e53fd74c41ef43d5" + integrity sha512-ZdDICtUU4YZkrVllTUOH1Fj/F3WShLhkfNKJE3HJ/yj6pS8JS9P2lWzHiHkHiidjrHSxc6NuBo6vuZ+182XLbw== dependencies: - "@aws-sdk/types" "3.598.0" + "@aws-sdk/types" "3.649.0" "@aws-sdk/util-arn-parser" "3.568.0" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" "@smithy/util-config-provider" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/middleware-expect-continue@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.598.0.tgz#5b08b8cae70d1e7cc082d3627b31856f6ba20d17" - integrity sha512-ZuHW18kaeHR8TQyhEOYMr8VwiIh0bMvF7J1OTqXHxDteQIavJWA3CbfZ9sgS4XGtrBZDyHJhjZKeCfLhN2rq3w== +"@aws-sdk/middleware-expect-continue@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.649.0.tgz#c0c472e025c49b75ac9d2621d0a0b299b885cfef" + integrity sha512-pW2id/mWNd+L0/hZKp5yL3J+8rTwsamu9E69Hc5pM3qTF4K4DTZZ+A0sQbY6duIvZvc8IbQHbSMulBOLyWNP3A== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-flexible-checksums@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.598.0.tgz#8e40734d5fb1b116816f885885f16db9b5e39032" - integrity sha512-xukAzds0GQXvMEY9G6qt+CzwVzTx8NyKKh04O2Q+nOch6QQ8Rs+2kTRy3Z4wQmXq2pK9hlOWb5nXA7HWpmz6Ng== +"@aws-sdk/middleware-flexible-checksums@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.649.0.tgz#cc1da37cea5c9a3ce52af63e9e5a7ff994116dc8" + integrity sha512-8mzMBEA+Tk6rbrS8iqnXX119C6z+Id84cuzvUc6dAiYcbnOVbus8M4XKKsAFzGGXHCRc2gMwYhKdnoVz2ijaFA== dependencies: "@aws-crypto/crc32" "5.2.0" "@aws-crypto/crc32c" "5.2.0" - "@aws-sdk/types" "3.598.0" + "@aws-sdk/types" "3.649.0" "@smithy/is-array-buffer" "^3.0.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/middleware-host-header@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.598.0.tgz#0a7c4d5a95657bea2d7c4e29b9a8b379952d09b1" - integrity sha512-WiaG059YBQwQraNejLIi0gMNkX7dfPZ8hDIhvMr5aVPRbaHH8AYF3iNSsXYCHvA2Cfa1O9haYXsuMF9flXnCmA== +"@aws-sdk/middleware-host-header@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.649.0.tgz#ab7929cbf19ef9aeda0a16982a4753d0c5201822" + integrity sha512-PjAe2FocbicHVgNNwdSZ05upxIO7AgTPFtQLpnIAmoyzMcgv/zNB5fBn3uAnQSAeEPPCD+4SYVEUD1hw1ZBvEg== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-location-constraint@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.598.0.tgz#45564d5119468e3ac97949431c249e8b6e00ec09" - integrity sha512-8oybQxN3F1ISOMULk7JKJz5DuAm5hCUcxMW9noWShbxTJuStNvuHf/WLUzXrf8oSITyYzIHPtf8VPlKR7I3orQ== +"@aws-sdk/middleware-location-constraint@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.649.0.tgz#66eadced47919177d674443942a829d89350cdda" + integrity sha512-O9AXhaFUQx34UTnp/cKCcaWW/IVk4mntlWfFjsIxvRatamKaY33b5fOiakGG+J1t0QFK0niDBSvOYUR1fdlHzw== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-logger@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.598.0.tgz#0c0692d2f4f9007c915734ab319db377ca9a3b1b" - integrity sha512-bxBjf/VYiu3zfu8SYM2S9dQQc3tz5uBAOcPz/Bt8DyyK3GgOpjhschH/2XuUErsoUO1gDJqZSdGOmuHGZQn00Q== +"@aws-sdk/middleware-logger@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.649.0.tgz#6de0f7015b1039e23c0f008516a8492a334ac33e" + integrity sha512-qdqRx6q7lYC6KL/NT9x3ShTL0TBuxdkCczGzHzY3AnOoYUjnCDH7Vlq867O6MAvb4EnGNECFzIgtkZkQ4FhY5w== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-recursion-detection@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.598.0.tgz#94015d41f8174bd41298fd13f8fb0a8c4576d7c8" - integrity sha512-vjT9BeFY9FeN0f8hm2l6F53tI0N5bUq6RcDkQXKNabXBnQxKptJRad6oP2X5y3FoVfBLOuDkQgiC2940GIPxtQ== +"@aws-sdk/middleware-recursion-detection@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.649.0.tgz#1b4ed4d96aadaa18ee7900c5f8c8a7f91a49077e" + integrity sha512-IPnO4wlmaLRf6IYmJW2i8gJ2+UPXX0hDRv1it7Qf8DpBW+lGyF2rnoN7NrFX0WIxdGOlJF1RcOr/HjXb2QeXfQ== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-sdk-s3@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.598.0.tgz#308604f8a38959ad65ec5674c643c7032d678f43" - integrity sha512-5AGtLAh9wyK6ANPYfaKTqJY1IFJyePIxsEbxa7zS6REheAqyVmgJFaGu3oQ5XlxfGr5Uq59tFTRkyx26G1HkHA== +"@aws-sdk/middleware-sdk-s3@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.649.0.tgz#17eb015b148d2c1fd51c4164bc06a7ec4f1e7148" + integrity sha512-3H8735xTAD7IxNdreT6qv2YRk4CGOGfz8ufZo5pROJYZ4N5rfcdDMvb8szMSLvQHegqS4v1DqO9nrOPgc0I2Qg== dependencies: - "@aws-sdk/types" "3.598.0" + "@aws-sdk/core" "3.649.0" + "@aws-sdk/types" "3.649.0" "@aws-sdk/util-arn-parser" "3.568.0" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/signature-v4" "^3.1.0" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" + "@smithy/core" "^2.4.1" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/protocol-http" "^4.1.1" + "@smithy/signature-v4" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" "@smithy/util-config-provider" "^3.0.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-stream" "^3.1.4" + "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/middleware-signing@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.598.0.tgz#b90eef6a9fe3f76777c9cd4890dcae8e1febd249" - integrity sha512-XKb05DYx/aBPqz6iCapsCbIl8aD8EihTuPCs51p75QsVfbQoVr4TlFfIl5AooMSITzojdAQqxt021YtvxjtxIQ== - dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/signature-v4" "^3.1.0" - "@smithy/types" "^3.1.0" - "@smithy/util-middleware" "^3.0.1" - tslib "^2.6.2" - -"@aws-sdk/middleware-ssec@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-ssec/-/middleware-ssec-3.598.0.tgz#d6a3c64ce77bd7379653b46b58ded32a7b0fe6f4" - integrity sha512-f0p2xP8IC1uJ5e/tND1l81QxRtRFywEdnbtKCE0H6RSn4UIt2W3Dohe1qQDbnh27okF0PkNW6BJGdSAz3p7qbA== +"@aws-sdk/middleware-ssec@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-ssec/-/middleware-ssec-3.649.0.tgz#2a946fea6d85164409d40b0279d89c91e2520758" + integrity sha512-r/WBIpX+Kcx+AV5vJ+LbdDOuibk7spBqcFK2LytQjOZKPksZNRAM99khbFe9vr9S1+uDmCLVjAVkIfQ5seJrOw== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/middleware-user-agent@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.598.0.tgz#6fa26849d256434ca4884c42c1c4755aa2f1556e" - integrity sha512-4tjESlHG5B5MdjUaLK7tQs/miUtHbb6deauQx8ryqSBYOhfHVgb1ZnzvQR0bTrhpqUg0WlybSkDaZAICf9xctg== +"@aws-sdk/middleware-user-agent@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.649.0.tgz#16be52850fd754797aeb0633232b41fd1504dd89" + integrity sha512-q6sO10dnCXoxe9thobMJxekhJumzd1j6dxcE1+qJdYKHJr6yYgWbogJqrLCpWd30w0lEvnuAHK8lN2kWLdJxJw== dependencies: - "@aws-sdk/types" "3.598.0" - "@aws-sdk/util-endpoints" "3.598.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@aws-sdk/util-endpoints" "3.649.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/region-config-resolver@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.598.0.tgz#fd8fd6b7bc11b5f81def4db0db9e835d40a8f86e" - integrity sha512-oYXhmTokSav4ytmWleCr3rs/1nyvZW/S0tdi6X7u+dLNL5Jee+uMxWGzgOrWK6wrQOzucLVjS4E/wA11Kv2GTw== +"@aws-sdk/region-config-resolver@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.649.0.tgz#bb45a3c4c53f80ad0c66d6f6dc62223eb8af5656" + integrity sha512-xURBvdQXvRvca5Du8IlC5FyCj3pkw8Z75+373J3Wb+vyg8GjD14HfKk1Je1HCCQDyIE9VB/scYDcm9ri0ppePw== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/types" "^3.4.0" "@smithy/util-config-provider" "^3.0.0" - "@smithy/util-middleware" "^3.0.1" + "@smithy/util-middleware" "^3.0.4" tslib "^2.6.2" -"@aws-sdk/signature-v4-multi-region@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.598.0.tgz#1716022e31dcbc5821aeca85204718f523a1ddbf" - integrity sha512-1r/EyTrO1gSa1FirnR8V7mabr7gk+l+HkyTI0fcTSr8ucB7gmYyW6WjkY8JCz13VYHFK62usCEDS7yoJoJOzTA== +"@aws-sdk/signature-v4-multi-region@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.649.0.tgz#04d1c8fd378ad656747ac7677bd474b7d37e096a" + integrity sha512-feJfSHtCarFmTMZSE5k7/A+m4FrdCrmotljc/AmXArWy3wl8XFyxE5tFVW/PiUgbgeoVDN+ZLt3YYtItHfNUWQ== dependencies: - "@aws-sdk/middleware-sdk-s3" "3.598.0" - "@aws-sdk/types" "3.598.0" - "@smithy/protocol-http" "^4.0.1" - "@smithy/signature-v4" "^3.1.0" - "@smithy/types" "^3.1.0" + "@aws-sdk/middleware-sdk-s3" "3.649.0" + "@aws-sdk/types" "3.649.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/signature-v4" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/token-providers@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.598.0.tgz#49a94c14ce2e392bb0e84b69986c33ecfad5b804" - integrity sha512-TKY1EVdHVBnZqpyxyTHdpZpa1tUpb6nxVeRNn1zWG8QB5MvH4ALLd/jR+gtmWDNQbIG4cVuBOZFVL8hIYicKTA== +"@aws-sdk/token-providers@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.649.0.tgz#19a9bb26c191e4fe761f73a2f818cda2554a7767" + integrity sha512-ZBqr+JuXI9RiN+4DSZykMx5gxpL8Dr3exIfFhxMiwAP3DQojwl0ub8ONjMuAjq9OvmX6n+jHZL6fBnNgnNFC8w== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/types@3.598.0", "@aws-sdk/types@^3.222.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.598.0.tgz#b840d2446dee19a2a4731e6166f2327915d846db" - integrity sha512-742uRl6z7u0LFmZwDrFP6r1wlZcgVPw+/TilluDJmCAR8BgRw3IR+743kUXKBGd8QZDRW2n6v/PYsi/AWCDDMQ== +"@aws-sdk/types@3.649.0", "@aws-sdk/types@^3.222.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.649.0.tgz#a6828e6338dc755e0c30b5f77321e63425a88aed" + integrity sha512-PuPw8RysbhJNlaD2d/PzOTf8sbf4Dsn2b7hwyGh7YVG3S75yTpxSAZxrnhKsz9fStgqFmnw/jUfV/G+uQAeTVw== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@aws-sdk/util-arn-parser@3.568.0": @@ -781,14 +768,14 @@ dependencies: tslib "^2.6.2" -"@aws-sdk/util-endpoints@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.598.0.tgz#7f78d68524babac7fdacf381590470353d45b959" - integrity sha512-Qo9UoiVVZxcOEdiOMZg3xb1mzkTxrhd4qSlg5QQrfWPJVx/QOg+Iy0NtGxPtHtVZNHZxohYwDwV/tfsnDSE2gQ== +"@aws-sdk/util-endpoints@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.649.0.tgz#0f359a87ddbe8a4dbce11a8f7f9e295a3b9e6612" + integrity sha512-bZI1Wc3R/KibdDVWFxX/N4AoJFG4VJ92Dp4WYmOrVD6VPkb8jPz7ZeiYc7YwPl8NoDjYyPneBV0lEoK/V8OKAA== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/types" "^3.1.0" - "@smithy/util-endpoints" "^2.0.2" + "@aws-sdk/types" "3.649.0" + "@smithy/types" "^3.4.0" + "@smithy/util-endpoints" "^2.1.0" tslib "^2.6.2" "@aws-sdk/util-locate-window@^3.0.0": @@ -798,32 +785,32 @@ dependencies: tslib "^2.6.2" -"@aws-sdk/util-user-agent-browser@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.598.0.tgz#5039d0335f8a06af5be73c960df85009dda59090" - integrity sha512-36Sxo6F+ykElaL1mWzWjlg+1epMpSe8obwhCN1yGE7Js9ywy5U6k6l+A3q3YM9YRbm740sNxncbwLklMvuhTKw== +"@aws-sdk/util-user-agent-browser@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.649.0.tgz#fa533fe882757f82b7b9f2927dda8111f3601b33" + integrity sha512-IY43r256LhKAvdEVQO/FPdUyVpcZS5EVxh/WHVdNzuN1bNLoUK2rIzuZqVA0EGguvCxoXVmQv9m50GvG7cGktg== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/types" "^3.4.0" bowser "^2.11.0" tslib "^2.6.2" -"@aws-sdk/util-user-agent-node@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.598.0.tgz#f9bdf1b7cc3a40787c379f7c2ff028de2612c177" - integrity sha512-oyWGcOlfTdzkC6SVplyr0AGh54IMrDxbhg5RxJ5P+V4BKfcDoDcZV9xenUk9NsOi9MuUjxMumb9UJGkDhM1m0A== +"@aws-sdk/util-user-agent-node@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.649.0.tgz#715e490b190fe7fb7df0d83be7e84a31be99cb11" + integrity sha512-x5DiLpZDG/AJmCIBnE3Xhpwy35QIo3WqNiOpw6ExVs1NydbM/e90zFPSfhME0FM66D/WorigvluBxxwjxDm/GA== dependencies: - "@aws-sdk/types" "3.598.0" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@aws-sdk/types" "3.649.0" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@aws-sdk/xml-builder@3.598.0": - version "3.598.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.598.0.tgz#ee591c5d80a34d9c5bc14326f1a62e9a0649c587" - integrity sha512-ZIa2RK7CHFTZ4gwK77WRtsZ6vF7xwRXxJ8KQIxK2duhoTVcn0xYxpFLdW9WZZZvdP9GIF3Loqvf8DRdeU5Jc7Q== +"@aws-sdk/xml-builder@3.649.0": + version "3.649.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.649.0.tgz#b61ecce737444a3b2f2102f00544db1ef7a90e2e" + integrity sha512-XVESKkK7m5LdCVzZ3NvAja40BEyCrfPqtaiFAAhJIvW2U1Edyugf2o3XikuQY62crGT6BZagxJFgOiLKvuTiTg== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.16.7", "@babel/code-frame@^7.23.5", "@babel/code-frame@^7.24.1", "@babel/code-frame@^7.24.2", "@babel/code-frame@^7.8.3": @@ -1884,14 +1871,14 @@ "@cspotcode/source-map-support@^0.8.0": version "0.8.1" - resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" + resolved "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw== dependencies: "@jridgewell/trace-mapping" "0.3.9" -"@cypress/request@^3.0.0": +"@cypress/request@^3.0.1": version "3.0.1" - resolved "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz#72d7d5425236a2413bd3d8bb66d02d9dc3168960" + resolved "https://registry.yarnpkg.com/@cypress/request/-/request-3.0.1.tgz#72d7d5425236a2413bd3d8bb66d02d9dc3168960" integrity sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ== dependencies: aws-sign2 "~0.7.0" @@ -1936,124 +1923,129 @@ integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw== "@e965/xlsx@^0.20.0": - version "0.20.2" - resolved "https://registry.npmjs.org/@e965/xlsx/-/xlsx-0.20.2.tgz#811f0cab04fa5867e6750bccb1fb181f9596e979" - integrity sha512-VtTND/9MDM4G3fgwo6sV0xOKM4rrragqWNUPPoSrUQ+lGRRaYYfcS/9UaqgkNLm9do3rJBEn59fZQ+BPeG2yyA== - -"@esbuild/aix-ppc64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz#c7184a326533fcdf1b8ee0733e21c713b975575f" - integrity sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ== - -"@esbuild/android-arm64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz#09d9b4357780da9ea3a7dfb833a1f1ff439b4052" - integrity sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A== - -"@esbuild/android-arm@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.21.5.tgz#9b04384fb771926dfa6d7ad04324ecb2ab9b2e28" - integrity sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg== - -"@esbuild/android-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.21.5.tgz#29918ec2db754cedcb6c1b04de8cd6547af6461e" - integrity sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA== - -"@esbuild/darwin-arm64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz#e495b539660e51690f3928af50a76fb0a6ccff2a" - integrity sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ== - -"@esbuild/darwin-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz#c13838fa57372839abdddc91d71542ceea2e1e22" - integrity sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw== - -"@esbuild/freebsd-arm64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz#646b989aa20bf89fd071dd5dbfad69a3542e550e" - integrity sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g== - -"@esbuild/freebsd-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz#aa615cfc80af954d3458906e38ca22c18cf5c261" - integrity sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ== - -"@esbuild/linux-arm64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz#70ac6fa14f5cb7e1f7f887bcffb680ad09922b5b" - integrity sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q== - -"@esbuild/linux-arm@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz#fc6fd11a8aca56c1f6f3894f2bea0479f8f626b9" - integrity sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA== - -"@esbuild/linux-ia32@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz#3271f53b3f93e3d093d518d1649d6d68d346ede2" - integrity sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg== - -"@esbuild/linux-loong64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz#ed62e04238c57026aea831c5a130b73c0f9f26df" - integrity sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg== - -"@esbuild/linux-mips64el@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz#e79b8eb48bf3b106fadec1ac8240fb97b4e64cbe" - integrity sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg== - -"@esbuild/linux-ppc64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz#5f2203860a143b9919d383ef7573521fb154c3e4" - integrity sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w== - -"@esbuild/linux-riscv64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz#07bcafd99322d5af62f618cb9e6a9b7f4bb825dc" - integrity sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA== - -"@esbuild/linux-s390x@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz#b7ccf686751d6a3e44b8627ababc8be3ef62d8de" - integrity sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A== - -"@esbuild/linux-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz#6d8f0c768e070e64309af8004bb94e68ab2bb3b0" - integrity sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ== - -"@esbuild/netbsd-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz#bbe430f60d378ecb88decb219c602667387a6047" - integrity sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg== - -"@esbuild/openbsd-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz#99d1cf2937279560d2104821f5ccce220cb2af70" - integrity sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow== - -"@esbuild/sunos-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz#08741512c10d529566baba837b4fe052c8f3487b" - integrity sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg== - -"@esbuild/win32-arm64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz#675b7385398411240735016144ab2e99a60fc75d" - integrity sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A== - -"@esbuild/win32-ia32@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz#1bfc3ce98aa6ca9a0969e4d2af72144c59c1193b" - integrity sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA== - -"@esbuild/win32-x64@0.21.5": - version "0.21.5" - resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz#acad351d582d157bb145535db2a6ff53dd514b5c" - integrity sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw== + version "0.20.3" + resolved "https://registry.yarnpkg.com/@e965/xlsx/-/xlsx-0.20.3.tgz#4577f2c7691137d3e315018218ba2b76e4721ba9" + integrity sha512-703RN/3OdsRD5mtse2HBX7Um7xwaP9tlswEG6svOtjqokXoX7rJdQj7DyabD2I+xk22RgaIIU+R6BHgkpZGB/w== + +"@esbuild/aix-ppc64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.23.0.tgz#145b74d5e4a5223489cabdc238d8dad902df5259" + integrity sha512-3sG8Zwa5fMcA9bgqB8AfWPQ+HFke6uD3h1s3RIwUNK8EG7a4buxvuFTs3j1IMs2NXAk9F30C/FF4vxRgQCcmoQ== + +"@esbuild/android-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.23.0.tgz#453bbe079fc8d364d4c5545069e8260228559832" + integrity sha512-EuHFUYkAVfU4qBdyivULuu03FhJO4IJN9PGuABGrFy4vUuzk91P2d+npxHcFdpUnfYKy0PuV+n6bKIpHOB3prQ== + +"@esbuild/android-arm@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.23.0.tgz#26c806853aa4a4f7e683e519cd9d68e201ebcf99" + integrity sha512-+KuOHTKKyIKgEEqKbGTK8W7mPp+hKinbMBeEnNzjJGyFcWsfrXjSTNluJHCY1RqhxFurdD8uNXQDei7qDlR6+g== + +"@esbuild/android-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.23.0.tgz#1e51af9a6ac1f7143769f7ee58df5b274ed202e6" + integrity sha512-WRrmKidLoKDl56LsbBMhzTTBxrsVwTKdNbKDalbEZr0tcsBgCLbEtoNthOW6PX942YiYq8HzEnb4yWQMLQuipQ== + +"@esbuild/darwin-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.23.0.tgz#d996187a606c9534173ebd78c58098a44dd7ef9e" + integrity sha512-YLntie/IdS31H54Ogdn+v50NuoWF5BDkEUFpiOChVa9UnKpftgwzZRrI4J132ETIi+D8n6xh9IviFV3eXdxfow== + +"@esbuild/darwin-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.23.0.tgz#30c8f28a7ef4e32fe46501434ebe6b0912e9e86c" + integrity sha512-IMQ6eme4AfznElesHUPDZ+teuGwoRmVuuixu7sv92ZkdQcPbsNHzutd+rAfaBKo8YK3IrBEi9SLLKWJdEvJniQ== + +"@esbuild/freebsd-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.23.0.tgz#30f4fcec8167c08a6e8af9fc14b66152232e7fb4" + integrity sha512-0muYWCng5vqaxobq6LB3YNtevDFSAZGlgtLoAc81PjUfiFz36n4KMpwhtAd4he8ToSI3TGyuhyx5xmiWNYZFyw== + +"@esbuild/freebsd-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.23.0.tgz#1003a6668fe1f5d4439e6813e5b09a92981bc79d" + integrity sha512-XKDVu8IsD0/q3foBzsXGt/KjD/yTKBCIwOHE1XwiXmrRwrX6Hbnd5Eqn/WvDekddK21tfszBSrE/WMaZh+1buQ== + +"@esbuild/linux-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.23.0.tgz#3b9a56abfb1410bb6c9138790f062587df3e6e3a" + integrity sha512-j1t5iG8jE7BhonbsEg5d9qOYcVZv/Rv6tghaXM/Ug9xahM0nX/H2gfu6X6z11QRTMT6+aywOMA8TDkhPo8aCGw== + +"@esbuild/linux-arm@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.23.0.tgz#237a8548e3da2c48cd79ae339a588f03d1889aad" + integrity sha512-SEELSTEtOFu5LPykzA395Mc+54RMg1EUgXP+iw2SJ72+ooMwVsgfuwXo5Fn0wXNgWZsTVHwY2cg4Vi/bOD88qw== + +"@esbuild/linux-ia32@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.23.0.tgz#4269cd19cb2de5de03a7ccfc8855dde3d284a238" + integrity sha512-P7O5Tkh2NbgIm2R6x1zGJJsnacDzTFcRWZyTTMgFdVit6E98LTxO+v8LCCLWRvPrjdzXHx9FEOA8oAZPyApWUA== + +"@esbuild/linux-loong64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.23.0.tgz#82b568f5658a52580827cc891cb69d2cb4f86280" + integrity sha512-InQwepswq6urikQiIC/kkx412fqUZudBO4SYKu0N+tGhXRWUqAx+Q+341tFV6QdBifpjYgUndV1hhMq3WeJi7A== + +"@esbuild/linux-mips64el@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.23.0.tgz#9a57386c926262ae9861c929a6023ed9d43f73e5" + integrity sha512-J9rflLtqdYrxHv2FqXE2i1ELgNjT+JFURt/uDMoPQLcjWQA5wDKgQA4t/dTqGa88ZVECKaD0TctwsUfHbVoi4w== + +"@esbuild/linux-ppc64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.23.0.tgz#f3a79fd636ba0c82285d227eb20ed8e31b4444f6" + integrity sha512-cShCXtEOVc5GxU0fM+dsFD10qZ5UpcQ8AM22bYj0u/yaAykWnqXJDpd77ublcX6vdDsWLuweeuSNZk4yUxZwtw== + +"@esbuild/linux-riscv64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.23.0.tgz#f9d2ef8356ce6ce140f76029680558126b74c780" + integrity sha512-HEtaN7Y5UB4tZPeQmgz/UhzoEyYftbMXrBCUjINGjh3uil+rB/QzzpMshz3cNUxqXN7Vr93zzVtpIDL99t9aRw== + +"@esbuild/linux-s390x@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.23.0.tgz#45390f12e802201f38a0229e216a6aed4351dfe8" + integrity sha512-WDi3+NVAuyjg/Wxi+o5KPqRbZY0QhI9TjrEEm+8dmpY9Xir8+HE/HNx2JoLckhKbFopW0RdO2D72w8trZOV+Wg== + +"@esbuild/linux-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.23.0.tgz#c8409761996e3f6db29abcf9b05bee8d7d80e910" + integrity sha512-a3pMQhUEJkITgAw6e0bWA+F+vFtCciMjW/LPtoj99MhVt+Mfb6bbL9hu2wmTZgNd994qTAEw+U/r6k3qHWWaOQ== + +"@esbuild/netbsd-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.23.0.tgz#ba70db0114380d5f6cfb9003f1d378ce989cd65c" + integrity sha512-cRK+YDem7lFTs2Q5nEv/HHc4LnrfBCbH5+JHu6wm2eP+d8OZNoSMYgPZJq78vqQ9g+9+nMuIsAO7skzphRXHyw== + +"@esbuild/openbsd-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/openbsd-arm64/-/openbsd-arm64-0.23.0.tgz#72fc55f0b189f7a882e3cf23f332370d69dfd5db" + integrity sha512-suXjq53gERueVWu0OKxzWqk7NxiUWSUlrxoZK7usiF50C6ipColGR5qie2496iKGYNLhDZkPxBI3erbnYkU0rQ== + +"@esbuild/openbsd-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.23.0.tgz#b6ae7a0911c18fe30da3db1d6d17a497a550e5d8" + integrity sha512-6p3nHpby0DM/v15IFKMjAaayFhqnXV52aEmv1whZHX56pdkK+MEaLoQWj+H42ssFarP1PcomVhbsR4pkz09qBg== + +"@esbuild/sunos-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.23.0.tgz#58f0d5e55b9b21a086bfafaa29f62a3eb3470ad8" + integrity sha512-BFelBGfrBwk6LVrmFzCq1u1dZbG4zy/Kp93w2+y83Q5UGYF1d8sCzeLI9NXjKyujjBBniQa8R8PzLFAUrSM9OA== + +"@esbuild/win32-arm64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.23.0.tgz#b858b2432edfad62e945d5c7c9e5ddd0f528ca6d" + integrity sha512-lY6AC8p4Cnb7xYHuIxQ6iYPe6MfO2CC43XXKo9nBXDb35krYt7KGhQnOkRGar5psxYkircpCqfbNDB4uJbS2jQ== + +"@esbuild/win32-ia32@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.23.0.tgz#167ef6ca22a476c6c0c014a58b4f43ae4b80dec7" + integrity sha512-7L1bHlOTcO4ByvI7OXVI5pNN6HSu6pUQq9yodga8izeuB1KcT2UkHaH6118QJwopExPn0rMHIseCTx1CRo/uNA== + +"@esbuild/win32-x64@0.23.0": + version "0.23.0" + resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.23.0.tgz#db44a6a08520b5f25bbe409f34a59f2d4bcc7ced" + integrity sha512-Arm+WgUFLUATuoxCJcahGuk6Yj9Pzxd6l11Zb/2aAuv5kWWvvfhLFo2fni4uSK5vzlUdCGZ/BdV5tH8klj8p8g== "@eslint-community/eslint-utils@^4.2.0", "@eslint-community/eslint-utils@^4.4.0": version "4.4.0" @@ -2089,12 +2081,12 @@ "@glideapps/ts-necessities@2.2.3": version "2.2.3" - resolved "https://registry.yarnpkg.com/@glideapps/ts-necessities/-/ts-necessities-2.2.3.tgz#62e25b3a1ace8b8c3f47e55e66d101a0a854eb23" + resolved "https://registry.npmjs.org/@glideapps/ts-necessities/-/ts-necessities-2.2.3.tgz#62e25b3a1ace8b8c3f47e55e66d101a0a854eb23" integrity sha512-gXi0awOZLHk3TbW55GZLCPP6O+y/b5X1pBXKBVckFONSwF1z1E5ND2BGJsghQFah+pW7pkkyFb2VhUQI2qhL5w== "@glideapps/ts-necessities@^2.2.3": version "2.3.0" - resolved "https://registry.yarnpkg.com/@glideapps/ts-necessities/-/ts-necessities-2.3.0.tgz#dce6c0c3042d932e14ddd0afc2f742145f167963" + resolved "https://registry.npmjs.org/@glideapps/ts-necessities/-/ts-necessities-2.3.0.tgz#dce6c0c3042d932e14ddd0afc2f742145f167963" integrity sha512-3p4G89v4vU4A86Rf1QgXQk6nGG5nEffk9bFKmwn9k5J2m9lI8PHPClNChcqnZQjstztoeo98DwbOLIsCyvgGww== "@graphql-tools/merge@8.3.1": @@ -2673,7 +2665,7 @@ "@jridgewell/trace-mapping@0.3.9": version "0.3.9" - resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" + resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9" integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ== dependencies: "@jridgewell/resolve-uri" "^3.0.3" @@ -2692,12 +2684,12 @@ resolved "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.4.tgz#b2ac626d6cb9c8718ab459166d4bb405b8ffa78b" integrity sha512-Hcv+nVC0kZnQ3tD9GVu5xSMR4VVYOteQIr/hwFPVEvPdlXqgGEuRjiheChHgdM+JyqdgNcmzZOX/tnl0JOiI7A== -"@lerna/create@8.1.5": - version "8.1.5" - resolved "https://registry.yarnpkg.com/@lerna/create/-/create-8.1.5.tgz#596cb9e4d36586c785d21abbf08a6a7eb9191865" - integrity sha512-Ku8yTGgeumayvMr8sml72EPb6WaoJhRjMTkMZrKSJtcLNDBlDpKwyUxDxNTBNBRUYWUuJCnj7eUH7pDNuc9odQ== +"@lerna/create@8.1.8": + version "8.1.8" + resolved "https://registry.yarnpkg.com/@lerna/create/-/create-8.1.8.tgz#be70d620f1d6b71e9d6b9d20049b784168b6ca19" + integrity sha512-wi72R01tgjBjzG2kjRyTHl4yCTKDfDMIXRyKz9E/FBa9SkFvUOAE4bdyY9MhEsRZmSWL7+CYE8Flv/HScRpBbA== dependencies: - "@npmcli/arborist" "7.5.3" + "@npmcli/arborist" "7.5.4" "@npmcli/package-json" "5.2.0" "@npmcli/run-script" "8.1.0" "@nx/devkit" ">=17.1.2 < 20" @@ -2754,6 +2746,8 @@ signal-exit "3.0.7" slash "^3.0.0" ssri "^10.0.6" + string-width "^4.2.3" + strip-ansi "^6.0.1" strong-log-transformer "2.1.0" tar "6.2.1" temp-dir "1.0.0" @@ -2767,9 +2761,9 @@ yargs "17.7.2" yargs-parser "21.1.1" -"@ljharb/through@^2.3.11": +"@ljharb/through@^2.3.12": version "2.3.13" - resolved "https://registry.npmjs.org/@ljharb/through/-/through-2.3.13.tgz#b7e4766e0b65aa82e529be945ab078de79874edc" + resolved "https://registry.yarnpkg.com/@ljharb/through/-/through-2.3.13.tgz#b7e4766e0b65aa82e529be945ab078de79874edc" integrity sha512-/gKJun8NNiWGZJkGzI/Ragc53cOdcLNdzjLaIa+GEjguQs0ulsurx8WN0jijdK9yPqDvziX995sMRLyLt1uZMQ== dependencies: call-bind "^1.0.7" @@ -2781,7 +2775,7 @@ "@mark.probst/typescript-json-schema@0.55.0": version "0.55.0" - resolved "https://registry.yarnpkg.com/@mark.probst/typescript-json-schema/-/typescript-json-schema-0.55.0.tgz#a82c0cb8b3c9ba1a14faf2ea3fa95f26c1a6a57d" + resolved "https://registry.npmjs.org/@mark.probst/typescript-json-schema/-/typescript-json-schema-0.55.0.tgz#a82c0cb8b3c9ba1a14faf2ea3fa95f26c1a6a57d" integrity sha512-jI48mSnRgFQxXiE/UTUCVCpX8lK3wCFKLF1Ss2aEreboKNuLQGt3e0/YFqWVHe/WENxOaqiJvwOz+L/SrN2+qQ== dependencies: "@types/json-schema" "^7.0.9" @@ -2803,6 +2797,11 @@ resolved "https://registry.npmjs.org/@mdi/js/-/js-7.4.47.tgz#7d8a4edc9631bffeed80d1ec784f9beae559a76a" integrity sha512-KPnNOtm5i2pMabqZxpUz7iQf+mfrYZyKCZ8QNz85czgEt7cuHcGorWfdzUMWYA0SD+a6Hn4FmJ+YhzzzjkTZrQ== +"@microsoft/microsoft-graph-types@^2.40.0": + version "2.40.0" + resolved "https://registry.yarnpkg.com/@microsoft/microsoft-graph-types/-/microsoft-graph-types-2.40.0.tgz#65f51600ab45ace97d7b1368c47f9e0f835fddca" + integrity sha512-1fcPVrB/NkbNcGNfCy+Cgnvwxt6/sbIEEFgZHFBJ670zYLegENYJF8qMo7x3LqBjWX2/Eneq5BVVRCLTmlJN+g== + "@mitre/jsonix@^3.0.7": version "3.0.7" resolved "https://registry.npmjs.org/@mitre/jsonix/-/jsonix-3.0.7.tgz#f1e33599c1cddb9b865618a04a6a99c343c14764" @@ -2813,53 +2812,50 @@ xmlhttprequest "^1.8.0" "@nestjs/cli@^10.1.14": - version "10.3.2" - resolved "https://registry.npmjs.org/@nestjs/cli/-/cli-10.3.2.tgz#42d2764ead6633e278c55d42de871b4cc1db002b" - integrity sha512-aWmD1GLluWrbuC4a1Iz/XBk5p74Uj6nIVZj6Ov03JbTfgtWqGFLtXuMetvzMiHxfrHehx/myt2iKAPRhKdZvTg== + version "10.4.5" + resolved "https://registry.yarnpkg.com/@nestjs/cli/-/cli-10.4.5.tgz#d6563b87e8ca1d0f256c19a7847dbcc96c76a88e" + integrity sha512-FP7Rh13u8aJbHe+zZ7hM0CC4785g9Pw4lz4r2TTgRtf0zTxSWMkJaPEwyjX8SK9oWK2GsYxl+fKpwVZNbmnj9A== dependencies: - "@angular-devkit/core" "17.1.2" - "@angular-devkit/schematics" "17.1.2" - "@angular-devkit/schematics-cli" "17.1.2" + "@angular-devkit/core" "17.3.8" + "@angular-devkit/schematics" "17.3.8" + "@angular-devkit/schematics-cli" "17.3.8" "@nestjs/schematics" "^10.0.1" chalk "4.1.2" chokidar "3.6.0" - cli-table3 "0.6.3" + cli-table3 "0.6.5" commander "4.1.1" fork-ts-checker-webpack-plugin "9.0.2" - glob "10.3.10" + glob "10.4.2" inquirer "8.2.6" node-emoji "1.11.0" ora "5.4.1" - rimraf "4.4.1" - shelljs "0.8.5" - source-map-support "0.5.21" tree-kill "1.2.2" tsconfig-paths "4.2.0" tsconfig-paths-webpack-plugin "4.1.0" typescript "5.3.3" - webpack "5.90.1" + webpack "5.94.0" webpack-node-externals "3.0.0" "@nestjs/common@^10.2.1": - version "10.3.9" - resolved "https://registry.yarnpkg.com/@nestjs/common/-/common-10.3.9.tgz#4e85d8fa6ae201a1c5f49d4d09b205bc3672ed1f" - integrity sha512-JAQONPagMa+sy/fcIqh/Hn3rkYQ9pQM51vXCFNOM5ujefxUVqn3gwFRMN8Y1+MxdUHipV+8daEj2jEm0IqJzOA== + version "10.4.1" + resolved "https://registry.yarnpkg.com/@nestjs/common/-/common-10.4.1.tgz#6f8aab84eebe7a4574134dcd9bf7f0129df393f6" + integrity sha512-4CkrDx0s4XuWqFjX8WvOFV7Y6RGJd0P2OBblkhZS7nwoctoSuW5pyEa8SWak6YHNGrHRpFb6ymm5Ai4LncwRVA== dependencies: uid "2.0.2" iterare "1.2.1" - tslib "2.6.2" + tslib "2.6.3" "@nestjs/core@^10.2.1": - version "10.3.9" - resolved "https://registry.yarnpkg.com/@nestjs/core/-/core-10.3.9.tgz#fe3645eb4974423de5503a19d08f85a67693e72f" - integrity sha512-NzZUfWAmaf8sqhhwoRA+CuqxQe+P4Rz8PZp5U7CdCbjyeB9ZVGcBkihcJC9wMdtiOWHRndB2J8zRfs5w06jK3w== + version "10.4.1" + resolved "https://registry.yarnpkg.com/@nestjs/core/-/core-10.4.1.tgz#55dd1be59dae380cde8a19288926fcf8423dd4cf" + integrity sha512-9I1WdfOBCCHdUm+ClBJupOuZQS6UxzIWHIq6Vp1brAA5ZKl/Wq6BVwSsbnUJGBy3J3PM2XHmR0EQ4fwX3nR7lA== dependencies: uid "2.0.2" "@nuxtjs/opencollective" "0.3.2" fast-safe-stringify "2.1.1" iterare "1.2.1" path-to-regexp "3.2.0" - tslib "2.6.2" + tslib "2.6.3" "@nestjs/jwt@^10.1.0": version "10.2.0" @@ -2875,25 +2871,25 @@ integrity sha512-znJ9Y4S8ZDVY+j4doWAJ8EuuVO7SkQN3yOBmzxbGaXbvcSwFDAdGJ+OMCg52NdzIO4tQoN4pYKx8W6M0ArfFRQ== "@nestjs/platform-express@^10.2.1": - version "10.3.9" - resolved "https://registry.yarnpkg.com/@nestjs/platform-express/-/platform-express-10.3.9.tgz#769c6027f8b3d1e144218403762710f96a174821" - integrity sha512-si/UzobP6YUtYtCT1cSyQYHHzU3yseqYT6l7OHSMVvfG1+TqxaAqI6nmrix02LO+l1YntHRXEs3p+v9a7EfrSQ== + version "10.4.1" + resolved "https://registry.yarnpkg.com/@nestjs/platform-express/-/platform-express-10.4.1.tgz#65d3b5a08c79b938a50464887408f78ce5d5932c" + integrity sha512-ccfqIDAq/bg1ShLI5KGtaLaYGykuAdvCi57ohewH7eKJSIpWY1DQjbgKlFfXokALYUq1YOMGqjeZ244OWHfDQg== dependencies: body-parser "1.20.2" cors "2.8.5" express "4.19.2" multer "1.4.4-lts.1" - tslib "2.6.2" + tslib "2.6.3" "@nestjs/schematics@^10.0.1", "@nestjs/schematics@^10.0.2": - version "10.1.1" - resolved "https://registry.npmjs.org/@nestjs/schematics/-/schematics-10.1.1.tgz#a67fb178a7ad6025ccc3314910b077ac454fcdf3" - integrity sha512-o4lfCnEeIkfJhGBbLZxTuVWcGuqDCFwg5OrvpgRUBM7vI/vONvKKiB5riVNpO+JqXoH0I42NNeDb0m4V5RREig== + version "10.1.4" + resolved "https://registry.yarnpkg.com/@nestjs/schematics/-/schematics-10.1.4.tgz#e445b856eefce9bd338c5fc1cf2c95f0985849cf" + integrity sha512-QpY8ez9cTvXXPr3/KBrtSgXQHMSV6BkOUYy2c2TTe6cBqriEdGnCYqGl8cnfrQl3632q3lveQPaZ/c127dHsEw== dependencies: - "@angular-devkit/core" "17.1.2" - "@angular-devkit/schematics" "17.1.2" + "@angular-devkit/core" "17.3.8" + "@angular-devkit/schematics" "17.3.8" comment-json "4.2.3" - jsonc-parser "3.2.1" + jsonc-parser "3.3.1" pluralize "8.0.0" "@nestjs/sequelize@^10.0.0": @@ -2911,11 +2907,11 @@ path-to-regexp "0.2.5" "@nestjs/testing@^10.2.1": - version "10.3.9" - resolved "https://registry.yarnpkg.com/@nestjs/testing/-/testing-10.3.9.tgz#27fb0e23b129147f8de100ac40645ebf6a865c3a" - integrity sha512-z24SdpZIRtYyM5s2vnu7rbBosXJY/KcAP7oJlwgFa/h/z/wg8gzyoKy5lhibH//OZNO+pYKajV5wczxuy5WeAg== + version "10.4.1" + resolved "https://registry.yarnpkg.com/@nestjs/testing/-/testing-10.4.1.tgz#146c0161ab98524ea9fafe4ca5316229d1e44387" + integrity sha512-pR+su5+YGqCLH0RhhVkPowQK7FCORU0/PWAywPK7LScAOtD67ZoviZ7hAU4vnGdwkg4HCB0D7W8Bkg19CGU8Xw== dependencies: - tslib "2.6.2" + tslib "2.6.3" "@node-ipc/js-queue@2.0.3": version "2.0.3" @@ -2956,10 +2952,10 @@ lru-cache "^10.0.1" socks-proxy-agent "^8.0.1" -"@npmcli/arborist@7.5.3": - version "7.5.3" - resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-7.5.3.tgz#88c51b124a1ec48d358897778af6ab5b0e05694d" - integrity sha512-7gbMdDNSYUzi0j2mpb6FoXRg3BxXWplMQZH1MZlvNjSdWFObaUz2Ssvo0Nlh2xmWks1OPo+gpsE6qxpT/5M7lQ== +"@npmcli/arborist@7.5.4": + version "7.5.4" + resolved "https://registry.yarnpkg.com/@npmcli/arborist/-/arborist-7.5.4.tgz#3dd9e531d6464ef6715e964c188e0880c471ac9b" + integrity sha512-nWtIc6QwwoUORCRNzKx4ypHqCk3drI+5aeYdMTQQiRCcn4lOOgfQh7WyZobGYTxXPSq1VwV53lkpN/BRlRk08g== dependencies: "@isaacs/string-locale-compare" "^1.1.0" "@npmcli/fs" "^3.1.1" @@ -3399,10 +3395,25 @@ resolved "https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.0.tgz#a777360b5b39a1a2e5106f8e858f2fd2d060c570" integrity sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw== -"@shikijs/core@1.10.0": - version "1.10.0" - resolved "https://registry.yarnpkg.com/@shikijs/core/-/core-1.10.0.tgz#ec3356ace7cb8b41f6baee0116f036fca85054cc" - integrity sha512-BZcr6FCmPfP6TXaekvujZcnkFmJHZ/Yglu97r/9VjzVndQA56/F4WjUKtJRQUnK59Wi7p/UTAOekMfCJv7jnYg== +"@rtsao/scc@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@rtsao/scc/-/scc-1.1.0.tgz#927dd2fae9bc3361403ac2c7a00c32ddce9ad7e8" + integrity sha512-zt6OdqaDoOnJ1ZYsCYGt9YmWzDXl4vQdKTyJev62gFhRGKdx7mcT54V9KIjg+d2wi9EXsPvAPKe7i7WjfVWB8g== + +"@shikijs/core@1.16.3": + version "1.16.3" + resolved "https://registry.yarnpkg.com/@shikijs/core/-/core-1.16.3.tgz#082b53928bf201a8d7cfbe0b5540dc1c609d0a5e" + integrity sha512-yETIvrETCeC39gSPIiSADmjri9FwKmxz0QvONMtTIUYlKZe90CJkvcjPksayC2VQOtzOJonEiULUa8v8crUQvA== + dependencies: + "@shikijs/vscode-textmate" "^9.2.0" + "@types/hast" "^3.0.4" + oniguruma-to-js "0.3.3" + regex "4.3.2" + +"@shikijs/vscode-textmate@^9.2.0": + version "9.2.2" + resolved "https://registry.yarnpkg.com/@shikijs/vscode-textmate/-/vscode-textmate-9.2.2.tgz#24571f50625c7cd075f9efe0def8b9d2c0930ada" + integrity sha512-TMp15K+GGYrWlZM8+Lnj9EaHEFmOen0WJBrfa17hF7taDOYthuPPV0GWzfd/9iMij0akS/8Yw2ikquH7uVi/fg== "@sideway/address@^4.1.5": version "4.1.5" @@ -3501,6 +3512,13 @@ dependencies: type-detect "4.0.8" +"@sinonjs/fake-timers@11.2.2", "@sinonjs/fake-timers@^11.2.2": + version "11.2.2" + resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz#50063cc3574f4a27bd8453180a04171c85cc9699" + integrity sha512-G2piCSxQ7oWOxwGSAyFHfPIsyeJGXYtc6mFbnFA+kRXkiEnTl8c/8jul2S329iFBnDI9HGoeWWAZvuvOkZccgw== + dependencies: + "@sinonjs/commons" "^3.0.0" + "@sinonjs/fake-timers@^10.0.2": version "10.3.0" resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz#55fdff1ecab9f354019129daf4df0dd4d923ea66" @@ -3508,13 +3526,6 @@ dependencies: "@sinonjs/commons" "^3.0.0" -"@sinonjs/fake-timers@^11.2.2": - version "11.2.2" - resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz#50063cc3574f4a27bd8453180a04171c85cc9699" - integrity sha512-G2piCSxQ7oWOxwGSAyFHfPIsyeJGXYtc6mFbnFA+kRXkiEnTl8c/8jul2S329iFBnDI9HGoeWWAZvuvOkZccgw== - dependencies: - "@sinonjs/commons" "^3.0.0" - "@sinonjs/fake-timers@^8.0.1": version "8.1.0" resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-8.1.0.tgz#3fdc2b6cb58935b21bfb8d1625eb1300484316e7" @@ -3536,12 +3547,12 @@ resolved "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz#5981a8db18b56ba38ef0efb7d995b12aa7b51918" integrity sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ== -"@smithy/abort-controller@^3.1.0", "@smithy/abort-controller@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/abort-controller/-/abort-controller-3.1.1.tgz#291210611ff6afecfc198d0ca72d5771d8461d16" - integrity sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ== +"@smithy/abort-controller@^3.1.2": + version "3.1.2" + resolved "https://registry.yarnpkg.com/@smithy/abort-controller/-/abort-controller-3.1.2.tgz#95ac6b07480d0d2afbcface3f0f1ddc3ae6373d7" + integrity sha512-b5g+PNujlfqIib9BjkNB108NyO5aZM/RXjfOCXRCqXQ1oPnIkfvdORrztbGgCZdPe/BN/MKDlrGA7PafKPM2jw== dependencies: - "@smithy/types" "^3.3.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@smithy/chunked-blob-reader-native@^3.0.0": @@ -3559,133 +3570,135 @@ dependencies: tslib "^2.6.2" -"@smithy/config-resolver@^3.0.2": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/config-resolver/-/config-resolver-3.0.2.tgz#ad19331d48d9a6e67bdd43a0099e1d8af1b82a82" - integrity sha512-wUyG6ezpp2sWAvfqmSYTROwFUmJqKV78GLf55WODrosBcT0BAMd9bOLO4HRhynWBgAobPml2cF9ZOdgCe00r+g== +"@smithy/config-resolver@^3.0.6": + version "3.0.6" + resolved "https://registry.yarnpkg.com/@smithy/config-resolver/-/config-resolver-3.0.6.tgz#5906cb8fcbadb784930c55a578589aaa6650a52f" + integrity sha512-j7HuVNoRd8EhcFp0MzcUb4fG40C7BcyshH+fAd3Jhd8bINNFvEQYBrZoS/SK6Pun9WPlfoI8uuU2SMz8DsEGlA== dependencies: - "@smithy/node-config-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/types" "^3.4.0" "@smithy/util-config-provider" "^3.0.0" - "@smithy/util-middleware" "^3.0.1" + "@smithy/util-middleware" "^3.0.4" tslib "^2.6.2" -"@smithy/core@^2.2.1": - version "2.2.1" - resolved "https://registry.yarnpkg.com/@smithy/core/-/core-2.2.1.tgz#92ed71eb96ef16d5ac8b23dbdf913bcb225ab875" - integrity sha512-R8Pzrr2v2oGUoj4CTZtKPr87lVtBsz7IUBGhSwS1kc6Cj0yPwNdYbkzhFsxhoDE9+BPl09VN/6rFsW9GJzWnBA== - dependencies: - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-retry" "^3.0.4" - "@smithy/middleware-serde" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/util-middleware" "^3.0.1" +"@smithy/core@^2.4.1": + version "2.4.1" + resolved "https://registry.yarnpkg.com/@smithy/core/-/core-2.4.1.tgz#6694d79ba6e4a185a0baa731ba6584420291521e" + integrity sha512-7cts7/Oni7aCHebHGiBeWoz5z+vmH+Vx2Z/UW3XtXMslcxI3PEwBZxNinepwZjixS3n12fPc247PHWmjU7ndsQ== + dependencies: + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-retry" "^3.0.16" + "@smithy/middleware-serde" "^3.0.4" + "@smithy/protocol-http" "^4.1.1" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/util-body-length-browser" "^3.0.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@smithy/credential-provider-imds@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.1.tgz#8b2b3c9e7e67fd9e3e436a5e1db6652ab339af7b" - integrity sha512-htndP0LwHdE3R3Nam9ZyVWhwPYOmD4xCL79kqvNxy8u/bv0huuy574CSiRY4cvEICgimv8jlVfLeZ7zZqbnB2g== +"@smithy/credential-provider-imds@^3.2.1": + version "3.2.1" + resolved "https://registry.yarnpkg.com/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.1.tgz#f5871549d01db304c3d5c52dd6591652ebfdfa9e" + integrity sha512-4z/oTWpRF2TqQI3aCM89/PWu3kim58XU4kOCTtuTJnoaS4KT95cPWMxbQfTN2vzcOe96SOKO8QouQW/+ESB1fQ== dependencies: - "@smithy/node-config-provider" "^3.1.1" - "@smithy/property-provider" "^3.1.1" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/property-provider" "^3.1.4" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" tslib "^2.6.2" -"@smithy/eventstream-codec@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/eventstream-codec/-/eventstream-codec-3.1.1.tgz#b47f30bf4ad791ac7981b9fff58e599d18269cf9" - integrity sha512-s29NxV/ng1KXn6wPQ4qzJuQDjEtxLdS0+g5PQFirIeIZrp66FXVJ5IpZRowbt/42zB5dY8TqJ0G0L9KkgtsEZg== +"@smithy/eventstream-codec@^3.1.3": + version "3.1.3" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-codec/-/eventstream-codec-3.1.3.tgz#a1ac71108c349b6f156ff91dbbf38b4b20d95aee" + integrity sha512-mKBrmhg6Zd3j07G9dkKTGmrU7pdJGTNz8LbZtIOR3QoodS5yDNqEqoXU4Eg38snZcnCAh7NPBsw5ndxtJPLiCg== dependencies: "@aws-crypto/crc32" "5.2.0" - "@smithy/types" "^3.2.0" + "@smithy/types" "^3.4.0" "@smithy/util-hex-encoding" "^3.0.0" tslib "^2.6.2" -"@smithy/eventstream-serde-browser@^3.0.2": - version "3.0.3" - resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.3.tgz#223267a9e46336aff2bebbc386eb6e62146d1fef" - integrity sha512-ZXKmNAHl6SWKYuVmtoEc/hBQ7Nym/rbAx2SrqoJHn0i9QopIP7fG1AWmoFIeS5R3/VL6AwUIZMR0g8qnjjVRRA== +"@smithy/eventstream-serde-browser@^3.0.7": + version "3.0.7" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.7.tgz#0448ada47cf7e99abdfefe980090ea2b8abbff8d" + integrity sha512-UC4RQqyM8B0g5cX/xmWtsNgSBmZ13HrzCqoe5Ulcz6R462/egbIdfTXnayik7jkjvwOrCPL1N11Q9S+n68jPLA== dependencies: - "@smithy/eventstream-serde-universal" "^3.0.3" - "@smithy/types" "^3.2.0" + "@smithy/eventstream-serde-universal" "^3.0.6" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/eventstream-serde-config-resolver@^3.0.1": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.2.tgz#6238eadae0c060133c61783fd92d8b1ee1e6f99f" - integrity sha512-QbE3asvvBUZr7PwbOaxkSfKDjTAmWZkqh2G7pkYlD4jRkT1Y9nufeyu0OBPlLoF4+gl3YMpSVO7TESe8bVkD+g== +"@smithy/eventstream-serde-config-resolver@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.4.tgz#1ef67a2f78da7b30ec728a8863933fa2d088330b" + integrity sha512-saIs5rtAMpifqL7u7nc5YeE/6gkenzXpSz5NwEyhIesRWtHK+zEuYn9KY8SArZEbPSHyGxvvgKk1z86VzfUGHw== dependencies: - "@smithy/types" "^3.2.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/eventstream-serde-node@^3.0.2": - version "3.0.3" - resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.3.tgz#51df0ca39f453d78a3d6607c1ac2e96cf900c824" - integrity sha512-v61Ftn7x/ubWFqH7GHFAL/RaU7QZImTbuV95DYugYYItzpO7KaHYEuO8EskCaBpZEfzOxhUGKm4teS9YUSt69Q== +"@smithy/eventstream-serde-node@^3.0.6": + version "3.0.6" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.6.tgz#d04c31f8fe4aab29f2edbff8ea6519fe50405e43" + integrity sha512-gRKGBdZah3EjZZgWcsTpShq4cZ4Q4JTTe1OPob+jrftmbYj6CvpeydZbH0roO5SvBG8SI3aBZIet9TGN3zUxUw== dependencies: - "@smithy/eventstream-serde-universal" "^3.0.3" - "@smithy/types" "^3.2.0" + "@smithy/eventstream-serde-universal" "^3.0.6" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/eventstream-serde-universal@^3.0.3": - version "3.0.3" - resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.3.tgz#2ecac479ba84e10221b4b70545f3d7a223b5345e" - integrity sha512-YXYt3Cjhu9tRrahbTec2uOjwOSeCNfQurcWPGNEUspBhqHoA3KrDrVj+jGbCLWvwkwhzqDnnaeHAxm+IxAjOAQ== +"@smithy/eventstream-serde-universal@^3.0.6": + version "3.0.6" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.6.tgz#d233d08bf4b27d9bf4b1e727d866694470966797" + integrity sha512-1jvXd4sFG+zKaL6WqrJXpL6E+oAMafuM5GPd4qF0+ccenZTX3DZugoCCjlooQyTh+TZho2FpdVYUf5J/bB/j6Q== dependencies: - "@smithy/eventstream-codec" "^3.1.1" - "@smithy/types" "^3.2.0" + "@smithy/eventstream-codec" "^3.1.3" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/fetch-http-handler@^3.0.2": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/fetch-http-handler/-/fetch-http-handler-3.0.2.tgz#eff4056e819b3591d1c5d472ee58c2981886920a" - integrity sha512-0nW6tLK0b7EqSsfKvnOmZCgJqnodBAnvqcrlC5dotKfklLedPTRGsQamSVbVDWyuU/QGg+YbZDJUQ0CUufJXZQ== +"@smithy/fetch-http-handler@^3.2.5": + version "3.2.5" + resolved "https://registry.yarnpkg.com/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.5.tgz#c9a6c6c35895ffdfd98b992ecebb1344418d1932" + integrity sha512-DjRtGmK8pKQMIo9+JlAKUt14Z448bg8nAN04yKIvlrrpmpRSG57s5d2Y83npks1r4gPtTRNbAFdQCoj9l3P2KQ== dependencies: - "@smithy/protocol-http" "^4.0.1" - "@smithy/querystring-builder" "^3.0.1" - "@smithy/types" "^3.1.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/querystring-builder" "^3.0.4" + "@smithy/types" "^3.4.0" "@smithy/util-base64" "^3.0.0" tslib "^2.6.2" -"@smithy/hash-blob-browser@^3.1.0": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.1.tgz#758b4de6cf75b515cf36c18c4d101a833976c83f" - integrity sha512-8RwdPG7arvL5pfMAFsH6jfBVcC7MDR1LYHjKevZPHREkVtORIQkRfm2K8px7giJt7x0zzQJnWamrsDM4ig8nTQ== +"@smithy/hash-blob-browser@^3.1.3": + version "3.1.3" + resolved "https://registry.yarnpkg.com/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.3.tgz#6649bf55590fc0489e0d91d310017b8359c0d7ae" + integrity sha512-im9wAU9mANWW0OP0YGqwX3lw0nXG0ngyIcKQ8V/MUz1r7A6uO2lpPqKmAsH4VPGNLP2JPUhj4aW/m5UKkxX/IA== dependencies: "@smithy/chunked-blob-reader" "^3.0.0" "@smithy/chunked-blob-reader-native" "^3.0.0" - "@smithy/types" "^3.2.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/hash-node@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/hash-node/-/hash-node-3.0.1.tgz#52924bcbd6a02c7f7e2d9c332f59d5adc09688a3" - integrity sha512-w2ncjgk2EYO2+WhAsSQA8owzoOSY7IL1qVytlwpnL1pFGWTjIoIh5nROkEKXY51unB63bMGZqDiVoXaFbyKDlg== +"@smithy/hash-node@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/hash-node/-/hash-node-3.0.4.tgz#4d1770a73698292997b9ff27435ed4d51a39e758" + integrity sha512-6FgTVqEfCr9z/7+Em8BwSkJKA2y3krf1em134x3yr2NHWVCo2KYI8tcA53cjeO47y41jwF84ntsEE0Pe6pNKlg== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" "@smithy/util-buffer-from" "^3.0.0" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@smithy/hash-stream-node@^3.1.0": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/hash-stream-node/-/hash-stream-node-3.1.1.tgz#ca288961879730a0203b60b4383e2455d015f2ac" - integrity sha512-+uvJHPrFNE9crkh3INVS9FmDcx1DoywDgIzlRWlPy7gqoD8jG14os9ATIFY7wN/ARPz1EWlkCHUap70oXxMmjA== +"@smithy/hash-stream-node@^3.1.3": + version "3.1.3" + resolved "https://registry.yarnpkg.com/@smithy/hash-stream-node/-/hash-stream-node-3.1.3.tgz#dfd3efb60a2bb9fe6c3131dd73cb8d0c5ecc1b4b" + integrity sha512-Tz/eTlo1ffqYn+19VaMjDDbmEWqYe4DW1PAWaS8HvgRdO6/k9hxNPt8Wv5laXoilxE20YzKugiHvxHyO6J7kGA== dependencies: - "@smithy/types" "^3.2.0" + "@smithy/types" "^3.4.0" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@smithy/invalid-dependency@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/invalid-dependency/-/invalid-dependency-3.0.1.tgz#921787acfbe136af7ded46ae6f4b3d81c9b7e05e" - integrity sha512-RSNF/32BKygXKKMyS7koyuAq1rcdW5p5c4EFa77QenBFze9As+JiRnV9OWBh2cB/ejGZalEZjvIrMLHwJl7aGA== +"@smithy/invalid-dependency@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/invalid-dependency/-/invalid-dependency-3.0.4.tgz#aabb949b6aa15e38d8054b2397c143ef32efe14a" + integrity sha512-MJBUrojC4SEXi9aJcnNOE3oNAuYNphgCGFXscaCj2TA/59BTcXhzHACP8jnnEU3n4yir/NSLKzxqez0T4x4tjA== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@smithy/is-array-buffer@^2.2.0": @@ -3702,176 +3715,177 @@ dependencies: tslib "^2.6.2" -"@smithy/md5-js@^3.0.1": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/md5-js/-/md5-js-3.0.2.tgz#dec2124a81beb83700b68390d1378010346b8541" - integrity sha512-WlSK9br7fkVucTkCXporwuOttCR3cJ1GV70J8ENYXGNc0nUTPzMdWCyHztgnbbKoekVMjGZOEu+8I52nOdzqwQ== +"@smithy/md5-js@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/md5-js/-/md5-js-3.0.4.tgz#6a8d40cf9e51c65fc6074aed977acd23ff4f6589" + integrity sha512-qSlqr/+hybufIJgxQW2gYzGE6ywfOxkjjJVojbbmv4MtxfdDFfzRew+NOIOXcYgazW0f8OYBTIKsmNsjxpvnng== dependencies: - "@smithy/types" "^3.2.0" + "@smithy/types" "^3.4.0" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@smithy/middleware-content-length@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/middleware-content-length/-/middleware-content-length-3.0.1.tgz#90bce78dfd0db978df7920ae58e420ce9ed2f79a" - integrity sha512-6QdK/VbrCfXD5/QolE2W/ok6VqxD+SM28Ds8iSlEHXZwv4buLsvWyvoEEy0322K/g5uFgPzBmZjGqesTmPL+yQ== +"@smithy/middleware-content-length@^3.0.6": + version "3.0.6" + resolved "https://registry.yarnpkg.com/@smithy/middleware-content-length/-/middleware-content-length-3.0.6.tgz#4837dafcfc085f1b9523d0784d05b87b569ad4ce" + integrity sha512-AFyHCfe8rumkJkz+hCOVJmBagNBj05KypyDwDElA4TgMSA4eYDZRjVePFZuyABrJZFDc7uVj3dpFIDCEhf59SA== dependencies: - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/middleware-endpoint@^3.0.2": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.2.tgz#93bb575a25bb0bd5d1d18cd77157ccb2ba15112a" - integrity sha512-gWEaGYB3Bei17Oiy/F2IlUPpBazNXImytoOdJ1xbrUOaJKAOiUhx8/4FOnYLLJHdAwa9PlvJ2ULda2f/Dnwi9w== - dependencies: - "@smithy/middleware-serde" "^3.0.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" - "@smithy/url-parser" "^3.0.1" - "@smithy/util-middleware" "^3.0.1" +"@smithy/middleware-endpoint@^3.1.1": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@smithy/middleware-endpoint/-/middleware-endpoint-3.1.1.tgz#d718719e45e8f7087cf0d9bbfff5fc6364c5fde0" + integrity sha512-Irv+soW8NKluAtFSEsF8O3iGyLxa5oOevJb/e1yNacV9H7JP/yHyJuKST5YY2ORS1+W34VR8EuUrOF+K29Pl4g== + dependencies: + "@smithy/middleware-serde" "^3.0.4" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" + "@smithy/url-parser" "^3.0.4" + "@smithy/util-middleware" "^3.0.4" tslib "^2.6.2" -"@smithy/middleware-retry@^3.0.4": - version "3.0.4" - resolved "https://registry.yarnpkg.com/@smithy/middleware-retry/-/middleware-retry-3.0.4.tgz#4f1a23c218fe279659c3d88ec1c18bf19938eba6" - integrity sha512-Tu+FggbLNF5G9L6Wi8o32Mg4bhlBInWlhhaFKyytGRnkfxGopxFVXJQn7sjZdFYJyTz6RZZa06tnlvavUgtoVg== - dependencies: - "@smithy/node-config-provider" "^3.1.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/service-error-classification" "^3.0.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" - "@smithy/util-middleware" "^3.0.1" - "@smithy/util-retry" "^3.0.1" +"@smithy/middleware-retry@^3.0.16": + version "3.0.16" + resolved "https://registry.yarnpkg.com/@smithy/middleware-retry/-/middleware-retry-3.0.16.tgz#aca6099a2e73c9be0c7a49eccbca5d1d73eaadf3" + integrity sha512-08kI36p1yB4CWO3Qi+UQxjzobt8iQJpnruF0K5BkbZmA/N/sJ51A1JJGJ36GgcbFyPfWw2FU48S5ZoqXt0h0jw== + dependencies: + "@smithy/node-config-provider" "^3.1.5" + "@smithy/protocol-http" "^4.1.1" + "@smithy/service-error-classification" "^3.0.4" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" + "@smithy/util-middleware" "^3.0.4" + "@smithy/util-retry" "^3.0.4" tslib "^2.6.2" uuid "^9.0.1" -"@smithy/middleware-serde@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/middleware-serde/-/middleware-serde-3.0.1.tgz#566ec46ee84873108c1cea26b3f3bd2899a73249" - integrity sha512-ak6H/ZRN05r5+SR0/IUc5zOSyh2qp3HReg1KkrnaSLXmncy9lwOjNqybX4L4x55/e5mtVDn1uf/gQ6bw5neJPw== +"@smithy/middleware-serde@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/middleware-serde/-/middleware-serde-3.0.4.tgz#86f0d3c2bf17334b165be96f504a37357a70f576" + integrity sha512-1lPDB2O6IJ50Ucxgn7XrvZXbbuI48HmPCcMTuSoXT1lDzuTUfIuBjgAjpD8YLVMfnrjdepi/q45556LA51Pubw== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/middleware-stack@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/middleware-stack/-/middleware-stack-3.0.1.tgz#9418f1295efda318c181bf3bca65173a75d133e5" - integrity sha512-fS5uT//y1SlBdkzIvgmWQ9FufwMXrHSSbuR25ygMy1CRDIZkcBMoF4oTMYNfR9kBlVBcVzlv7joFdNrFuQirPA== +"@smithy/middleware-stack@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/middleware-stack/-/middleware-stack-3.0.4.tgz#85b98320fff51457e9720b2c17e8f3f97c39a88c" + integrity sha512-sLMRjtMCqtVcrOqaOZ10SUnlFE25BSlmLsi4bRSGFD7dgR54eqBjfqkVkPBQyrKBortfGM0+2DJoUPcGECR+nQ== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/node-config-provider@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/node-config-provider/-/node-config-provider-3.1.1.tgz#a361ab228d2229b03cc2fbdfd304055c38127614" - integrity sha512-z5G7+ysL4yUtMghUd2zrLkecu0mTfnYlt5dR76g/HsFqf7evFazwiZP1ag2EJenGxNBDwDM5g8nm11NPogiUVA== +"@smithy/node-config-provider@^3.1.5": + version "3.1.5" + resolved "https://registry.yarnpkg.com/@smithy/node-config-provider/-/node-config-provider-3.1.5.tgz#983fa77aa6782acb7d4f0facf5ff27f5bd2fac5c" + integrity sha512-dq/oR3/LxgCgizVk7in7FGTm0w9a3qM4mg3IIXLTCHeW3fV+ipssSvBZ2bvEx1+asfQJTyCnVLeYf7JKfd9v3Q== dependencies: - "@smithy/property-provider" "^3.1.1" - "@smithy/shared-ini-file-loader" "^3.1.1" - "@smithy/types" "^3.1.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/shared-ini-file-loader" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/node-http-handler@^3.0.0", "@smithy/node-http-handler@^3.0.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/node-http-handler/-/node-http-handler-3.1.1.tgz#9213d9b5139c9f9c5a1928e1574de767a979bf94" - integrity sha512-L71NLyPeP450r2J/mfu1jMc//Z1YnqJt2eSNw7uhiItaONnBLDA68J5jgxq8+MBDsYnFwNAIc7dBG1ImiWBiwg== +"@smithy/node-http-handler@^3.0.0", "@smithy/node-http-handler@^3.2.0": + version "3.2.0" + resolved "https://registry.yarnpkg.com/@smithy/node-http-handler/-/node-http-handler-3.2.0.tgz#0473f3cfb88779dacdcbafa877dbf74aac4f1c82" + integrity sha512-5TFqaABbiY7uJMKbqR4OARjwI/l4TRoysDJ75pLpVQyO3EcmeloKYwDGyCtgB9WJniFx3BMkmGCB9+j+QiB+Ww== dependencies: - "@smithy/abort-controller" "^3.1.1" - "@smithy/protocol-http" "^4.0.3" - "@smithy/querystring-builder" "^3.0.3" - "@smithy/types" "^3.3.0" + "@smithy/abort-controller" "^3.1.2" + "@smithy/protocol-http" "^4.1.1" + "@smithy/querystring-builder" "^3.0.4" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/property-provider@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/property-provider/-/property-provider-3.1.1.tgz#4849b69b83ac97e68e80d2dc0c2b98ce5950dffe" - integrity sha512-YknOMZcQkB5on+MU0DvbToCmT2YPtTETMXW0D3+/Iln7ezT+Zm1GMHhCW1dOH/X/+LkkQD9aXEoCX/B10s4Xdw== +"@smithy/property-provider@^3.1.4": + version "3.1.4" + resolved "https://registry.yarnpkg.com/@smithy/property-provider/-/property-provider-3.1.4.tgz#2d4f0db3a517d283c2b879f3a01673324955013b" + integrity sha512-BmhefQbfkSl9DeU0/e6k9N4sT5bya5etv2epvqLUz3eGyfRBhtQq60nDkc1WPp4c+KWrzK721cUc/3y0f2psPQ== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/protocol-http@^4.0.1", "@smithy/protocol-http@^4.0.3": - version "4.0.3" - resolved "https://registry.yarnpkg.com/@smithy/protocol-http/-/protocol-http-4.0.3.tgz#acf16058504e3cce2dbe8abf94f7b544cd09d3f4" - integrity sha512-x5jmrCWwQlx+Zv4jAtc33ijJ+vqqYN+c/ZkrnpvEe/uDas7AT7A/4Rc2CdfxgWv4WFGmEqODIrrUToPN6DDkGw== +"@smithy/protocol-http@^4.1.1": + version "4.1.1" + resolved "https://registry.yarnpkg.com/@smithy/protocol-http/-/protocol-http-4.1.1.tgz#ffd9c3f8ada9b25add3277b7de84c22dc320f1a6" + integrity sha512-Fm5+8LkeIus83Y8jTL1XHsBGP8sPvE1rEVyKf/87kbOPTbzEDMcgOlzcmYXat2h+nC3wwPtRy8hFqtJS71+Wow== dependencies: - "@smithy/types" "^3.3.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/querystring-builder@^3.0.1", "@smithy/querystring-builder@^3.0.3": - version "3.0.3" - resolved "https://registry.yarnpkg.com/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz#6b0e566f885bb84938d077c69e8f8555f686af13" - integrity sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw== +"@smithy/querystring-builder@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/querystring-builder/-/querystring-builder-3.0.4.tgz#1124dfe533e60fd131acffbf78656b8db0a38bbf" + integrity sha512-NEoPAsZPdpfVbF98qm8i5k1XMaRKeEnO47CaL5ja6Y1Z2DgJdwIJuJkTJypKm/IKfp8gc0uimIFLwhml8+/pAw== dependencies: - "@smithy/types" "^3.3.0" + "@smithy/types" "^3.4.0" "@smithy/util-uri-escape" "^3.0.0" tslib "^2.6.2" -"@smithy/querystring-parser@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/querystring-parser/-/querystring-parser-3.0.1.tgz#68589196fedf280aad2c0a69a2a016f78b2137cf" - integrity sha512-Qt8DMC05lVS8NcQx94lfVbZSX+2Ym7032b/JR8AlboAa/D669kPzqb35dkjkvAG6+NWmUchef3ENtrD6F+5n8Q== +"@smithy/querystring-parser@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/querystring-parser/-/querystring-parser-3.0.4.tgz#2a1e2d7fb4d2ec726fb4b4dac8b63a8e5294bcf4" + integrity sha512-7CHPXffFcakFzhO0OZs/rn6fXlTHrSDdLhIT6/JIk1u2bvwguTL3fMCc1+CfcbXA7TOhjWXu3TcB1EGMqJQwHg== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/service-error-classification@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/service-error-classification/-/service-error-classification-3.0.1.tgz#23db475d3cef726e8bf3435229e6e04e4de92430" - integrity sha512-ubFUvIePjDCyIzZ+pLETqNC6KXJ/fc6g+/baqel7Zf6kJI/kZKgjwkCI7zbUhoUuOZ/4eA/87YasVu40b/B4bA== +"@smithy/service-error-classification@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/service-error-classification/-/service-error-classification-3.0.4.tgz#60e07b596b38d316aca453e06bfe33464c622fb5" + integrity sha512-KciDHHKFVTb9A1KlJHBt2F26PBaDtoE23uTZy5qRvPzHPqrooXFi6fmx98lJb3Jl38PuUTqIuCUmmY3pacuMBQ== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" -"@smithy/shared-ini-file-loader@^3.1.1": - version "3.1.1" - resolved "https://registry.yarnpkg.com/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.1.tgz#752ecd8962a660ded75d25341a48feb94f145a6f" - integrity sha512-nD6tXIX2126/P9e3wqRY1bm9dTtPZwRDyjVOd18G28o+1UOG+kOVgUwujE795HslSuPlEgqzsH5sgNP1hDjj9g== +"@smithy/shared-ini-file-loader@^3.1.5": + version "3.1.5" + resolved "https://registry.yarnpkg.com/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.5.tgz#cc44501343c395fc005ded0396446d86408c062d" + integrity sha512-6jxsJ4NOmY5Du4FD0enYegNJl4zTSuKLiChIMqIkh+LapxiP7lmz5lYUNLE9/4cvA65mbBmtdzZ8yxmcqM5igg== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/signature-v4@^3.1.0": - version "3.1.0" - resolved "https://registry.yarnpkg.com/@smithy/signature-v4/-/signature-v4-3.1.0.tgz#cc819568c4fcbadce107901680a96e662bccc86a" - integrity sha512-m0/6LW3IQ3/JBcdhqjpkpABPTPhcejqeAn0U877zxBdNLiWAnG2WmCe5MfkUyVuvpFTPQnQwCo/0ZBR4uF5kxg== +"@smithy/signature-v4@^4.1.1": + version "4.1.1" + resolved "https://registry.yarnpkg.com/@smithy/signature-v4/-/signature-v4-4.1.1.tgz#b47a5cb018ff48d2fcfb846ba6d2d16a08553932" + integrity sha512-SH9J9be81TMBNGCmjhrgMWu4YSpQ3uP1L06u/K9SDrE2YibUix1qxedPCxEQu02At0P0SrYDjvz+y91vLG0KRQ== dependencies: "@smithy/is-array-buffer" "^3.0.0" - "@smithy/types" "^3.1.0" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" "@smithy/util-hex-encoding" "^3.0.0" - "@smithy/util-middleware" "^3.0.1" + "@smithy/util-middleware" "^3.0.4" "@smithy/util-uri-escape" "^3.0.0" "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@smithy/smithy-client@^3.1.2": - version "3.1.2" - resolved "https://registry.yarnpkg.com/@smithy/smithy-client/-/smithy-client-3.1.2.tgz#1c27ab4910bbfd6c0bc04ddd8412494e7a7daba7" - integrity sha512-f3eQpczBOFUtdT/ptw2WpUKu1qH1K7xrssrSiHYtd9TuLXkvFqb88l9mz9FHeUVNSUxSnkW1anJnw6rLwUKzQQ== - dependencies: - "@smithy/middleware-endpoint" "^3.0.2" - "@smithy/middleware-stack" "^3.0.1" - "@smithy/protocol-http" "^4.0.1" - "@smithy/types" "^3.1.0" - "@smithy/util-stream" "^3.0.2" +"@smithy/smithy-client@^3.3.0": + version "3.3.0" + resolved "https://registry.yarnpkg.com/@smithy/smithy-client/-/smithy-client-3.3.0.tgz#ee15e7b5ec150f6048ee2ef0e3751c6ed38900c3" + integrity sha512-H32nVo8tIX82kB0xI2LBrIcj8jx/3/ITotNLbeG1UL0b3b440YPR/hUvqjFJiaB24pQrMjRbU8CugqH5sV0hkw== + dependencies: + "@smithy/middleware-endpoint" "^3.1.1" + "@smithy/middleware-stack" "^3.0.4" + "@smithy/protocol-http" "^4.1.1" + "@smithy/types" "^3.4.0" + "@smithy/util-stream" "^3.1.4" tslib "^2.6.2" -"@smithy/types@^3.1.0", "@smithy/types@^3.2.0", "@smithy/types@^3.3.0": - version "3.3.0" - resolved "https://registry.yarnpkg.com/@smithy/types/-/types-3.3.0.tgz#fae037c733d09bc758946a01a3de0ef6e210b16b" - integrity sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA== +"@smithy/types@^3.4.0": + version "3.4.0" + resolved "https://registry.yarnpkg.com/@smithy/types/-/types-3.4.0.tgz#08b7b3d6af30c66fd0682c73c206a5baf8b40a63" + integrity sha512-0shOWSg/pnFXPcsSU8ZbaJ4JBHZJPPzLCJxafJvbMVFo9l1w81CqpgUqjlKGNHVrVB7fhIs+WS82JDTyzaLyLA== dependencies: tslib "^2.6.2" -"@smithy/url-parser@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/url-parser/-/url-parser-3.0.1.tgz#5451fc7034e9eda112696d1a9508746a7f8b0521" - integrity sha512-G140IlNFlzYWVCedC4E2d6NycM1dCUbe5CnsGW1hmGt4hYKiGOw0v7lVru9WAn5T2w09QEjl4fOESWjGmCvVmg== +"@smithy/url-parser@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/url-parser/-/url-parser-3.0.4.tgz#d24a0304117dc26b81b8a58a3d5eda79cdb09bee" + integrity sha512-XdXfObA8WrloavJYtDuzoDhJAYc5rOt+FirFmKBRKaihu7QtU/METAxJgSo7uMK6hUkx0vFnqxV75urtRaLkLg== dependencies: - "@smithy/querystring-parser" "^3.0.1" - "@smithy/types" "^3.1.0" + "@smithy/querystring-parser" "^3.0.4" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@smithy/util-base64@^3.0.0": @@ -3920,37 +3934,37 @@ dependencies: tslib "^2.6.2" -"@smithy/util-defaults-mode-browser@^3.0.4": - version "3.0.4" - resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.4.tgz#4392db3d96aa08ae161bb987ecfedc094d84b88d" - integrity sha512-sXtin3Mue3A3xo4+XkozpgPptgmRwvNPOqTvb3ANGTCzzoQgAPBNjpE+aXCINaeSMXwHmv7E2oEn2vWdID+SAQ== +"@smithy/util-defaults-mode-browser@^3.0.16": + version "3.0.16" + resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.16.tgz#7d4978a90cee569fdeb6c38c89a09a39371f44d7" + integrity sha512-Os8ddfNBe7hmc5UMWZxygIHCyAqY0aWR8Wnp/aKbti3f8Df/r0J9ttMZIxeMjsFgtVjEryB0q7SGcwBsHk8WEw== dependencies: - "@smithy/property-provider" "^3.1.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" + "@smithy/property-provider" "^3.1.4" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" bowser "^2.11.0" tslib "^2.6.2" -"@smithy/util-defaults-mode-node@^3.0.4": - version "3.0.4" - resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.4.tgz#794b8bb3facb5f6581af8d02fcf1b42b34c103e5" - integrity sha512-CUF6TyxLh3CgBRVYgZNOPDfzHQjeQr0vyALR6/DkQkOm7rNfGEzW1BRFi88C73pndmfvoiIT7ochuT76OPz9Dw== - dependencies: - "@smithy/config-resolver" "^3.0.2" - "@smithy/credential-provider-imds" "^3.1.1" - "@smithy/node-config-provider" "^3.1.1" - "@smithy/property-provider" "^3.1.1" - "@smithy/smithy-client" "^3.1.2" - "@smithy/types" "^3.1.0" +"@smithy/util-defaults-mode-node@^3.0.16": + version "3.0.16" + resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.16.tgz#5747d886720d4f5acdde8fdf8240a6c1bad42f1f" + integrity sha512-rNhFIYRtrOrrhRlj6RL8jWA6/dcwrbGYAmy8+OAHjjzQ6zdzUBB1P+3IuJAgwWN6Y5GxI+mVXlM/pOjaoIgHow== + dependencies: + "@smithy/config-resolver" "^3.0.6" + "@smithy/credential-provider-imds" "^3.2.1" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/property-provider" "^3.1.4" + "@smithy/smithy-client" "^3.3.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/util-endpoints@^2.0.2": - version "2.0.2" - resolved "https://registry.yarnpkg.com/@smithy/util-endpoints/-/util-endpoints-2.0.2.tgz#f995cca553569af43bef82f59d63b4969516df95" - integrity sha512-4zFOcBFQvifd2LSD4a1dKvfIWWwh4sWNtS3oZ7mpob/qPPmJseqKB148iT+hWCDsG//TmI+8vjYPgZdvnkYlTg== +"@smithy/util-endpoints@^2.1.0": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@smithy/util-endpoints/-/util-endpoints-2.1.0.tgz#33395d918a43f0df44a453c6bfa0cf3d35ed1367" + integrity sha512-ilS7/0jcbS2ELdg0fM/4GVvOiuk8/U3bIFXUW25xE1Vh1Ol4DP6vVHQKqM40rCMizCLmJ9UxK+NeJrKlhI3HVA== dependencies: - "@smithy/node-config-provider" "^3.1.1" - "@smithy/types" "^3.1.0" + "@smithy/node-config-provider" "^3.1.5" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@smithy/util-hex-encoding@^3.0.0": @@ -3960,31 +3974,31 @@ dependencies: tslib "^2.6.2" -"@smithy/util-middleware@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/util-middleware/-/util-middleware-3.0.1.tgz#3e0eabaf936e62651a0b9a7c7c3bbe43d3971c91" - integrity sha512-WRODCQtUsO7vIvfrdxS8RFPeLKcewYtaCglZsBsedIKSUGIIvMlZT5oh+pCe72I+1L+OjnZuqRNpN2LKhWA4KQ== +"@smithy/util-middleware@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/util-middleware/-/util-middleware-3.0.4.tgz#a541edb8d3f2923ab06460ec3f1217c143ae5706" + integrity sha512-uSXHTBhstb1c4nHdmQEdkNMv9LiRNaJ/lWV2U/GO+5F236YFpdPw+hyWI9Zc0Rp9XKzwD9kVZvhZmEgp0UCVnA== dependencies: - "@smithy/types" "^3.1.0" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/util-retry@^3.0.1": - version "3.0.1" - resolved "https://registry.yarnpkg.com/@smithy/util-retry/-/util-retry-3.0.1.tgz#24037ff87a314a1ac99f80da43f579ae2352fe18" - integrity sha512-5lRtYm+8fNFEUTdqZXg5M4ppVp40rMIJfR1TpbHAhKQgPIDpWT+iYMaqgnwEbtpi9U1smyUOPv5Sg+M1neOBgw== +"@smithy/util-retry@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@smithy/util-retry/-/util-retry-3.0.4.tgz#281de3f89458b5e3b86ca92937eb1212bcecf67f" + integrity sha512-JJr6g0tO1qO2tCQyK+n3J18r34ZpvatlFN5ULcLranFIBZPxqoivb77EPyNTVwTGMEvvq2qMnyjm4jMIxjdLFg== dependencies: - "@smithy/service-error-classification" "^3.0.1" - "@smithy/types" "^3.1.0" + "@smithy/service-error-classification" "^3.0.4" + "@smithy/types" "^3.4.0" tslib "^2.6.2" -"@smithy/util-stream@^3.0.2": - version "3.0.2" - resolved "https://registry.yarnpkg.com/@smithy/util-stream/-/util-stream-3.0.2.tgz#ed1377bfe824d8acfc105ab2d17ec4f376382cb2" - integrity sha512-n5Obp5AnlI6qHo8sbupwrcpBe6vFp4qkl0SRNuExKPNrH3ABAMG2ZszRTIUIv2b4AsFrCO+qiy4uH1Q3z1dxTA== +"@smithy/util-stream@^3.1.4": + version "3.1.4" + resolved "https://registry.yarnpkg.com/@smithy/util-stream/-/util-stream-3.1.4.tgz#f4041a979dfafcbccdc64fa7ee8c376e39c8dc41" + integrity sha512-txU3EIDLhrBZdGfon6E9V6sZz/irYnKFMblz4TLVjyq8hObNHNS2n9a2t7GIrl7d85zgEPhwLE0gANpZsvpsKg== dependencies: - "@smithy/fetch-http-handler" "^3.0.2" - "@smithy/node-http-handler" "^3.0.1" - "@smithy/types" "^3.1.0" + "@smithy/fetch-http-handler" "^3.2.5" + "@smithy/node-http-handler" "^3.2.0" + "@smithy/types" "^3.4.0" "@smithy/util-base64" "^3.0.0" "@smithy/util-buffer-from" "^3.0.0" "@smithy/util-hex-encoding" "^3.0.0" @@ -4014,13 +4028,13 @@ "@smithy/util-buffer-from" "^3.0.0" tslib "^2.6.2" -"@smithy/util-waiter@^3.0.1": - version "3.1.0" - resolved "https://registry.yarnpkg.com/@smithy/util-waiter/-/util-waiter-3.1.0.tgz#7fa58fe91ddcf4a8bcf00c3d216f2cc14386da2a" - integrity sha512-5OVcC5ZcmmutY208ADY/l2eB4H4DVXs+hPUo/M1spF4/YEmF9DdLkfwBvohej2dIeVJayKY7hMlD0X8j3F3/Uw== +"@smithy/util-waiter@^3.1.3": + version "3.1.3" + resolved "https://registry.yarnpkg.com/@smithy/util-waiter/-/util-waiter-3.1.3.tgz#a633257cc65f83cf5714a0f66665070868c3aa91" + integrity sha512-OU0YllH51/CxD8iyr3UHSMwYqTGTyuxFdCMH/0F978t+iDmJseC/ttrWPb22zmYkhkrjqtipzC1xaMuax5QKIA== dependencies: - "@smithy/abort-controller" "^3.1.0" - "@smithy/types" "^3.2.0" + "@smithy/abort-controller" "^3.1.2" + "@smithy/types" "^3.4.0" tslib "^2.6.2" "@soda/friendly-errors-webpack-plugin@^1.8.0": @@ -4050,22 +4064,22 @@ "@tsconfig/node10@^1.0.7": version "1.0.11" - resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.11.tgz#6ee46400685f130e278128c7b38b7e031ff5b2f2" + resolved "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz#6ee46400685f130e278128c7b38b7e031ff5b2f2" integrity sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw== "@tsconfig/node12@^1.0.7": version "1.0.11" - resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" + resolved "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d" integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag== "@tsconfig/node14@^1.0.0": version "1.0.3" - resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" + resolved "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1" integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow== "@tsconfig/node16@^1.0.2": version "1.0.4" - resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" + resolved "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz#0b92dcc0cc1c81f6f306a381f28e31b1a56536e9" integrity sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA== "@tufjs/canonical-json@2.0.0": @@ -4169,9 +4183,9 @@ "@types/chai" "*" "@types/chai@*", "@types/chai@^4.2.5": - version "4.3.14" - resolved "https://registry.npmjs.org/@types/chai/-/chai-4.3.14.tgz#ae3055ea2be43c91c9fd700a36d67820026d96e6" - integrity sha512-Wj71sXE4Q4AkGdG9Tvq1u/fquNz9EdG4LIJMwVVII7ashjD/8cf8fyIfJAjRr6YcsXnSE8cOGQPq1gqeR8z+3w== + version "4.3.16" + resolved "https://registry.yarnpkg.com/@types/chai/-/chai-4.3.16.tgz#b1572967f0b8b60bf3f87fe1d854a5604ea70c82" + integrity sha512-PatH4iOdyh3MyWtmHVFXLWCCIhUbopaltqddG9BzB+gMIzee2MJrvd+jouii9Z3wzQJruGWAm7WOMjgfG8hQlQ== "@types/chroma-js@^2.1.0": version "2.4.4" @@ -4451,9 +4465,9 @@ "@types/ms" "*" "@types/diff@^5.0.0": - version "5.2.1" - resolved "https://registry.yarnpkg.com/@types/diff/-/diff-5.2.1.tgz#cceae9c4b2dae5c6b8ab1ce1263601c255d87fb3" - integrity sha512-uxpcuwWJGhe2AR1g8hD9F5OYGCqjqWnBUQFD8gMZsDbv8oPHzxJF6iMO6n8Tk0AdzlxoaaoQhOYlIg/PukVU8g== + version "5.2.2" + resolved "https://registry.yarnpkg.com/@types/diff/-/diff-5.2.2.tgz#d430dbb1da6739f1e2565c2c80b54184d4c77658" + integrity sha512-qVqLpd49rmJA2nZzLVsmfS/aiiBpfVE95dHhPVwG0NmSBAt+riPxnj53wq2oBq5m4Q2RF1IWFEUpnZTgrQZfEQ== "@types/duplexify@*": version "3.6.4" @@ -4467,15 +4481,7 @@ resolved "https://registry.npmjs.org/@types/ejs/-/ejs-3.1.5.tgz#49d738257cc73bafe45c13cb8ff240683b4d5117" integrity sha512-nv+GSx77ZtXiJzwKdsASqi+YQ5Z7vwHsTP0JY2SiQgjGckkBRKZnk8nIM+7oUZ1VCtuTz0+By4qVR7fqzp/Dfg== -"@types/eslint-scope@^3.7.3": - version "3.7.7" - resolved "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5" - integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg== - dependencies: - "@types/eslint" "*" - "@types/estree" "*" - -"@types/eslint@*", "@types/eslint@^7.29.0 || ^8.4.1": +"@types/eslint@^7.29.0 || ^8.4.1": version "8.56.6" resolved "https://registry.npmjs.org/@types/eslint/-/eslint-8.56.6.tgz#d5dc16cac025d313ee101108ba5714ea10eb3ed0" integrity sha512-ymwc+qb1XkjT/gfoQwxIeHZ6ixH23A+tCT2ADSA/DPVKzAjwYkTXBMCQ/f6fe4wEa85Lhp26VPeUxI7wMhAi7A== @@ -4558,6 +4564,13 @@ dependencies: "@types/node" "*" +"@types/hast@^3.0.4": + version "3.0.4" + resolved "https://registry.yarnpkg.com/@types/hast/-/hast-3.0.4.tgz#1d6b39993b82cea6ad783945b0508c25903e15aa" + integrity sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ== + dependencies: + "@types/unist" "*" + "@types/html-minifier-terser@^6.0.0": version "6.1.0" resolved "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz#4fc33a00c1d0c16987b1a20cf92d20614c55ac35" @@ -4655,9 +4668,9 @@ "@types/node" "*" "@types/lodash@*", "@types/lodash@^4.14.161": - version "4.17.5" - resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.17.5.tgz#e6c29b58e66995d57cd170ce3e2a61926d55ee04" - integrity sha512-MBIOHVZqVqgfro1euRDWX7OO0fBVUUMrN6Pwm8LQsz8cWhEpihlvR70ENj3f40j58TNxZaWv2ndSkInykNBBJw== + version "4.17.7" + resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.17.7.tgz#2f776bcb53adc9e13b2c0dfd493dfcbd7de43612" + integrity sha512-8wTvZawATi/lsmNu10/j2hk1KEP0IvjubqPE3cu1Xz7xfXXt5oCq3SNUz4fMIP4XGF9Ky+Ue2tBA3hcS7LSBlA== "@types/long@^4.0.0": version "4.0.2" @@ -4714,9 +4727,9 @@ integrity sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g== "@types/multer@^1.4.5": - version "1.4.11" - resolved "https://registry.npmjs.org/@types/multer/-/multer-1.4.11.tgz#c70792670513b4af1159a2b60bf48cc932af55c5" - integrity sha512-svK240gr6LVWvv3YGyhLlA+6LRRWA4mnGIU7RcNmgjBYFl6665wcXrRfxGp5tEPVHUNm5FMcmq7too9bxCwX/w== + version "1.4.12" + resolved "https://registry.yarnpkg.com/@types/multer/-/multer-1.4.12.tgz#da67bd0c809f3a63fe097c458c0d4af1fea50ab7" + integrity sha512-pQ2hoqvXiJt2FP9WQVLPRO+AmiIm/ZYkavPlIQnx282u4ZrVdztx0pkh3jjpQt0Kz+YI0YhSG264y08UJKoUQg== dependencies: "@types/express" "*" @@ -4732,12 +4745,12 @@ dependencies: "@types/node" "*" -"@types/node@*", "@types/node@^20.1.0": - version "20.14.9" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.9.tgz#12e8e765ab27f8c421a1820c99f5f313a933b420" - integrity sha512-06OCtnTXtWOZBJlRApleWndH4JsRVs1pDCc8dLSQp+7PpUpX3ePdHyeNSFTeSe7FtKyQkrlPvHwJOW3SLd8Oyg== +"@types/node@*", "@types/node@^22.0.0": + version "22.5.4" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.5.4.tgz#83f7d1f65bc2ed223bdbf57c7884f1d5a4fa84e8" + integrity sha512-FDuKUJQm/ju9fT/SeX/6+gBzoPzlVCzfzmGkwKvRHQVxi4BntVbyIwf6a4Xn62mrvndLiml6z/UBXIdEVjQLXg== dependencies: - undici-types "~5.26.4" + undici-types "~6.19.2" "@types/node@^10.1.0": version "10.17.60" @@ -4745,9 +4758,9 @@ integrity sha512-F0KIgDJfy2nA3zMLmWGKxcH2ZVEtCZXHHdOQs2gSaQ27+lNeEfGxzkIw90aXswATX7AZ33tahPbzy6KAfUreVw== "@types/node@^16.9.2": - version "16.18.101" - resolved "https://registry.yarnpkg.com/@types/node/-/node-16.18.101.tgz#1e3065490c9ea01a05baf23eb4ac5be985eedc19" - integrity sha512-AAsx9Rgz2IzG8KJ6tXd6ndNkVcu+GYB6U/SnFAaokSPNx2N7dcIIfnighYUNumvj6YS2q39Dejz5tT0NCV7CWA== + version "16.18.108" + resolved "https://registry.npmjs.org/@types/node/-/node-16.18.108.tgz#b794e2b2a85b4c12935ea7d0f18641be68b352f9" + integrity sha512-fj42LD82fSv6yN9C6Q4dzS+hujHj+pTv0IpRR3kI20fnYeS0ytBpjFO9OjmDowSPPt4lNKN46JLaKbCyP+BW2A== "@types/normalize-package-data@^2.4.0": version "2.4.4" @@ -4870,10 +4883,15 @@ resolved "https://registry.npmjs.org/@types/retry/-/retry-0.12.0.tgz#2b35eccfcee7d38cd72ad99232fbd58bffb3c84d" integrity sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA== +"@types/revalidator@^0.3.12": + version "0.3.12" + resolved "https://registry.yarnpkg.com/@types/revalidator/-/revalidator-0.3.12.tgz#fe6f6f9479fa2619a3352a02aa6ad102216c37a8" + integrity sha512-DsA2jHfz73JaIROVoMDd/x7nVWXBmEdDSoXB4yQlDzv/NCBkFY2fMHkyE6DGrvooLDAFe5QI6l9Wq0TgdopMtg== + "@types/sanitize-html@^2.3.1": - version "2.11.0" - resolved "https://registry.npmjs.org/@types/sanitize-html/-/sanitize-html-2.11.0.tgz#582d8c72215c0228e3af2be136e40e0b531addf2" - integrity sha512-7oxPGNQHXLHE48r/r/qjn7q0hlrs3kL7oZnGj0Wf/h9tj/6ibFyRkNbsDxaBBZ4XUZ0Dx5LGCyDJ04ytSofacQ== + version "2.13.0" + resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-2.13.0.tgz#ac3620e867b7c68deab79c72bd117e2049cdd98e" + integrity sha512-X31WxbvW9TjIhZZNyNBZ/p5ax4ti7qsNDBDEnH4zAgmEh35YnFD1UiS6z9Cd34kKm0LslFW0KPmTQzu/oGtsqQ== dependencies: htmlparser2 "^8.0.0" @@ -4989,15 +5007,20 @@ resolved "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz#74fef9ffbaa198eb8b588be029f38b00299caa2c" integrity sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw== +"@types/unist@*": + version "3.0.3" + resolved "https://registry.yarnpkg.com/@types/unist/-/unist-3.0.3.tgz#acaab0f919ce69cce629c2d4ed2eb4adc1b6c20c" + integrity sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q== + "@types/uuid@^10.0.0": version "10.0.0" resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-10.0.0.tgz#e9c07fe50da0f53dc24970cca94d619ff03f6f6d" integrity sha512-7gqG38EyHgyP1S+7+xomFtL+ZNHcKv6DwNaCZmJmo1vgMugyF3TCnXVg4t1uk89mLNwnLtnY3TpOpCOyp1/xHQ== -"@types/validator@*", "@types/validator@^13.0.0", "@types/validator@^13.11.8", "@types/validator@^13.7.17": - version "13.12.0" - resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.12.0.tgz#1fe4c3ae9de5cf5193ce64717c99ef2fa7d8756f" - integrity sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag== +"@types/validator@*", "@types/validator@^13.0.0", "@types/validator@^13.11.8", "@types/validator@^13.12.0", "@types/validator@^13.7.17": + version "13.12.1" + resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.12.1.tgz#8835d22f7e25b261e624d02a42fe4ade2c689a3c" + integrity sha512-w0URwf7BQb0rD/EuiG12KP0bailHKHP5YVviJG9zw3ykAokL0TuxU2TUqMB7EwZ59bDHYdeTIvjI5m0S7qHfOA== "@types/vuelidate@^0.7.13": version "0.7.21" @@ -5578,7 +5601,7 @@ resolved "https://registry.npmjs.org/@vue/web-component-wrapper/-/web-component-wrapper-1.3.0.tgz#b6b40a7625429d2bd7c2281ddba601ed05dc7f1a" integrity sha512-Iu8Tbg3f+emIIMmI2ycSI8QcEuAUgPTgHwesDU1eKMLE4YC/c/sFbGc70QgMq31ijRftV0R7vCm9co6rldCeOA== -"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.11.5", "@webassemblyjs/ast@^1.12.1": +"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.12.1": version "1.12.1" resolved "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.12.1.tgz#bb16a0e8b1914f979f45864c23819cc3e3f0d4bb" integrity sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg== @@ -5644,7 +5667,7 @@ resolved "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== -"@webassemblyjs/wasm-edit@^1.11.5", "@webassemblyjs/wasm-edit@^1.12.1": +"@webassemblyjs/wasm-edit@^1.12.1": version "1.12.1" resolved "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz#9f9f3ff52a14c980939be0ef9d5df9ebc678ae3b" integrity sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g== @@ -5679,7 +5702,7 @@ "@webassemblyjs/wasm-gen" "1.12.1" "@webassemblyjs/wasm-parser" "1.12.1" -"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.11.5", "@webassemblyjs/wasm-parser@^1.12.1": +"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.12.1": version "1.12.1" resolved "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz#c47acb90e6f083391e3fa61d113650eea1e95937" integrity sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ== @@ -5790,10 +5813,10 @@ acorn-globals@^6.0.0: acorn "^7.1.1" acorn-walk "^7.1.1" -acorn-import-assertions@^1.9.0: - version "1.9.0" - resolved "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz#507276249d684797c84e0734ef84860334cfb1ac" - integrity sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA== +acorn-import-attributes@^1.9.5: + version "1.9.5" + resolved "https://registry.yarnpkg.com/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz#7eb1557b1ba05ef18b5ed0ec67591bfab04688ef" + integrity sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ== acorn-jsx@^5.3.2: version "5.3.2" @@ -5811,9 +5834,9 @@ acorn-walk@^8.0.0, acorn-walk@^8.0.2, acorn-walk@^8.2.0: integrity sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A== acorn-walk@^8.1.1: - version "8.3.3" - resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.3.3.tgz#9caeac29eefaa0c41e3d4c65137de4d6f34df43e" - integrity sha512-MxXdReSRhGO7VlFe1bRG/oI7/mdLV9B9JJT0N8vZOhF7gFRR5l3M8W9G8JxmKV+JC5mGqJ0QvqfSOLsCPa4nUw== + version "8.3.4" + resolved "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz#794dd169c3977edf4ba4ea47583587c5866236b7" + integrity sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g== dependencies: acorn "^8.11.0" @@ -5828,9 +5851,9 @@ acorn@^8.0.4, acorn@^8.0.5, acorn@^8.2.4, acorn@^8.4.1, acorn@^8.7.1, acorn@^8.8 integrity sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg== acorn@^8.11.0: - version "8.12.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.12.0.tgz#1627bfa2e058148036133b8d9b51a700663c294c" - integrity sha512-RTvkC4w+KNXrM39/lWCUaG0IbRkWdCv7W/IOW9oU6SawyxulvkQy5HQPVTKxEjczcUvapcrw3cFx/60VN/NRNw== + version "8.12.1" + resolved "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz#71616bdccbe25e27a54439e0046e89ca76df2248" + integrity sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg== add-stream@^1.0.0: version "1.0.0" @@ -5898,7 +5921,7 @@ ajv@8.12.0, ajv@^8.0.0, ajv@^8.9.0: require-from-string "^2.0.2" uri-js "^4.2.2" -ajv@^6.12.2, ajv@^6.12.3, ajv@^6.12.4, ajv@^6.12.5: +ajv@^6.12.2, ajv@^6.12.4, ajv@^6.12.5: version "6.12.6" resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== @@ -6005,9 +6028,9 @@ anymatch@^3.0.3, anymatch@~3.1.2: picomatch "^2.0.4" apexcharts@^3.10.1: - version "3.49.2" - resolved "https://registry.yarnpkg.com/apexcharts/-/apexcharts-3.49.2.tgz#48ebcf7e7ad7bd11300d408fb115c93f67a25e9e" - integrity sha512-vBB8KgwfD9rSObA7s4kY2rU6DeaN67gTR3JN7r32ztgKVf8lKkdFQ6iUhk6oIHrV7W8PoHhr5EwKymn0z5Fz6A== + version "3.53.0" + resolved "https://registry.yarnpkg.com/apexcharts/-/apexcharts-3.53.0.tgz#9ea2b4d837d9faf2c0bff79d228db48e75b2220a" + integrity sha512-QESZHZY3w9LPQ64PGh1gEdfjYjJ5Jp+Dfy0D/CLjsLOPTpXzdxwlNMqRj+vPbTcP0nAHgjWv1maDqcEq6u5olw== dependencies: "@yr/monotone-cubic-spline" "^1.0.3" svg.draggable.js "^2.2.2" @@ -6131,7 +6154,7 @@ archive-type@^4.0.0: arg@^4.1.0: version "4.1.3" - resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" + resolved "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089" integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA== arg@^5.0.2: @@ -6168,12 +6191,12 @@ arr-union@^3.1.0: array-back@^3.0.1, array-back@^3.1.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/array-back/-/array-back-3.1.0.tgz#b8859d7a508871c9a7b2cf42f99428f65e96bfb0" + resolved "https://registry.npmjs.org/array-back/-/array-back-3.1.0.tgz#b8859d7a508871c9a7b2cf42f99428f65e96bfb0" integrity sha512-TkuxA4UCOvxuDK6NZYXCalszEzj+TLszyASooky+i742l9TqsOdYCMJJupxRic61hwquNtppB3hgcuq9SVSH1Q== array-back@^6.2.2: version "6.2.2" - resolved "https://registry.yarnpkg.com/array-back/-/array-back-6.2.2.tgz#f567d99e9af88a6d3d2f9dfcc21db6f9ba9fd157" + resolved "https://registry.npmjs.org/array-back/-/array-back-6.2.2.tgz#f567d99e9af88a6d3d2f9dfcc21db6f9ba9fd157" integrity sha512-gUAZ7HPyb4SJczXAMUXMGAvI976JoK3qEx9v1FTmeYuJj0IBiaKttG1ydtGKdkfqWkIkouke7nG8ufGy77+Cvw== array-buffer-byte-length@^1.0.1: @@ -6199,9 +6222,9 @@ array-ify@^1.0.0: resolved "https://registry.npmjs.org/array-ify/-/array-ify-1.0.0.tgz#9e528762b4a9066ad163a6962a364418e9626ece" integrity sha512-c5AMf34bKdvPhQ7tBGhqkgKNUzMr4WUs+WDtC2ZUGOUncbxKMTvqxYctiseW3+L4bA8ec+GcZ6/A/FW4m8ukng== -array-includes@^3.1.7: +array-includes@^3.1.8: version "3.1.8" - resolved "https://registry.npmjs.org/array-includes/-/array-includes-3.1.8.tgz#5e370cbe172fdd5dd6530c1d4aadda25281ba97d" + resolved "https://registry.yarnpkg.com/array-includes/-/array-includes-3.1.8.tgz#5e370cbe172fdd5dd6530c1d4aadda25281ba97d" integrity sha512-itaWrbYbqpGXkGhZPGUulwnhVf5Hpy1xiCFsGqyIGglbBxmG5vSjxQen3/WGOjPpNEv1RtBLKxbmVXm8HpJStQ== dependencies: call-bind "^1.0.7" @@ -6226,9 +6249,9 @@ array-unique@^0.3.2: resolved "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428" integrity sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ== -array.prototype.findlastindex@^1.2.3: +array.prototype.findlastindex@^1.2.5: version "1.2.5" - resolved "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.5.tgz#8c35a755c72908719453f87145ca011e39334d0d" + resolved "https://registry.yarnpkg.com/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.5.tgz#8c35a755c72908719453f87145ca011e39334d0d" integrity sha512-zfETvRFA8o7EiNn++N5f/kaCw221hrpGsDmcpndVupkPzEc1Wuf3VgC0qby1BbHs7f5DVYjgtEU2LLh5bqeGfQ== dependencies: call-bind "^1.0.7" @@ -6423,9 +6446,9 @@ aws4@^1.8.0: integrity sha512-NmWvPnx0F1SfrQbYwOi7OeaNGokp9XhzNioJ/CSBs8Qa4vxug81mhJEAVZwxXuBmYB5KDRfMq/F3RR0BIU7sWg== axios@^1.3.5, axios@^1.4.0, axios@^1.6.0: - version "1.7.2" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.2.tgz#b625db8a7051fbea61c35a3cbb3a1daa7b9c7621" - integrity sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw== + version "1.7.7" + resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f" + integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q== dependencies: follow-redirects "^1.15.6" form-data "^4.0.0" @@ -6778,7 +6801,7 @@ bn.js@^5.0.0, bn.js@^5.2.1: resolved "https://registry.npmjs.org/bn.js/-/bn.js-5.2.1.tgz#0bc527a6a0d18d0aa8d5b0538ce4a77dccfa7b70" integrity sha512-eXRvHzWyYPBuB4NBy0cmYQjGitUrtqwbvlzP3G6VFnNRbsZQIxQ10PbKKHt8gZ/HW/D/747aDl+QkDqg3KQLMQ== -body-parser@1.20.2, body-parser@^1.19.0: +body-parser@1.20.2: version "1.20.2" resolved "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz#6feb0e21c4724d06de7ff38da36dad4f57a747fd" integrity sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA== @@ -6796,6 +6819,24 @@ body-parser@1.20.2, body-parser@^1.19.0: type-is "~1.6.18" unpipe "1.0.0" +body-parser@1.20.3, body-parser@^1.19.0: + version "1.20.3" + resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.3.tgz#1953431221c6fb5cd63c4b36d53fab0928e548c6" + integrity sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g== + dependencies: + bytes "3.1.2" + content-type "~1.0.5" + debug "2.6.9" + depd "2.0.0" + destroy "1.2.0" + http-errors "2.0.0" + iconv-lite "0.4.24" + on-finished "2.4.1" + qs "6.13.0" + raw-body "2.5.2" + type-is "~1.6.18" + unpipe "1.0.0" + bonjour-service@^1.0.11: version "1.2.1" resolved "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.2.1.tgz#eb41b3085183df3321da1264719fbada12478d02" @@ -6873,7 +6914,7 @@ brorand@^1.0.1, brorand@^1.1.0: browser-or-node@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/browser-or-node/-/browser-or-node-3.0.0.tgz#2b11335570b28887e0bf5cd857f2e8062c6ae293" + resolved "https://registry.npmjs.org/browser-or-node/-/browser-or-node-3.0.0.tgz#2b11335570b28887e0bf5cd857f2e8062c6ae293" integrity sha512-iczIdVJzGEYhP5DqQxYM9Hh7Ztpqqi+CXZpSmX8ALFs9ecXkQIeqRyM6TfxEfMVpwhl3dSuDvxdzzo9sUOIVBQ== browser-process-hrtime@^1.0.0: @@ -6953,7 +6994,7 @@ browserslist@^4.0.0, browserslist@^4.16.3, browserslist@^4.21.10, browserslist@^ node-releases "^2.0.14" update-browserslist-db "^1.0.13" -bs-logger@0.x: +bs-logger@^0.2.6: version "0.2.6" resolved "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz#eb7d365307a72cf974cc6cda76b68354ad336bd8" integrity sha512-pd8DCoxmbgc7hyPKOvxtqNcjYoOsABPQdcCUjGp3d42VR2CX1ORhk2A87oqqu5R1kk+76nsxZupkmyd+MVtCog== @@ -7218,9 +7259,9 @@ chai-as-promised@^7.1.1: check-error "^1.0.2" chai@^4.1.2: - version "4.4.1" - resolved "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz#3603fa6eba35425b0f2ac91a009fe924106e50d1" - integrity sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g== + version "4.5.0" + resolved "https://registry.yarnpkg.com/chai/-/chai-4.5.0.tgz#707e49923afdd9b13a8b0b47d33d732d13812fd8" + integrity sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw== dependencies: assertion-error "^1.1.0" check-error "^1.0.3" @@ -7228,11 +7269,11 @@ chai@^4.1.2: get-func-name "^2.0.2" loupe "^2.3.6" pathval "^1.1.1" - type-detect "^4.0.8" + type-detect "^4.1.0" chalk-template@^0.4.0: version "0.4.0" - resolved "https://registry.yarnpkg.com/chalk-template/-/chalk-template-0.4.0.tgz#692c034d0ed62436b9062c1707fadcd0f753204b" + resolved "https://registry.npmjs.org/chalk-template/-/chalk-template-0.4.0.tgz#692c034d0ed62436b9062c1707fadcd0f753204b" integrity sha512-/ghrgmhfY8RaSdeo43hNXxpoHAtxdbskUHjPpfqUWGttFgycUhYPGx3YZBCnUCvOa7Doivn1IZec3DEGFoMgLg== dependencies: chalk "^4.1.2" @@ -7469,19 +7510,10 @@ cli-spinners@^2.5.0: resolved "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz#1773a8f4b9c4d6ac31563df53b3fc1d79462fe41" integrity sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg== -cli-table3@0.6.3: - version "0.6.3" - resolved "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.3.tgz#61ab765aac156b52f222954ffc607a6f01dbeeb2" - integrity sha512-w5Jac5SykAeZJKntOxJCrm63Eg5/4dhMWIcuTbo9rpE+brgaSZo0RuNJZeOyMgsUdhDeojvgyQLmjI+K50ZGyg== - dependencies: - string-width "^4.2.0" - optionalDependencies: - "@colors/colors" "1.5.0" - -cli-table3@~0.6.1: - version "0.6.4" - resolved "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.4.tgz#d1c536b8a3f2e7bec58f67ac9e5769b1b30088b0" - integrity sha512-Lm3L0p+/npIQWNIiyF/nAn7T5dnOwR3xNTHXYEBFBFVPXzCVNZ5lqEC/1eo/EVfpDsQ1I+TX4ORPQgp+UI0CRw== +cli-table3@0.6.5, cli-table3@~0.6.1: + version "0.6.5" + resolved "https://registry.yarnpkg.com/cli-table3/-/cli-table3-0.6.5.tgz#013b91351762739c16a9567c21a04632e449bf2f" + integrity sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ== dependencies: string-width "^4.2.0" optionalDependencies: @@ -7680,7 +7712,7 @@ combined-stream@^1.0.6, combined-stream@^1.0.8, combined-stream@~1.0.6: command-line-args@^5.2.1: version "5.2.1" - resolved "https://registry.yarnpkg.com/command-line-args/-/command-line-args-5.2.1.tgz#c44c32e437a57d7c51157696893c5909e9cec42e" + resolved "https://registry.npmjs.org/command-line-args/-/command-line-args-5.2.1.tgz#c44c32e437a57d7c51157696893c5909e9cec42e" integrity sha512-H4UfQhZyakIjC74I9d34fGYDwk3XpSr17QhEd0Q3I9Xq1CETHo4Hcuo87WyWHpAF1aSLjLRf5lD9ZGX2qStUvg== dependencies: array-back "^3.1.0" @@ -7688,14 +7720,14 @@ command-line-args@^5.2.1: lodash.camelcase "^4.3.0" typical "^4.0.0" -command-line-usage@^7.0.0, command-line-usage@^7.0.1: - version "7.0.1" - resolved "https://registry.yarnpkg.com/command-line-usage/-/command-line-usage-7.0.1.tgz#e540afef4a4f3bc501b124ffde33956309100655" - integrity sha512-NCyznE//MuTjwi3y84QVUGEOT+P5oto1e1Pk/jFPVdPPfsG03qpTIl3yw6etR+v73d0lXsoojRpvbru2sqePxQ== +command-line-usage@^7.0.1: + version "7.0.3" + resolved "https://registry.npmjs.org/command-line-usage/-/command-line-usage-7.0.3.tgz#6bce992354f6af10ecea2b631bfdf0c8b3bfaea3" + integrity sha512-PqMLy5+YGwhMh1wS04mVG44oqDsgyLRSKJBdOo1bnYhMKBW65gZF1dRp2OZRhiTjgUHljy99qkO7bsctLaw35Q== dependencies: array-back "^6.2.2" chalk-template "^0.4.0" - table-layout "^3.0.0" + table-layout "^4.1.0" typical "^7.1.1" commander@4.1.1, commander@^4.0.0: @@ -7763,9 +7795,9 @@ compare-func@^2.0.0: dot-prop "^5.1.0" compare-versions@^6.0.0: - version "6.1.0" - resolved "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a" - integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg== + version "6.1.1" + resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.1.tgz#7af3cc1099ba37d244b3145a9af5201b629148a9" + integrity sha512-4hm4VPpIecmlg59CHXnRDnqGplJFrbLG4aFEl5vl6cK1u76ws3LLvX7ikFnTDl5vo39sjWD6AaDPYodJp/NNHg== component-emitter@^1.2.1, component-emitter@^1.3.0: version "1.3.1" @@ -8033,9 +8065,9 @@ core-js@^2.4.0: integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ== core-js@^3.4.1: - version "3.37.1" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.37.1.tgz#d21751ddb756518ac5a00e4d66499df981a62db9" - integrity sha512-Xn6qmxrQZyB0FFY8E3bgRXei3lWDJHhvI+u0q9TKIYM49G8pAr0FgnnrFRAmsbptZL1yxRADVXn+x5AGsbBfyw== + version "3.38.1" + resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.38.1.tgz#aa375b79a286a670388a1a363363d53677c0383e" + integrity sha512-OP35aUorbU3Zvlx7pjsFdu1rGNnD4pgw/CWoYzRY3t2EzoVT7shKHY1dlAy3f41cGIO7ZDPQimhGFTlEYkG/Hw== core-util-is@1.0.2: version "1.0.2" @@ -8133,12 +8165,12 @@ create-jest@^29.7.0: create-require@^1.1.0: version "1.1.1" - resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" + resolved "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333" integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ== cross-fetch@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/cross-fetch/-/cross-fetch-4.0.0.tgz#f037aef1580bb3a1a35164ea2a848ba81b445983" + resolved "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.0.0.tgz#f037aef1580bb3a1a35164ea2a848ba81b445983" integrity sha512-e4a5N8lVvuLgAWgnCrLr2PP0YyDOTHa9H/Rj54dirp61qXnNq46m82bRhNqIA5VccJtWBvPTFRV3TtvHUKPB1g== dependencies: node-fetch "^2.6.12" @@ -8379,9 +8411,9 @@ csv-parser@^2.3.0: through2 "^3.0.1" csv-stringify@^6.4.1: - version "6.5.0" - resolved "https://registry.yarnpkg.com/csv-stringify/-/csv-stringify-6.5.0.tgz#7b1491893c917e018a97de9bf9604e23b88647c2" - integrity sha512-edlXFVKcUx7r8Vx5zQucsuMg4wb/xT6qyz+Sr1vnLrdXqlLD1+UKyWNyZ9zn6mUW1ewmGxrpVwAcChGF0HQ/2Q== + version "6.5.1" + resolved "https://registry.yarnpkg.com/csv-stringify/-/csv-stringify-6.5.1.tgz#a31837dd35e34787e3c248159c982a21af964d94" + integrity sha512-+9lpZfwpLntpTIEpFbwQyWuW/hmI/eHuJZD1XzeZpfZTqkf1fyvBbBLXTJJMsBuuS11uTShMqPwzx4A6ffXgRQ== csv2json@^2.0.2: version "2.0.2" @@ -8402,17 +8434,17 @@ custom-event-polyfill@^1.0.7: resolved "https://registry.npmjs.org/custom-event-polyfill/-/custom-event-polyfill-1.0.7.tgz#9bc993ddda937c1a30ccd335614c6c58c4f87aee" integrity sha512-TDDkd5DkaZxZFM8p+1I3yAlvM3rSr1wbrOliG4yJiwinMZN8z/iGL7BTlDkrJcYTmgUSb4ywVCc3ZaUtOtC76w== -cypress-wait-until@^1.7.1: - version "1.7.2" - resolved "https://registry.npmjs.org/cypress-wait-until/-/cypress-wait-until-1.7.2.tgz#7f534dd5a11c89b65359e7a0210f20d3dfc22107" - integrity sha512-uZ+M8/MqRcpf+FII/UZrU7g1qYZ4aVlHcgyVopnladyoBrpoaMJ4PKZDrdOJ05H5RHbr7s9Tid635X3E+ZLU/Q== +cypress-wait-until@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/cypress-wait-until/-/cypress-wait-until-3.0.2.tgz#c90dddfa4c46a2c422f5b91d486531c560bae46e" + integrity sha512-iemies796dD5CgjG5kV0MnpEmKSH+s7O83ZoJLVzuVbZmm4lheMsZqAVT73hlMx4QlkwhxbyUzhOBUOZwoOe0w== -cypress@13.12.0: - version "13.12.0" - resolved "https://registry.yarnpkg.com/cypress/-/cypress-13.12.0.tgz#1a4ea89b7fa6855e32bc02eaf5e25fc45b9e273f" - integrity sha512-udzS2JilmI9ApO/UuqurEwOvThclin5ntz7K0BtnHBs+tg2Bl9QShLISXpSEMDv/u8b6mqdoAdyKeZiSqKWL8g== +cypress@13.14.2: + version "13.14.2" + resolved "https://registry.yarnpkg.com/cypress/-/cypress-13.14.2.tgz#4237eb7b26de2baeaa1f01e585f965d88fca7f39" + integrity sha512-lsiQrN17vHMB2fnvxIrKLAjOr9bPwsNbPZNrWf99s4u+DVmCY6U+w7O3GGG9FvP4EUVYaDu+guWeNLiUzBrqvA== dependencies: - "@cypress/request" "^3.0.0" + "@cypress/request" "^3.0.1" "@cypress/xvfb" "^1.2.4" "@types/sinonjs__fake-timers" "8.1.1" "@types/sizzle" "^2.3.2" @@ -8451,7 +8483,7 @@ cypress@13.12.0: request-progress "^3.0.0" semver "^7.5.3" supports-color "^8.1.1" - tmp "~0.2.1" + tmp "~0.2.3" untildify "^4.0.0" yauzl "^2.10.0" @@ -9099,14 +9131,19 @@ diff@5.1.0: diff@^4.0.1: version "4.0.2" - resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" + resolved "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d" integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== -diff@^5.0.0, diff@^5.2.0: +diff@^5.2.0: version "5.2.0" resolved "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531" integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A== +diff@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/diff/-/diff-7.0.0.tgz#3fb34d387cd76d803f6eebea67b921dab0182a9a" + integrity sha512-PJWHUb1RFevKCwaFA9RlG5tCd+FO5iRh9A8HEtkmBH2Li03iJriB6m6JIN4rGz3K3JLawI7/veA1xzRKP6ISBw== + diffie-hellman@^5.0.0: version "5.0.3" resolved "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz#40e8ee98f55a2149607146921c63e1ae5f3d2875" @@ -9391,7 +9428,7 @@ ee-first@1.1.1: resolved "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== -ejs@^3.1.6, ejs@^3.1.7: +ejs@^3.1.10, ejs@^3.1.6, ejs@^3.1.7: version "3.1.10" resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.10.tgz#69ab8358b14e896f80cc39e62087b88500c3ac3b" integrity sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA== @@ -9404,9 +9441,9 @@ electron-to-chromium@^1.4.668: integrity sha512-6Fmg8QkkumNOwuZ/5mIbMU9WI3H2fmn5ajcVya64I5Yr5CcNmO7vcLt0Y7c96DCiMO5/9G+4sI2r6eEvdg1F7A== elliptic@^6.5.3, elliptic@^6.5.5: - version "6.5.5" - resolved "https://registry.npmjs.org/elliptic/-/elliptic-6.5.5.tgz#c715e09f78b6923977610d4c2346d6ce22e6dded" - integrity sha512-7EjbcmUm17NQFu4Pmgmq2olYMj8nwMnpcddByChSUjArp8F5DQWcIcpriwO4ZToLNAJig0yiyjswfyGNje/ixw== + version "6.5.7" + resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b" + integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q== dependencies: bn.js "^4.11.9" brorand "^1.1.0" @@ -9456,6 +9493,11 @@ encodeurl@~1.0.2: resolved "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" integrity sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w== +encodeurl@~2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-2.0.0.tgz#7b8ea898077d7e409d3ac45474ea38eaf0857a58" + integrity sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== + encoding@^0.1.13: version "0.1.13" resolved "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz#56574afdd791f54a8e9b2785c0582a2d26210fa9" @@ -9470,7 +9512,7 @@ end-of-stream@^1.0.0, end-of-stream@^1.1.0, end-of-stream@^1.4.1: dependencies: once "^1.4.0" -enhanced-resolve@^5.0.0, enhanced-resolve@^5.15.0, enhanced-resolve@^5.16.0, enhanced-resolve@^5.7.0: +enhanced-resolve@^5.0.0, enhanced-resolve@^5.7.0: version "5.16.0" resolved "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.16.0.tgz#65ec88778083056cb32487faa9aef82ed0864787" integrity sha512-O+QWCviPNSSLAD9Ucn8Awv+poAkqn3T1XY5/N7kR7rQO9yfSGWkYZDwpJ+iKF7B8rxaQKWngSqACpgzeapSyoA== @@ -9478,6 +9520,14 @@ enhanced-resolve@^5.0.0, enhanced-resolve@^5.15.0, enhanced-resolve@^5.16.0, enh graceful-fs "^4.2.4" tapable "^2.2.0" +enhanced-resolve@^5.17.1: + version "5.17.1" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz#67bfbbcc2f81d511be77d686a90267ef7f898a15" + integrity sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg== + dependencies: + graceful-fs "^4.2.4" + tapable "^2.2.0" + enquirer@^2.3.6: version "2.4.1" resolved "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz#93334b3fbd74fc7097b224ab4a8fb7e40bf4ae56" @@ -9683,34 +9733,35 @@ es6-weak-map@^2.0.3: es6-iterator "^2.0.3" es6-symbol "^3.1.1" -esbuild@~0.21.4: - version "0.21.5" - resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.21.5.tgz#9ca301b120922959b766360d8ac830da0d02997d" - integrity sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw== +esbuild@~0.23.0: + version "0.23.0" + resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.23.0.tgz#de06002d48424d9fdb7eb52dbe8e95927f852599" + integrity sha512-1lvV17H2bMYda/WaFb2jLPeHU3zml2k4/yagNMG8Q/YtfMjCwEUZa2eXXMgZTVSL5q1n4H7sQ0X6CdJDqqeCFA== optionalDependencies: - "@esbuild/aix-ppc64" "0.21.5" - "@esbuild/android-arm" "0.21.5" - "@esbuild/android-arm64" "0.21.5" - "@esbuild/android-x64" "0.21.5" - "@esbuild/darwin-arm64" "0.21.5" - "@esbuild/darwin-x64" "0.21.5" - "@esbuild/freebsd-arm64" "0.21.5" - "@esbuild/freebsd-x64" "0.21.5" - "@esbuild/linux-arm" "0.21.5" - "@esbuild/linux-arm64" "0.21.5" - "@esbuild/linux-ia32" "0.21.5" - "@esbuild/linux-loong64" "0.21.5" - "@esbuild/linux-mips64el" "0.21.5" - "@esbuild/linux-ppc64" "0.21.5" - "@esbuild/linux-riscv64" "0.21.5" - "@esbuild/linux-s390x" "0.21.5" - "@esbuild/linux-x64" "0.21.5" - "@esbuild/netbsd-x64" "0.21.5" - "@esbuild/openbsd-x64" "0.21.5" - "@esbuild/sunos-x64" "0.21.5" - "@esbuild/win32-arm64" "0.21.5" - "@esbuild/win32-ia32" "0.21.5" - "@esbuild/win32-x64" "0.21.5" + "@esbuild/aix-ppc64" "0.23.0" + "@esbuild/android-arm" "0.23.0" + "@esbuild/android-arm64" "0.23.0" + "@esbuild/android-x64" "0.23.0" + "@esbuild/darwin-arm64" "0.23.0" + "@esbuild/darwin-x64" "0.23.0" + "@esbuild/freebsd-arm64" "0.23.0" + "@esbuild/freebsd-x64" "0.23.0" + "@esbuild/linux-arm" "0.23.0" + "@esbuild/linux-arm64" "0.23.0" + "@esbuild/linux-ia32" "0.23.0" + "@esbuild/linux-loong64" "0.23.0" + "@esbuild/linux-mips64el" "0.23.0" + "@esbuild/linux-ppc64" "0.23.0" + "@esbuild/linux-riscv64" "0.23.0" + "@esbuild/linux-s390x" "0.23.0" + "@esbuild/linux-x64" "0.23.0" + "@esbuild/netbsd-x64" "0.23.0" + "@esbuild/openbsd-arm64" "0.23.0" + "@esbuild/openbsd-x64" "0.23.0" + "@esbuild/sunos-x64" "0.23.0" + "@esbuild/win32-arm64" "0.23.0" + "@esbuild/win32-ia32" "0.23.0" + "@esbuild/win32-x64" "0.23.0" escalade@^3.1.1: version "3.1.2" @@ -9737,11 +9788,6 @@ escape-string-regexp@^4.0.0: resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== -escape-string-regexp@^5.0.0: - version "5.0.0" - resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz#4683126b500b61762f2dbebace1806e8be31b1c8" - integrity sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw== - escodegen@^2.0.0: version "2.1.0" resolved "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz#ba93bbb7a43986d29d6041f99f5262da773e2e17" @@ -9772,40 +9818,41 @@ eslint-import-resolver-node@^0.3.9: is-core-module "^2.13.0" resolve "^1.22.4" -eslint-module-utils@^2.8.0: - version "2.8.1" - resolved "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.8.1.tgz#52f2404300c3bd33deece9d7372fb337cc1d7c34" - integrity sha512-rXDXR3h7cs7dy9RNpUlQf80nX31XWJEyGq1tRMo+6GsO5VmTe4UTwtmonAD4ZkAsrfMVDA2wlGJ3790Ys+D49Q== +eslint-module-utils@^2.9.0: + version "2.11.0" + resolved "https://registry.yarnpkg.com/eslint-module-utils/-/eslint-module-utils-2.11.0.tgz#b99b211ca4318243f09661fae088f373ad5243c4" + integrity sha512-gbBE5Hitek/oG6MUVj6sFuzEjA/ClzNflVrLovHi/JgLdC7fiN5gLAY1WIPW1a0V5I999MnsrvVrCOGmmVqDBQ== dependencies: debug "^3.2.7" eslint-plugin-cypress@^3.0.0: - version "3.3.0" - resolved "https://registry.yarnpkg.com/eslint-plugin-cypress/-/eslint-plugin-cypress-3.3.0.tgz#4ab963193d21ad22aca8379e1d15ba02619ae8db" - integrity sha512-HPHMPzYBIshzJM8wqgKSKHG2p/8R0Gbg4Pb3tcdC9WrmkuqxiKxSKbjunUrajhV5l7gCIFrh1P7C7GuBqH6YuQ== + version "3.5.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-cypress/-/eslint-plugin-cypress-3.5.0.tgz#380ef5049ad80ebeca923db69e4aa96e72fcd893" + integrity sha512-JZQ6XnBTNI8h1B9M7wJSFzc48SYbh7VMMKaNTQOFa3BQlnmXPrVc4PKen8R+fpv6VleiPeej6VxloGb42zdRvw== dependencies: globals "^13.20.0" eslint-plugin-import@^2.20.1: - version "2.29.1" - resolved "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.1.tgz#d45b37b5ef5901d639c15270d74d46d161150643" - integrity sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw== + version "2.30.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-import/-/eslint-plugin-import-2.30.0.tgz#21ceea0fc462657195989dd780e50c92fe95f449" + integrity sha512-/mHNE9jINJfiD2EKkg1BKyPyUk4zdnT54YgbOgfjSakWT5oyX/qQLVNTkehyfpcMxZXMy1zyonZ2v7hZTX43Yw== dependencies: - array-includes "^3.1.7" - array.prototype.findlastindex "^1.2.3" + "@rtsao/scc" "^1.1.0" + array-includes "^3.1.8" + array.prototype.findlastindex "^1.2.5" array.prototype.flat "^1.3.2" array.prototype.flatmap "^1.3.2" debug "^3.2.7" doctrine "^2.1.0" eslint-import-resolver-node "^0.3.9" - eslint-module-utils "^2.8.0" - hasown "^2.0.0" - is-core-module "^2.13.1" + eslint-module-utils "^2.9.0" + hasown "^2.0.2" + is-core-module "^2.15.1" is-glob "^4.0.3" minimatch "^3.1.2" - object.fromentries "^2.0.7" - object.groupby "^1.0.1" - object.values "^1.1.7" + object.fromentries "^2.0.8" + object.groupby "^1.0.3" + object.values "^1.2.0" semver "^6.3.1" tsconfig-paths "^3.15.0" @@ -9817,25 +9864,25 @@ eslint-plugin-prettier@^4.0.0: prettier-linter-helpers "^1.0.0" eslint-plugin-prettier@^5.0.0: - version "5.1.3" - resolved "https://registry.npmjs.org/eslint-plugin-prettier/-/eslint-plugin-prettier-5.1.3.tgz#17cfade9e732cef32b5f5be53bd4e07afd8e67e1" - integrity sha512-C9GCVAs4Eq7ZC/XFQHITLiHJxQngdtraXaM+LoUFoFp/lHNl2Zn8f3WQbe9HvTBBQ9YnKFB0/2Ajdqwo5D1EAw== + version "5.2.1" + resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-5.2.1.tgz#d1c8f972d8f60e414c25465c163d16f209411f95" + integrity sha512-gH3iR3g4JfF+yYPaJYkN7jEl9QbweL/YfkoRlNnuIEHEz1vHVlCmWOS+eGGiRuzHQXdJFCOTxRgvju9b8VUmrw== dependencies: prettier-linter-helpers "^1.0.0" - synckit "^0.8.6" + synckit "^0.9.1" eslint-plugin-vue@^9.15.0: - version "9.26.0" - resolved "https://registry.yarnpkg.com/eslint-plugin-vue/-/eslint-plugin-vue-9.26.0.tgz#bf7f5cce62c8f878059b91edae44d22974133af5" - integrity sha512-eTvlxXgd4ijE1cdur850G6KalZqk65k1JKoOI2d1kT3hr8sPD07j1q98FRFdNnpxBELGPWxZmInxeHGF/GxtqQ== + version "9.28.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-vue/-/eslint-plugin-vue-9.28.0.tgz#e4412f0c1024bafd15ffeaa6f76f4c99152e2765" + integrity sha512-ShrihdjIhOTxs+MfWun6oJWuk+g/LAhN+CiuOl/jjkG3l0F2AuK5NMTaWqyvBgkFtpYmyks6P4603mLmhNJW8g== dependencies: "@eslint-community/eslint-utils" "^4.4.0" globals "^13.24.0" natural-compare "^1.4.0" nth-check "^2.1.1" postcss-selector-parser "^6.0.15" - semver "^7.6.0" - vue-eslint-parser "^9.4.2" + semver "^7.6.3" + vue-eslint-parser "^9.4.3" xml-name-validator "^4.0.0" eslint-scope@5.1.1, eslint-scope@^5.1.1: @@ -10174,9 +10221,9 @@ express-history-api-fallback@^2.2.1: integrity sha512-swxwm3aP8vrOOvlzOdZvHlSZtJGwHKaY94J6AkrAgCTmcbko3IRwbkhLv2wKV1WeZhjxX58aLMpP3atDBnKuZg== express-rate-limit@*, express-rate-limit@^7.0.0: - version "7.3.1" - resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.3.1.tgz#c0887ba746cdd358d17b8ab63d6eba1bae0f670b" - integrity sha512-BbaryvkY4wEgDqLgD18/NSy2lDO2jTuT9Y8c1Mpx0X63Yz0sYd5zN6KPe7UvpuSVvV33T6RaE1o1IVZQjHMYgw== + version "7.4.0" + resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.0.tgz#5db412b8de83fa07ddb40f610c585ac8c1dab988" + integrity sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg== express-session@^1.17.1: version "1.18.0" @@ -10200,9 +10247,9 @@ express-urlrewrite@^1.4.0: debug "*" path-to-regexp "^1.0.3" -express@4.19.2, express@^4.17.1, express@^4.17.3, express@^4.18.2: +express@4.19.2: version "4.19.2" - resolved "https://registry.npmjs.org/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465" + resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465" integrity sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q== dependencies: accepts "~1.3.8" @@ -10237,6 +10284,43 @@ express@4.19.2, express@^4.17.1, express@^4.17.3, express@^4.18.2: utils-merge "1.0.1" vary "~1.1.2" +express@^4.17.1, express@^4.17.3, express@^4.18.2: + version "4.20.0" + resolved "https://registry.yarnpkg.com/express/-/express-4.20.0.tgz#f1d08e591fcec770c07be4767af8eb9bcfd67c48" + integrity sha512-pLdae7I6QqShF5PnNTCVn4hI91Dx0Grkn2+IAsMTgMIKuQVte2dN9PeGSSAME2FR8anOhVA62QDIUaWVfEXVLw== + dependencies: + accepts "~1.3.8" + array-flatten "1.1.1" + body-parser "1.20.3" + content-disposition "0.5.4" + content-type "~1.0.4" + cookie "0.6.0" + cookie-signature "1.0.6" + debug "2.6.9" + depd "2.0.0" + encodeurl "~2.0.0" + escape-html "~1.0.3" + etag "~1.8.1" + finalhandler "1.2.0" + fresh "0.5.2" + http-errors "2.0.0" + merge-descriptors "1.0.3" + methods "~1.1.2" + on-finished "2.4.1" + parseurl "~1.3.3" + path-to-regexp "0.1.10" + proxy-addr "~2.0.7" + qs "6.11.0" + range-parser "~1.2.1" + safe-buffer "5.2.1" + send "0.19.0" + serve-static "1.16.0" + setprototypeof "1.2.0" + statuses "2.0.1" + type-is "~1.6.18" + utils-merge "1.0.1" + vary "~1.1.2" + ext-list@^2.0.0: version "2.2.2" resolved "https://registry.npmjs.org/ext-list/-/ext-list-2.2.2.tgz#0b98e64ed82f5acf0f2931babf69212ef52ddd37" @@ -10366,17 +10450,17 @@ fast-safe-stringify@2.1.1, fast-safe-stringify@^2.1.1: resolved "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884" integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA== -fast-xml-parser@4.2.5: - version "4.2.5" - resolved "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz#a6747a09296a6cb34f2ae634019bf1738f3b421f" - integrity sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g== +fast-xml-parser@4.4.1: + version "4.4.1" + resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz#86dbf3f18edf8739326447bcaac31b4ae7f6514f" + integrity sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw== dependencies: strnum "^1.0.5" fast-xml-parser@^4.2.0: - version "4.4.0" - resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.4.0.tgz#341cc98de71e9ba9e651a67f41f1752d1441a501" - integrity sha512-kLY3jFlwIYwBNDojclKsNAC12sfD6NwW74QB2CoNGPvtVxjliYehVunB3HYyNi+n4Tt1dAcgwYvmKF/Z18flqg== + version "4.5.0" + resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.5.0.tgz#2882b7d01a6825dfdf909638f2de0256351def37" + integrity sha512-/PlTQCI96+fZMAOLMZK4CWG1ItCbfZ/0jx7UIJFChPNrx7tcEgerUgWbeieCM9MfHInUDyK8DWYZ+YrywDJuTg== dependencies: strnum "^1.0.5" @@ -10427,14 +10511,6 @@ figures@^2.0.0: dependencies: escape-string-regexp "^1.0.5" -figures@^5.0.0: - version "5.0.0" - resolved "https://registry.npmjs.org/figures/-/figures-5.0.0.tgz#126cd055052dea699f8a54e8c9450e6ecfc44d5f" - integrity sha512-ej8ksPF4x6e5wvK9yevct0UCXh8TTFlWGVLlgjZuoBH1HwjIfKE/IdL5mq89sFA7zELi1VhKpmtDnrs7zWyeyg== - dependencies: - escape-string-regexp "^5.0.0" - is-unicode-supported "^1.2.0" - file-entry-cache@^6.0.1: version "6.0.1" resolved "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz#211b2dd9659cb0394b073e7323ac3c933d522027" @@ -10582,7 +10658,7 @@ find-cache-dir@^3.3.1: find-replace@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/find-replace/-/find-replace-3.0.0.tgz#3e7e23d3b05167a76f770c9fbd5258b0def68c38" + resolved "https://registry.npmjs.org/find-replace/-/find-replace-3.0.0.tgz#3e7e23d3b05167a76f770c9fbd5258b0def68c38" integrity sha512-6Tb2myMioCAgv5kfvP5/PkZZ/ntTpVK39fHY7WkWBgvbeE+VHd/tZuZ4mrC+bxh4cfOZeYKVPaJIZtZXV7GNCQ== dependencies: array-back "^3.0.1" @@ -11085,16 +11161,17 @@ glob-to-regexp@^0.4.1: resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== -glob@10.3.10, glob@^10.2.2, glob@^10.3.10, glob@^10.3.3, glob@^10.3.7: - version "10.3.10" - resolved "https://registry.npmjs.org/glob/-/glob-10.3.10.tgz#0351ebb809fd187fe421ab96af83d3a70715df4b" - integrity sha512-fa46+tv1Ak0UPK1TOy/pZrIybNNt4HCv7SDzwyfiOZkvZLEbjsZkJBPtDHVshZjbecAoAGSC20MjLDG/qr679g== +glob@10.4.2, glob@^10.2.2, glob@^10.3.10, glob@^10.3.3, glob@^10.3.7: + version "10.4.2" + resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.2.tgz#bed6b95dade5c1f80b4434daced233aee76160e5" + integrity sha512-GwMlUF6PkPo3Gk21UxkCohOv0PLcIXVtKyLlpEI28R/cO/4eNOdmLk3CMW1wROV/WR/EsZOWAfBbBOqYvs88/w== dependencies: foreground-child "^3.1.0" - jackspeak "^2.3.5" - minimatch "^9.0.1" - minipass "^5.0.0 || ^6.0.2 || ^7.0.0" - path-scurry "^1.10.1" + jackspeak "^3.1.2" + minimatch "^9.0.4" + minipass "^7.1.2" + package-json-from-dist "^1.0.0" + path-scurry "^1.11.1" glob@7.2.0: version "7.2.0" @@ -11280,19 +11357,6 @@ handlebars@^4.7.7: optionalDependencies: uglify-js "^3.1.4" -har-schema@^2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92" - integrity sha512-Oqluz6zhGX8cyRaTQlFMPw80bSJVG2x/cFb8ZPhUILGgHka9SsokCCOQgpveePerqidZOrT14ipqfJb7ILcW5Q== - -har-validator@~5.1.3: - version "5.1.5" - resolved "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz#1f0803b9f8cb20c0fa13822df1ecddb36bde1efd" - integrity sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w== - dependencies: - ajv "^6.12.3" - har-schema "^2.0.0" - hard-rejection@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz#1c6eda5c1685c63942766d79bb40ae773cecd883" @@ -11454,7 +11518,12 @@ hexoid@^1.0.0: resolved "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18" integrity sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g== -highlight.js@*, highlight.js@11.9.0, highlight.js@^11.0.0: +highlight.js@*, highlight.js@^11.0.0: + version "11.10.0" + resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-11.10.0.tgz#6e3600dc4b33d6dc23d5bd94fbf72405f5892b92" + integrity sha512-SYVnVFswQER+zu1laSya563s+F8VDGt7o35d4utbamowvUNLLMovFqwCLSocpZTz3MgaSRA1IbqRWZv97dtErQ== + +highlight.js@11.9.0: version "11.9.0" resolved "https://registry.npmjs.org/highlight.js/-/highlight.js-11.9.0.tgz#04ab9ee43b52a41a047432c8103e2158a1b8b5b0" integrity sha512-fJ7cW7fQGCYAkgv4CPfwFHrfd/cLS4Hau96JuJ+ZTOWhjnhoeN1ub1tFmALm/+lW5z4WCAuAV9bm05AP0mS6Gw== @@ -11535,9 +11604,9 @@ html-escaper@^2.0.0, html-escaper@^2.0.2: integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg== html-loader@^5.0.0: - version "5.0.0" - resolved "https://registry.npmjs.org/html-loader/-/html-loader-5.0.0.tgz#2bb3ed423e9ea10f24add5d1a563adc5a8fc7f00" - integrity sha512-puaGKdjdVVIFRtgIC2n5dt5bt0N5j6heXlAQZ4Do1MLjHmOT1gCE1Ogg7XZNeJlnOVHHsrZKGs5dfh+XwZ3XPw== + version "5.1.0" + resolved "https://registry.yarnpkg.com/html-loader/-/html-loader-5.1.0.tgz#85c13e0abc3b5f3aa6e7f664eee6e44d00718d95" + integrity sha512-Jb3xwDbsm0W3qlXrCZwcYqYGnYz55hb6aoKQTlzyZPXsPpi6tHXzAfqalecglMQgNvtEfxrCQPaKT90Irt5XDA== dependencies: html-minifier-terser "^7.2.0" parse5 "^7.1.2" @@ -11687,15 +11756,6 @@ http-proxy@^1.18.1: follow-redirects "^1.0.0" requires-port "^1.0.0" -http-signature@~1.2.0: - version "1.2.0" - resolved "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" - integrity sha512-CAbnr6Rz4CYQkLYUtSNXxQPUH2gK8f3iWexVlsnMeD+GjlsQ0Xsy1cOX+mN3dtxYomRy21CiOzU8Uhw6OwncEQ== - dependencies: - assert-plus "^1.0.0" - jsprim "^1.2.2" - sshpk "^1.7.0" - http-signature@~1.3.6: version "1.3.6" resolved "https://registry.npmjs.org/http-signature/-/http-signature-1.3.6.tgz#cb6fbfdf86d1c974f343be94e87f7fc128662cf9" @@ -11872,18 +11932,18 @@ inquirer@8.2.6, inquirer@^8.0.0, inquirer@^8.2.4: through "^2.3.6" wrap-ansi "^6.0.1" -inquirer@9.2.12: - version "9.2.12" - resolved "https://registry.npmjs.org/inquirer/-/inquirer-9.2.12.tgz#0348e9311765b7c93fce143bb1c0ef1ae879b1d7" - integrity sha512-mg3Fh9g2zfuVWJn6lhST0O7x4n03k7G8Tx5nvikJkbq8/CK47WDVm+UznF0G6s5Zi0KcyUisr6DU8T67N5U+1Q== +inquirer@9.2.15: + version "9.2.15" + resolved "https://registry.yarnpkg.com/inquirer/-/inquirer-9.2.15.tgz#2135a36190a6e5c92f5d205e0af1fea36b9d3492" + integrity sha512-vI2w4zl/mDluHt9YEQ/543VTCwPKWiHzKtm9dM2V0NdFcqEexDAjUHzO1oA60HRNaVifGXXM1tRRNluLVHa0Kg== dependencies: - "@ljharb/through" "^2.3.11" + "@ljharb/through" "^2.3.12" ansi-escapes "^4.3.2" chalk "^5.3.0" cli-cursor "^3.1.0" cli-width "^4.1.0" external-editor "^3.1.0" - figures "^5.0.0" + figures "^3.2.0" lodash "^4.17.21" mute-stream "1.0.0" ora "^5.4.1" @@ -12043,12 +12103,12 @@ is-ci@^1.0.10: dependencies: ci-info "^1.5.0" -is-core-module@^2.13.0, is-core-module@^2.13.1, is-core-module@^2.5.0, is-core-module@^2.8.1: - version "2.13.1" - resolved "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz#ad0d7532c6fea9da1ebdc82742d74525c6273384" - integrity sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw== +is-core-module@^2.13.0, is-core-module@^2.15.1, is-core-module@^2.5.0, is-core-module@^2.8.1: + version "2.15.1" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.15.1.tgz#a7363a25bee942fefab0de13bf6aa372c82dcc37" + integrity sha512-z0vtXSwucUJtANQWldhbtbt7BnL0vxiFjIdDLAatwhDYty2bad6s+rijD6Ri4YuYJubLzIJLUidCh09e1djEVQ== dependencies: - hasown "^2.0.0" + hasown "^2.0.2" is-data-descriptor@^1.0.1: version "1.0.1" @@ -12327,11 +12387,6 @@ is-unicode-supported@^0.1.0: resolved "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz#3f26c76a809593b52bfa2ecb5710ed2779b522a7" integrity sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw== -is-unicode-supported@^1.2.0: - version "1.3.0" - resolved "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz#d824984b616c292a2e198207d4a609983842f714" - integrity sha512-43r2mRvz+8JRIKnWJ+3j8JtjRKZ6GmjzfaE/qiBJnikNnYv/6bagRJ1kUhNk8R5EX/GkobD+r+sfxCPJsiKBLQ== - is-url@^1.2.4: version "1.2.4" resolved "https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz#04a4df46d28c4cff3d73d01ff06abeb318a1aa52" @@ -12489,10 +12544,10 @@ iterare@1.2.1: resolved "https://registry.npmjs.org/iterare/-/iterare-1.2.1.tgz#139c400ff7363690e33abffa33cbba8920f00042" integrity sha512-RKYVTCjAnRthyJes037NX/IiqeidgN1xc3j1RjFfECFp28A1GVwK9nA+i0rJPaHqSZwygLzRnFlzUuHFoWWy+Q== -jackspeak@^2.3.5: - version "2.3.6" - resolved "https://registry.npmjs.org/jackspeak/-/jackspeak-2.3.6.tgz#647ecc472238aee4b06ac0e461acc21a8c505ca8" - integrity sha512-N3yCS/NegsOBokc8GAdM8UcmfsKiSS8cipheD/nivzr700H+nsMOxJjQnvwOcRYVuFkdH0wGUvW2WbXGmrZGbQ== +jackspeak@^3.1.2: + version "3.4.0" + resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-3.4.0.tgz#a75763ff36ad778ede6a156d8ee8b124de445b4a" + integrity sha512-JVYhQnN59LVPFCEcVa2C3CrEKYacvjRfqIQl+h8oi91aLYQVWRYbxjPcv1bUiUy/kLmQaANrYfNMCO3kuEDHfw== dependencies: "@isaacs/cliui" "^8.0.2" optionalDependencies: @@ -13384,7 +13439,7 @@ jose@^5.3.0: js-base64@^3.7.7: version "3.7.7" - resolved "https://registry.yarnpkg.com/js-base64/-/js-base64-3.7.7.tgz#e51b84bf78fbf5702b9541e2cb7bfcb893b43e79" + resolved "https://registry.npmjs.org/js-base64/-/js-base64-3.7.7.tgz#e51b84bf78fbf5702b9541e2cb7bfcb893b43e79" integrity sha512-7rCnleh0z2CkXhH67J8K1Ytz0b2Y+yxTPL+/KOJoa20hfnVQ/3/T6W/KflYI4bRHRagNeXeU2bkNGI3v1oS/lw== js-beautify@^1.14.5, js-beautify@^1.6.12, js-beautify@^1.6.14: @@ -13635,6 +13690,11 @@ jsonc-parser@3.2.1: resolved "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.2.1.tgz#031904571ccf929d7670ee8c547545081cb37f1a" integrity sha512-AilxAyFOAcK5wA1+LeaySVBrHsGQvUFCDWXKpZjzaL0PqW+xfBOttn8GNtWKFWqneyMZj41MWF9Kl6iPWLwgOA== +jsonc-parser@3.3.1: + version "3.3.1" + resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.3.1.tgz#f2a524b4f7fd11e3d791e559977ad60b98b798b4" + integrity sha512-HUgH65KyejrUFPvHFPbqOY0rsFip3Bo5wb4ngvdi1EpCYWUQDC5V+Y7mZws+DLkr4M//zQJoanu1SP+87Dv1oQ== + jsonfile@^6.0.1: version "6.1.0" resolved "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae" @@ -13665,16 +13725,6 @@ jsonwebtoken@9.0.2, jsonwebtoken@^9.0.0: ms "^2.1.1" semver "^7.5.4" -jsprim@^1.2.2: - version "1.4.2" - resolved "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz#712c65533a15c878ba59e9ed5f0e26d5b77c5feb" - integrity sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw== - dependencies: - assert-plus "1.0.0" - extsprintf "1.3.0" - json-schema "0.4.0" - verror "1.10.0" - jsprim@^2.0.2: version "2.0.2" resolved "https://registry.npmjs.org/jsprim/-/jsprim-2.0.2.tgz#77ca23dbcd4135cd364800d22ff82c2185803d4d" @@ -13817,12 +13867,12 @@ ldapjs@^2.2.1: verror "^1.8.1" lerna@^8.1.2: - version "8.1.5" - resolved "https://registry.yarnpkg.com/lerna/-/lerna-8.1.5.tgz#fa3ea882a1e248b7a18eb5ee8a9329c20ec955e5" - integrity sha512-/eigpa/JTfKl9RP9QHK9Tifeog+dymYICqBoZlR4fjp94ol2Q6adYQHy8dWRkv0VPrHh/Xuy5VlmPaGvIoGeDw== + version "8.1.8" + resolved "https://registry.yarnpkg.com/lerna/-/lerna-8.1.8.tgz#9edc9ce4fb4b6c7e22c994e9ef91d4e0370595b2" + integrity sha512-Rmo5ShMx73xM2CUcRixjmpZIXB7ZFlWEul1YvJyx/rH4onAwDHtUGD7Rx4NZYL8QSRiQHroglM2Oyq+WqA4BYg== dependencies: - "@lerna/create" "8.1.5" - "@npmcli/arborist" "7.5.3" + "@lerna/create" "8.1.8" + "@npmcli/arborist" "7.5.4" "@npmcli/package-json" "5.2.0" "@npmcli/run-script" "8.1.0" "@nx/devkit" ">=17.1.2 < 20" @@ -13887,6 +13937,8 @@ lerna@^8.1.2: signal-exit "3.0.7" slash "3.0.0" ssri "^10.0.6" + string-width "^4.2.3" + strip-ansi "^6.0.1" strong-log-transformer "2.1.0" tar "6.2.1" temp-dir "1.0.0" @@ -14060,14 +14112,9 @@ lodash-id@^0.14.1: resolved "https://registry.npmjs.org/lodash-id/-/lodash-id-0.14.1.tgz#dffa1f1f8b90d1803bb0d70b7d7547e10751e80b" integrity sha512-ikQPBTiq/d5m6dfKQlFdIXFzvThPi2Be9/AHxktOnDSfSxE1j9ICbBT5Elk1ke7HSTgM38LHTpmJovo9/klnLg== -lodash.assignwith@^4.2.0: - version "4.2.0" - resolved "https://registry.yarnpkg.com/lodash.assignwith/-/lodash.assignwith-4.2.0.tgz#127a97f02adc41751a954d24b0de17e100e038eb" - integrity sha512-ZznplvbvtjK2gMvnQ1BR/zqPFZmS6jbK4p+6Up4xcRYA7yMIwxHCfbTcrYxXKzzqLsQ05eJPVznEW3tuwV7k1g== - lodash.camelcase@^4.3.0: version "4.3.0" - resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6" + resolved "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6" integrity sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA== lodash.clonedeep@^4.5.0: @@ -14130,7 +14177,7 @@ lodash.mapvalues@^4.6.0: resolved "https://registry.npmjs.org/lodash.mapvalues/-/lodash.mapvalues-4.6.0.tgz#1bafa5005de9dd6f4f26668c30ca37230cc9689c" integrity sha512-JPFqXFeZQ7BfS00H58kClY7SPVeHertPE0lNuCyZ26/XlN8TvakYD7b9bGyNmXbT/D3BbtPAAmq90gPWqLkxlQ== -lodash.memoize@4.x, lodash.memoize@^4.1.2: +lodash.memoize@^4.1.2: version "4.1.2" resolved "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe" integrity sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag== @@ -14194,10 +14241,10 @@ log-update@^4.0.0: slice-ansi "^4.0.0" wrap-ansi "^6.2.0" -logform@^2.3.2, logform@^2.4.0: - version "2.6.0" - resolved "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz#8c82a983f05d6eaeb2d75e3decae7a768b2bf9b5" - integrity sha512-1ulHeNPp6k/LD8H91o7VYFBng5i1BDE7HoKxVbZiGFidS1Rj65qcywLxX+pVfAPoQJEjRdvKcusKwOupHCVOVQ== +logform@^2.3.2, logform@^2.6.0: + version "2.6.1" + resolved "https://registry.yarnpkg.com/logform/-/logform-2.6.1.tgz#71403a7d8cae04b2b734147963236205db9b3df0" + integrity sha512-CdaO738xRapbKIMVn2m4F6KTj4j7ooJ8POVnebSgKo3KBz5axNXRAL7ZdRjIV6NOr2Uf4vjtRkxrFETOioCqSA== dependencies: "@colors/colors" "1.6.0" "@types/triple-beam" "^1.3.2" @@ -14258,7 +14305,7 @@ lowercase-keys@^1.0.0: resolved "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-1.0.1.tgz#6f9e30b47084d971a7c820ff15a6c5167b74c26f" integrity sha512-G2Lj61tXDnVFFOi8VZds+SoQjtQC3dgokKdDG2mTm1tx4m50NUHBOZSBwQQHyy0V12A0JTG4icfZQH+xPyh8VA== -lru-cache@*, lru-cache@^10.0.1, lru-cache@^10.1.0, lru-cache@^10.2.2, "lru-cache@^9.1.1 || ^10.0.0": +lru-cache@*, lru-cache@^10.0.1, lru-cache@^10.1.0, lru-cache@^10.2.0, lru-cache@^10.2.2, "lru-cache@^9.1.1 || ^10.0.0": version "10.3.0" resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.3.0.tgz#4a4aaf10c84658ab70f79a85a9a3f1e1fb11196b" integrity sha512-CQl19J/g+Hbjbv4Y3mFNNXFEL/5t/KCg8POCuUqd4rMKjGG+j1ybER83hxV58zL+dFI1PTkt3GNFSHRt+d8qEQ== @@ -14308,14 +14355,14 @@ lunr@^2.3.9: integrity sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow== luxon@^3.0.1: - version "3.4.4" - resolved "https://registry.npmjs.org/luxon/-/luxon-3.4.4.tgz#cf20dc27dc532ba41a169c43fdcc0063601577af" - integrity sha512-zobTr7akeGHnv7eBOXcRgMeCP6+uyYsczwmeRCauvpvaAltgNyTbLH/+VaEAPUeWBT+1GuNmz4wC/6jtQzbbVA== + version "3.5.0" + resolved "https://registry.yarnpkg.com/luxon/-/luxon-3.5.0.tgz#6b6f65c5cd1d61d1fd19dbf07ee87a50bf4b8e20" + integrity sha512-rh+Zjr6DNfUYR3bPwJEnuwDdqMbxZW7LOQfUN4B54+Cl+0o5zaU9RJ6bcidfDtC1cWCZXQ+nvX8bf6bAji37QQ== -magic-string@0.30.5: - version "0.30.5" - resolved "https://registry.npmjs.org/magic-string/-/magic-string-0.30.5.tgz#1994d980bd1c8835dc6e78db7cbd4ae4f24746f9" - integrity sha512-7xlpfBaQaP/T6Vh8MO/EqXSW5En6INHEvEXQiuff7Gku0PWjU3uf6w/j9o7O+SpB5fOAkrI5HeoNgwjEO0pFsA== +magic-string@0.30.8: + version "0.30.8" + resolved "https://registry.yarnpkg.com/magic-string/-/magic-string-0.30.8.tgz#14e8624246d2bedba70d5462aa99ac9681844613" + integrity sha512-ISQTe55T2ao7XtlAStud6qwYPZjE4GK1S/BeVPus4jrq6JuOnQ00YKQC581RWhR122W7msZV263KzVeLoqidyQ== dependencies: "@jridgewell/sourcemap-codec" "^1.4.15" @@ -14348,7 +14395,7 @@ make-dir@^3.0.2, make-dir@^3.1.0: dependencies: semver "^6.0.0" -make-error@1.x, make-error@^1.1.1, make-error@^1.3.2: +make-error@^1.1.1, make-error@^1.3.2, make-error@^1.3.6: version "1.3.6" resolved "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2" integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw== @@ -14483,6 +14530,11 @@ merge-descriptors@1.0.1: resolved "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61" integrity sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w== +merge-descriptors@1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.3.tgz#d80319a65f3c7935351e5cfdac8f9318504dbed5" + integrity sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ== + merge-source-map@^1.1.0: version "1.1.0" resolved "https://registry.npmjs.org/merge-source-map/-/merge-source-map-1.1.0.tgz#2fdde7e6020939f70906a68f2d7ae685e4c8c646" @@ -14652,7 +14704,7 @@ minimatch@^8.0.2: dependencies: brace-expansion "^2.0.1" -minimatch@^9.0.0, minimatch@^9.0.1, minimatch@^9.0.3, minimatch@^9.0.4, minimatch@^9.0.5: +minimatch@^9.0.0, minimatch@^9.0.3, minimatch@^9.0.4, minimatch@^9.0.5: version "9.0.5" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.5.tgz#d74f9dd6b57d83d8e98cfb82133b03978bc929e5" integrity sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow== @@ -14734,6 +14786,11 @@ minipass@^5.0.0: resolved "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz#dbce03740f50a4786ba994c1fb908844d27b038c" integrity sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ== +minipass@^7.1.2: + version "7.1.2" + resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" + integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== + minizlib@^2.1.1, minizlib@^2.1.2: version "2.1.2" resolved "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931" @@ -15342,11 +15399,6 @@ nx@19.0.3, "nx@>=17.1.2 < 20": "@nx/nx-win32-arm64-msvc" "19.0.3" "@nx/nx-win32-x64-msvc" "19.0.3" -oauth-sign@~0.9.0: - version "0.9.0" - resolved "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz#47a7b016baa68b5fa0ecf3dee08a85c679ac6455" - integrity sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ== - oauth2-mock-server@^7.0.0: version "7.1.2" resolved "https://registry.yarnpkg.com/oauth2-mock-server/-/oauth2-mock-server-7.1.2.tgz#10924b18e9ea380d128f6bef9b2a0a593b839663" @@ -15422,9 +15474,9 @@ object.assign@^4.1.4, object.assign@^4.1.5: has-symbols "^1.0.3" object-keys "^1.1.1" -object.fromentries@^2.0.7: +object.fromentries@^2.0.8: version "2.0.8" - resolved "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.8.tgz#f7195d8a9b97bd95cbc1999ea939ecd1a2b00c65" + resolved "https://registry.yarnpkg.com/object.fromentries/-/object.fromentries-2.0.8.tgz#f7195d8a9b97bd95cbc1999ea939ecd1a2b00c65" integrity sha512-k6E21FzySsSK5a21KRADBd/NGneRegFO5pLHfdQLpRDETUNJueLXs3WCzyQ3tFRDYgbq3KHGXfTbi2bs8WQ6rQ== dependencies: call-bind "^1.0.7" @@ -15445,9 +15497,9 @@ object.getownpropertydescriptors@^2.1.0: gopd "^1.0.1" safe-array-concat "^1.1.2" -object.groupby@^1.0.1: +object.groupby@^1.0.3: version "1.0.3" - resolved "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.3.tgz#9b125c36238129f6f7b61954a1e7176148d5002e" + resolved "https://registry.yarnpkg.com/object.groupby/-/object.groupby-1.0.3.tgz#9b125c36238129f6f7b61954a1e7176148d5002e" integrity sha512-+Lhy3TQTuzXI5hevh8sBGqbmurHbbIjAi0Z4S63nthVLmLxfbj4T54a4CfZrXIrt9iP4mVAPYMo/v99taj3wjQ== dependencies: call-bind "^1.0.7" @@ -15461,7 +15513,7 @@ object.pick@^1.3.0: dependencies: isobject "^3.0.1" -object.values@^1.1.0, object.values@^1.1.7: +object.values@^1.1.0, object.values@^1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/object.values/-/object.values-1.2.0.tgz#65405a9d92cee68ac2d303002e0b8470a4d9ab1b" integrity sha512-yBYjY9QX2hnRmZHAjG/f13MzmBzxzYgQhFrke06TTyKY5zSTEqkOeukBzIdVA3j3ulu8Qa3MbVFShV7T2RmGtQ== @@ -15522,6 +15574,11 @@ onetime@^5.1.0, onetime@^5.1.2: dependencies: mimic-fn "^2.1.0" +oniguruma-to-js@0.3.3: + version "0.3.3" + resolved "https://registry.yarnpkg.com/oniguruma-to-js/-/oniguruma-to-js-0.3.3.tgz#3527f7e0fb9e5259c10962a7b015f28c602280dd" + integrity sha512-m90/WEhgs8g4BxG37+Nu3YrMfJDs2YXtYtIllhsEPR+wP3+K4EZk6dDUvy2v2K4MNFDDOYKL4/yqYPXDqyozTQ== + open@^8.0.2, open@^8.0.9, open@^8.4.0: version "8.4.2" resolved "https://registry.npmjs.org/open/-/open-8.4.2.tgz#5b5ffe2a8f793dcd2aad73e550cb87b59cb084f9" @@ -15536,13 +15593,6 @@ opener@^1.5.2: resolved "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz#5d37e1f35077b9dcac4301372271afdeb2a13598" integrity sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A== -openid@1.x.x: - version "1.0.4" - resolved "https://registry.npmjs.org/openid/-/openid-1.0.4.tgz#df39012ed525ace3aa1e87da8772e40fbb675462" - integrity sha512-0wGvC4Yn2uJm+8UBmlzM5xjBkK3AmEmPqq+T/TiTLURGGIHk2XbeVskianxI3t6Uyf7vomKAzzH9C8DQBL7P4Q== - dependencies: - request "^2.61.0" - optionator@^0.9.3: version "0.9.3" resolved "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz#007397d44ed1872fdc6ed31360190f81814e2c64" @@ -15744,6 +15794,11 @@ p-waterfall@2.1.1: dependencies: p-reduce "^2.0.0" +package-json-from-dist@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz#e501cd3094b278495eb4258d4c9f6d5ac3019f00" + integrity sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw== + pacote@^18.0.0, pacote@^18.0.6: version "18.0.6" resolved "https://registry.yarnpkg.com/pacote/-/pacote-18.0.6.tgz#ac28495e24f4cf802ef911d792335e378e86fac7" @@ -15992,14 +16047,6 @@ passport-oauth2@1.x.x, passport-oauth2@^1.4.0, passport-oauth2@^1.5.0: uid2 "0.0.x" utils-merge "1.x.x" -passport-openid@^0.4.0: - version "0.4.0" - resolved "https://registry.npmjs.org/passport-openid/-/passport-openid-0.4.0.tgz#c2b58f5ff4a28f285700250712d8ea5677405cd6" - integrity sha512-c8nrQSNhyMnYJSn8uKCZD/M18C+51MpYgbrkKjJjFc+KIvH4Z7RWMej0tI1gbKg7FP3a3wBEwXvb9QeSZ1N8Vw== - dependencies: - openid "1.x.x" - passport-strategy "1.x.x" - passport-openidconnect@^0.1.1: version "0.1.2" resolved "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz#86c830a96cfc2cf7e0273d3eba2828ab6abb3166" @@ -16029,7 +16076,7 @@ path-browserify@^1.0.1: path-equal@^1.1.2: version "1.2.5" - resolved "https://registry.yarnpkg.com/path-equal/-/path-equal-1.2.5.tgz#9fcbdd5e5daee448e96f43f3bac06c666b5e982a" + resolved "https://registry.npmjs.org/path-equal/-/path-equal-1.2.5.tgz#9fcbdd5e5daee448e96f43f3bac06c666b5e982a" integrity sha512-i73IctDr3F2W+bsOWDyyVm/lqsXO47aY9nsFZUjTT/aljSbkxHxxCoyZ9UUrM8jK0JVod+An+rl48RCsvWM+9g== path-exists@^3.0.0: @@ -16062,7 +16109,15 @@ path-parse@^1.0.7: resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== -path-scurry@^1.10.1, path-scurry@^1.6.1: +path-scurry@^1.11.1: + version "1.11.1" + resolved "https://registry.yarnpkg.com/path-scurry/-/path-scurry-1.11.1.tgz#7960a668888594a0720b12a911d1a742ab9f11d2" + integrity sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== + dependencies: + lru-cache "^10.2.0" + minipass "^5.0.0 || ^6.0.2 || ^7.0.0" + +path-scurry@^1.6.1: version "1.10.1" resolved "https://registry.npmjs.org/path-scurry/-/path-scurry-1.10.1.tgz#9ba6bf5aa8500fe9fd67df4f0d9483b2b0bfc698" integrity sha512-MkhCqzzBEpPvxxQ71Md0b1Kk51W01lrYvlMzSUaIzNsODdd7mqhiimSZlr+VegAz5Z6Vzt9Xg2ttE//XBhH3EQ== @@ -16070,6 +16125,11 @@ path-scurry@^1.10.1, path-scurry@^1.6.1: lru-cache "^9.1.1 || ^10.0.0" minipass "^5.0.0 || ^6.0.2 || ^7.0.0" +path-to-regexp@0.1.10: + version "0.1.10" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.10.tgz#67e9108c5c0551b9e5326064387de4763c4d5f8b" + integrity sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w== + path-to-regexp@0.1.7: version "0.1.7" resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" @@ -16229,10 +16289,10 @@ picocolors@^1.0.0: resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c" integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== -picomatch@3.0.1: - version "3.0.1" - resolved "https://registry.npmjs.org/picomatch/-/picomatch-3.0.1.tgz#817033161def55ec9638567a2f3bbc876b3e7516" - integrity sha512-I3EurrIQMlRc9IaAZnqRR044Phh2DXY+55o7uJ0V+hYZAcQYSuFWsc9q5PvyDHUSCe1Qxn/iBz+78s86zWnGag== +picomatch@4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.1.tgz#68c26c8837399e5819edce48590412ea07f17a07" + integrity sha512-xUXwsxNjwTQ8K3GnT4pCJm+xq3RUPQbmkYJTP5aFIfNIvbcc/4MUxgBaaRSZJ6yGJZiGSyYlM6MzwTsRk8SYCg== picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" @@ -16725,10 +16785,10 @@ prettier-linter-helpers@^1.0.0: dependencies: fast-diff "^1.1.2" -prettier-plugin-organize-imports@^3.0.0: - version "3.2.4" - resolved "https://registry.npmjs.org/prettier-plugin-organize-imports/-/prettier-plugin-organize-imports-3.2.4.tgz#77967f69d335e9c8e6e5d224074609309c62845e" - integrity sha512-6m8WBhIp0dfwu0SkgfOxJqh+HpdyfqSSLfKKRZSFbDuEQXDDndb8fTpRWkUrX/uBenkex3MgnVk0J3b3Y5byog== +prettier-plugin-organize-imports@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/prettier-plugin-organize-imports/-/prettier-plugin-organize-imports-4.0.0.tgz#a69acf024ea3c8eb650c81f664693826ca853534" + integrity sha512-vnKSdgv9aOlqKeEFGhf9SCBsTyzDSyScy1k7E0R1Uo4L0cTcOV7c1XQaT7jfXIOc/p08WLBfN2QUQA9zDSZMxA== "prettier@^1.18.2 || ^2.0.0": version "2.8.8" @@ -16736,9 +16796,9 @@ prettier-plugin-organize-imports@^3.0.0: integrity sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q== prettier@^3.2.4: - version "3.3.2" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-3.3.2.tgz#03ff86dc7c835f2d2559ee76876a3914cec4a90a" - integrity sha512-rAVeHYMcv8ATV5d508CFdn+8/pHPpXeIid1DdrPwXnaAdH7cqjVbpJaT5eq4yRAFU/lsbwYwSF/n5iNrdJHPQA== + version "3.3.3" + resolved "https://registry.yarnpkg.com/prettier/-/prettier-3.3.3.tgz#30c54fe0be0d8d12e6ae61dbb10109ea00d53105" + integrity sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew== pretty-bytes@^5.6.0: version "5.6.0" @@ -16790,7 +16850,7 @@ pretty@2.0.0, pretty@^2.0.0: extend-shallow "^2.0.1" js-beautify "^1.6.12" -prismjs@1.29.0, prismjs@^1.23.0, prismjs@^1.29.0: +prismjs@^1.23.0, prismjs@^1.29.0: version "1.29.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.29.0.tgz#f113555a8fa9b57c35e637bba27509dcf802dd12" integrity sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q== @@ -16929,7 +16989,7 @@ pseudomap@^1.0.2: resolved "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3" integrity sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ== -psl@^1.1.28, psl@^1.1.33: +psl@^1.1.33: version "1.9.0" resolved "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7" integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag== @@ -17002,18 +17062,13 @@ qs@6.11.0: dependencies: side-channel "^1.0.4" -qs@^6.11.0, qs@^6.11.2: - version "6.12.0" - resolved "https://registry.npmjs.org/qs/-/qs-6.12.0.tgz#edd40c3b823995946a8a0b1f208669c7a200db77" - integrity sha512-trVZiI6RMOkO476zLGaBIzszOdFPnCCXHPG9kn0yuS1uz6xdVxPfZdB3vUig9pxPFDM9BRAgz/YUIVQ1/vuiUg== +qs@6.13.0, qs@^6.11.0, qs@^6.11.2: + version "6.13.0" + resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906" + integrity sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg== dependencies: side-channel "^1.0.6" -qs@~6.5.2: - version "6.5.3" - resolved "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad" - integrity sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA== - query-string@^5.0.1: version "5.1.1" resolved "https://registry.npmjs.org/query-string/-/query-string-5.1.1.tgz#a78c012b71c17e05f2e3fa2319dd330682efb3cb" @@ -17050,7 +17105,7 @@ quick-lru@^5.1.1: quicktype-core@23.0.170: version "23.0.170" - resolved "https://registry.yarnpkg.com/quicktype-core/-/quicktype-core-23.0.170.tgz#ecaab8091552980883dd587ebe7c91abed74866c" + resolved "https://registry.npmjs.org/quicktype-core/-/quicktype-core-23.0.170.tgz#ecaab8091552980883dd587ebe7c91abed74866c" integrity sha512-ZsjveG0yJUIijUx4yQshzyQ5EAXKbFSBTQJHnJ+KoSZVxcS+m3GcmDpzrdUIRYMhgLaF11ZGvLSYi5U0xcwemw== dependencies: "@glideapps/ts-necessities" "2.2.3" @@ -17070,7 +17125,7 @@ quicktype-core@23.0.170: quicktype-graphql-input@23.0.170: version "23.0.170" - resolved "https://registry.yarnpkg.com/quicktype-graphql-input/-/quicktype-graphql-input-23.0.170.tgz#f52bb9204a1b434b4e5f0a9003da227d50bcd9da" + resolved "https://registry.npmjs.org/quicktype-graphql-input/-/quicktype-graphql-input-23.0.170.tgz#f52bb9204a1b434b4e5f0a9003da227d50bcd9da" integrity sha512-L0xPKdIFZFChwups9oqJuQw/vwEbRVKBvU9L5jAs0Z/aLyfdsuxDpKGMJXnNWa2yE7NhPX/UDX8ytxn8uc8hdQ== dependencies: collection-utils "^1.0.1" @@ -17079,7 +17134,7 @@ quicktype-graphql-input@23.0.170: quicktype-typescript-input@23.0.170: version "23.0.170" - resolved "https://registry.yarnpkg.com/quicktype-typescript-input/-/quicktype-typescript-input-23.0.170.tgz#13efb2f8a7846a0f685fab2852086995f8c712b2" + resolved "https://registry.npmjs.org/quicktype-typescript-input/-/quicktype-typescript-input-23.0.170.tgz#13efb2f8a7846a0f685fab2852086995f8c712b2" integrity sha512-lckhc//Mc95f/puRFKv4BFs7VpUUJXhw/psh+5ZAMiErxOWgoF87XthGusmaqoXNzjmEy1AVwGgMCG2pp/tJ/w== dependencies: "@mark.probst/typescript-json-schema" "0.55.0" @@ -17088,7 +17143,7 @@ quicktype-typescript-input@23.0.170: quicktype@^23.0.170: version "23.0.170" - resolved "https://registry.yarnpkg.com/quicktype/-/quicktype-23.0.170.tgz#3a70a5d0870e327d0f7ee35e61d25b17744bb8bc" + resolved "https://registry.npmjs.org/quicktype/-/quicktype-23.0.170.tgz#3a70a5d0870e327d0f7ee35e61d25b17744bb8bc" integrity sha512-3gFyS7w36ktxrttEv1gMfuUlGairepnSpLN0cp7JVevkKX2N6Uk8AyMlDS2Puki09MY6PB6ch90plThvACtEHA== dependencies: "@glideapps/ts-necessities" "^2.2.3" @@ -17340,6 +17395,11 @@ regex-not@^1.0.0, regex-not@^1.0.2: extend-shallow "^3.0.2" safe-regex "^1.1.0" +regex@4.3.2: + version "4.3.2" + resolved "https://registry.yarnpkg.com/regex/-/regex-4.3.2.tgz#a68a68c9b337a77bf4ce4ed0b4b1a49d97cb3b7b" + integrity sha512-kK/AA3A9K6q2js89+VMymcboLOlF5lZRCYJv3gzszXFHBr6kO6qLGzbm+UIugBEV8SMMKCTR59txoY6ctRHYVw== + regexp.prototype.flags@^1.5.2: version "1.5.2" resolved "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz#138f644a3350f981a858c44f6bb1a61ff59be334" @@ -17402,32 +17462,6 @@ request-progress@^3.0.0: dependencies: throttleit "^1.0.0" -request@^2.61.0: - version "2.88.2" - resolved "https://registry.npmjs.org/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3" - integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw== - dependencies: - aws-sign2 "~0.7.0" - aws4 "^1.8.0" - caseless "~0.12.0" - combined-stream "~1.0.6" - extend "~3.0.2" - forever-agent "~0.6.1" - form-data "~2.3.2" - har-validator "~5.1.3" - http-signature "~1.2.0" - is-typedarray "~1.0.0" - isstream "~0.1.2" - json-stringify-safe "~5.0.1" - mime-types "~2.1.19" - oauth-sign "~0.9.0" - performance-now "^2.1.0" - qs "~6.5.2" - safe-buffer "^5.1.2" - tough-cookie "~2.5.0" - tunnel-agent "^0.6.0" - uuid "^3.3.2" - require-directory@^2.1.1: version "2.1.1" resolved "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" @@ -17537,18 +17571,16 @@ reusify@^1.0.4: resolved "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== +revalidator@^0.3.1: + version "0.3.1" + resolved "https://registry.yarnpkg.com/revalidator/-/revalidator-0.3.1.tgz#ff2cc4cf7cc7c6385ac710178276e6dbcd03762f" + integrity sha512-orq+Nw+V5pDpQwGEuN2n1AgJ+0A8WqhFHKt5KgkxfAowUKgO1CWV32IR3TNB4g9/FX3gJt9qBJO8DYlwonnB0Q== + rfdc@^1.3.0: version "1.3.1" resolved "https://registry.npmjs.org/rfdc/-/rfdc-1.3.1.tgz#2b6d4df52dffe8bb346992a10ea9451f24373a8f" integrity sha512-r5a3l5HzYlIC68TpmYKlxWjmOP6wiPJ1vWv2HeLhNsRZMrCkxeqxiHlQ21oXmQ4F3SiryXBHhAD7JZqvOJjFmg== -rimraf@4.4.1, rimraf@^4.4.1: - version "4.4.1" - resolved "https://registry.npmjs.org/rimraf/-/rimraf-4.4.1.tgz#bd33364f67021c5b79e93d7f4fa0568c7c21b755" - integrity sha512-Gk8NlF062+T9CqNGn6h4tls3k6T1+/nXdOcSZVikNVtlRdYpA7wRJJMoXmuvOnLW844rPjdQ7JgXCYM6PPC/og== - dependencies: - glob "^9.2.0" - rimraf@^3.0.0, rimraf@^3.0.2: version "3.0.2" resolved "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" @@ -17556,6 +17588,13 @@ rimraf@^3.0.0, rimraf@^3.0.2: dependencies: glob "^7.1.3" +rimraf@^4.4.1: + version "4.4.1" + resolved "https://registry.npmjs.org/rimraf/-/rimraf-4.4.1.tgz#bd33364f67021c5b79e93d7f4fa0568c7c21b755" + integrity sha512-Gk8NlF062+T9CqNGn6h4tls3k6T1+/nXdOcSZVikNVtlRdYpA7wRJJMoXmuvOnLW844rPjdQ7JgXCYM6PPC/og== + dependencies: + glob "^9.2.0" + rimraf@^5.0.0: version "5.0.7" resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-5.0.7.tgz#27bddf202e7d89cb2e0381656380d1734a854a74" @@ -17673,7 +17712,12 @@ safe-regex@^1.1.0: dependencies: ret "~0.1.10" -safe-stable-stringify@^2.2.0, safe-stable-stringify@^2.3.1: +safe-stable-stringify@^2.2.0: + version "2.5.0" + resolved "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz#4ca2f8e385f2831c432a719b108a3bf7af42a1dd" + integrity sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA== + +safe-stable-stringify@^2.3.1: version "2.4.3" resolved "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.4.3.tgz#138c84b6f6edb3db5f8ef3ef7115b8f55ccbf886" integrity sha512-e2bDA2WJT0wxseVd4lsDP4+3ONX6HpMXQa1ZhFQ7SU+GjvORCmShbCMltrtIDfkYhVHrOcPtj+KhmDBdPdZD1g== @@ -17695,10 +17739,10 @@ sanitize-html@~2.13.0: parse-srcset "^1.0.2" postcss "^8.3.11" -sass-loader@^14.0.0: - version "14.2.1" - resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-14.2.1.tgz#db9ad96b56dc1c1ea546101e76375d5b008fec70" - integrity sha512-G0VcnMYU18a4N7VoNDegg2OuMjYtxnqzQWARVWCIVSZwJeiL9kg8QMsuIZOplsJgTzZLF6jGxI3AClj8I9nRdQ== +sass-loader@^16.0.0: + version "16.0.1" + resolved "https://registry.yarnpkg.com/sass-loader/-/sass-loader-16.0.1.tgz#57049c1787076e923b21a1dccc612546ecaf4295" + integrity sha512-xACl1ToTsKnL9Ce5yYpRxrLj9QUDCnwZNhzpC7tKiFyA8zXsd3Ap+HGVnbCgkdQcm43E+i6oKAWBsvGA6ZoiMw== dependencies: neo-async "^2.6.2" @@ -17803,10 +17847,10 @@ semver@^6.0.0, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.0.0, semver@^7.1.1, semver@^7.1.2, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.6, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.0: - version "7.6.2" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13" - integrity sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w== +semver@^7.0.0, semver@^7.1.1, semver@^7.1.2, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.6, semver@^7.3.7, semver@^7.3.8, semver@^7.5.3, semver@^7.5.4, semver@^7.6.0, semver@^7.6.3: + version "7.6.3" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" + integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== send@0.18.0: version "0.18.0" @@ -17827,6 +17871,25 @@ send@0.18.0: range-parser "~1.2.1" statuses "2.0.1" +send@0.19.0: + version "0.19.0" + resolved "https://registry.yarnpkg.com/send/-/send-0.19.0.tgz#bbc5a388c8ea6c048967049dbeac0e4a3f09d7f8" + integrity sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw== + dependencies: + debug "2.6.9" + depd "2.0.0" + destroy "1.2.0" + encodeurl "~1.0.2" + escape-html "~1.0.3" + etag "~1.8.1" + fresh "0.5.2" + http-errors "2.0.0" + mime "1.6.0" + ms "2.1.3" + on-finished "2.4.1" + range-parser "~1.2.1" + statuses "2.0.1" + sequelize-cli@^6.2.0: version "6.6.2" resolved "https://registry.npmjs.org/sequelize-cli/-/sequelize-cli-6.6.2.tgz#8d838b25c988cf136914cdc3843e19d88c3dcb67" @@ -17904,6 +17967,16 @@ serve-static@1.15.0: parseurl "~1.3.3" send "0.18.0" +serve-static@1.16.0: + version "1.16.0" + resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.16.0.tgz#2bf4ed49f8af311b519c46f272bf6ac3baf38a92" + integrity sha512-pDLK8zwl2eKaYrs8mrPZBJua4hMplRWJ1tIFksVC3FtBEBnl8dxgeHtsaMS8DhS9i4fLObaon6ABoc4/hQGdPA== + dependencies: + encodeurl "~1.0.2" + escape-html "~1.0.3" + parseurl "~1.3.3" + send "0.18.0" + server-destroy@^1.0.1: version "1.0.1" resolved "https://registry.npmjs.org/server-destroy/-/server-destroy-1.0.1.tgz#f13bf928e42b9c3e79383e61cc3998b5d14e6cdd" @@ -18005,7 +18078,7 @@ shell-quote@^1.8.1: resolved "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.1.tgz#6dbf4db75515ad5bac63b4f1894c3a154c766680" integrity sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA== -shelljs@0.8.5, shelljs@^0.8.3: +shelljs@^0.8.3: version "0.8.5" resolved "https://registry.npmjs.org/shelljs/-/shelljs-0.8.5.tgz#de055408d8361bed66c669d2f000538ced8ee20c" integrity sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow== @@ -18019,12 +18092,14 @@ shellwords@^0.1.1: resolved "https://registry.npmjs.org/shellwords/-/shellwords-0.1.1.tgz#d6b9181c1a48d397324c84871efbcfc73fc0654b" integrity sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww== -shiki@^1.9.1: - version "1.10.0" - resolved "https://registry.yarnpkg.com/shiki/-/shiki-1.10.0.tgz#304ab080a12458abc78eb0cb83eb0f7ace546215" - integrity sha512-YD2sXQ+TMD/F9BimV9Jn0wj35pqOvywvOG/3PB6hGHyGKlM7TJ9tyJ02jOb2kF8F0HfJwKNYrh3sW7jEcuRlXA== +shiki@^1.16.2: + version "1.16.3" + resolved "https://registry.yarnpkg.com/shiki/-/shiki-1.16.3.tgz#d78b0c644c2a46b25ec638a9a58861999bd3495c" + integrity sha512-GypUE+fEd06FqDs63LSAVlmq7WsahhPQU62cgZxGF+TJT5LjD2k7HTxXj4/CKOVuMM3+wWQ1t4Y5oooeJFRRBQ== dependencies: - "@shikijs/core" "1.10.0" + "@shikijs/core" "1.16.3" + "@shikijs/vscode-textmate" "^9.2.0" + "@types/hast" "^3.0.4" shortid@^2.2.15: version "2.2.16" @@ -18073,12 +18148,12 @@ simple-swizzle@^0.2.2: is-arrayish "^0.3.1" sinon@^18.0.0: - version "18.0.0" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-18.0.0.tgz#69ca293dbc3e82590a8b0d46c97f63ebc1e5fc01" - integrity sha512-+dXDXzD1sBO6HlmZDd7mXZCR/y5ECiEiGCBSGuFD/kZ0bDTofPYc6JaeGmPSF+1j1MejGUWkORbYOLDyvqCWpA== + version "18.0.1" + resolved "https://registry.yarnpkg.com/sinon/-/sinon-18.0.1.tgz#464334cdfea2cddc5eda9a4ea7e2e3f0c7a91c5e" + integrity sha512-a2N2TDY1uGviajJ6r4D1CyRAkzE9NNVlYOV1wX5xQDuAk0ONgzgRl0EjCQuRCPxOwp13ghsMwt9Gdldujs39qw== dependencies: "@sinonjs/commons" "^3.0.1" - "@sinonjs/fake-timers" "^11.2.2" + "@sinonjs/fake-timers" "11.2.2" "@sinonjs/samsam" "^8.0.0" diff "^5.2.0" nise "^6.0.0" @@ -18232,7 +18307,7 @@ source-map-support@0.5.13: buffer-from "^1.0.0" source-map "^0.6.0" -source-map-support@0.5.21, source-map-support@^0.5.16, source-map-support@^0.5.6, source-map-support@~0.5.20: +source-map-support@^0.5.16, source-map-support@^0.5.6, source-map-support@~0.5.20: version "0.5.21" resolved "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f" integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w== @@ -18345,7 +18420,7 @@ sprintf-js@~1.0.2: resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g== -sshpk@^1.14.1, sshpk@^1.7.0: +sshpk@^1.14.1: version "1.18.0" resolved "https://registry.npmjs.org/sshpk/-/sshpk-1.18.0.tgz#1663e55cddf4d688b86a46b77f0d5fe363aba028" integrity sha512-2p2KJZTSqQ/I3+HX42EpYOa2l3f8Erv8MWKsy2I9uf4wA7yFIkXRffYdsx86y6z4vHtV8u7g+pPlr8/4ouAxsQ== @@ -18431,7 +18506,7 @@ stream-browserify@^3.0.0: stream-chain@^2.2.5: version "2.2.5" - resolved "https://registry.yarnpkg.com/stream-chain/-/stream-chain-2.2.5.tgz#b30967e8f14ee033c5b9a19bbe8a2cba90ba0d09" + resolved "https://registry.npmjs.org/stream-chain/-/stream-chain-2.2.5.tgz#b30967e8f14ee033c5b9a19bbe8a2cba90ba0d09" integrity sha512-1TJmBx6aSWqZ4tx7aTpBDXK0/e2hhcNSTV8+CbFJtDjbb+I1mZ8lHit0Grw9GRT+6JbIrrDd8esncgBi8aBXGA== stream-http@^3.2.0: @@ -18446,16 +18521,11 @@ stream-http@^3.2.0: stream-json@1.8.0: version "1.8.0" - resolved "https://registry.yarnpkg.com/stream-json/-/stream-json-1.8.0.tgz#53f486b2e3b4496c506131f8d7260ba42def151c" + resolved "https://registry.npmjs.org/stream-json/-/stream-json-1.8.0.tgz#53f486b2e3b4496c506131f8d7260ba42def151c" integrity sha512-HZfXngYHUAr1exT4fxlbc1IOce1RYxp2ldeaf97LYCOPSoOqY/1Psp7iGvpb+6JIOgkra9zDYnPX01hGAHzEPw== dependencies: stream-chain "^2.2.5" -stream-read-all@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/stream-read-all/-/stream-read-all-3.0.1.tgz#60762ae45e61d93ba0978cda7f3913790052ad96" - integrity sha512-EWZT9XOceBPlVJRrYcykW8jyRSZYbkb/0ZK36uLEmoWVO5gxBOnntNTseNzfREsqxqdfEGQrD8SXQ3QWbBmq8A== - stream-shift@^1.0.2: version "1.0.3" resolved "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz#85b8fab4d71010fc3ba8772e8046cc49b8a3864b" @@ -18489,7 +18559,7 @@ string-length@^5.0.1: string-to-stream@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/string-to-stream/-/string-to-stream-3.0.1.tgz#480e6fb4d5476d31cb2221f75307a5dcb6638a42" + resolved "https://registry.npmjs.org/string-to-stream/-/string-to-stream-3.0.1.tgz#480e6fb4d5476d31cb2221f75307a5dcb6638a42" integrity sha512-Hl092MV3USJuUCC6mfl9sPzGloA3K5VwdIeJjYIkXY/8K+mUvaeEabWJgArp+xXrsWxCajeT2pc4axbVhIZJyg== dependencies: readable-stream "^3.4.0" @@ -18895,25 +18965,20 @@ symbol-tree@^3.2.4: resolved "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2" integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw== -synckit@^0.8.6: - version "0.8.8" - resolved "https://registry.npmjs.org/synckit/-/synckit-0.8.8.tgz#fe7fe446518e3d3d49f5e429f443cf08b6edfcd7" - integrity sha512-HwOKAP7Wc5aRGYdKH+dw0PRRpbO841v2DENBtjnR5HFWoiNByAl7vrx3p0G/rCyYXQsrxqtX48TImFtPcIHSpQ== +synckit@^0.9.1: + version "0.9.1" + resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.9.1.tgz#febbfbb6649979450131f64735aa3f6c14575c88" + integrity sha512-7gr8p9TQP6RAHusBOSLs46F4564ZrjV8xFmw5zCmgmhGUcw2hxsShhJ6CEiHQMgPDwAQ1fWHPM0ypc4RMAig4A== dependencies: "@pkgr/core" "^0.1.0" tslib "^2.6.2" -table-layout@^3.0.0: - version "3.0.2" - resolved "https://registry.yarnpkg.com/table-layout/-/table-layout-3.0.2.tgz#69c2be44388a5139b48c59cf21e73b488021769a" - integrity sha512-rpyNZYRw+/C+dYkcQ3Pr+rLxW4CfHpXjPDnG7lYhdRoUcZTUt+KEsX+94RGp/aVp/MQU35JCITv2T/beY4m+hw== +table-layout@^4.1.0: + version "4.1.1" + resolved "https://registry.npmjs.org/table-layout/-/table-layout-4.1.1.tgz#0f72965de1a5c0c1419c9ba21cae4e73a2f73a42" + integrity sha512-iK5/YhZxq5GO5z8wb0bY1317uDF3Zjpha0QFFLA8/trAoiLbQD0HUbMesEaxyzUgDxi2QlcbM8IvqOlEjgoXBA== dependencies: - "@75lb/deep-merge" "^1.1.1" array-back "^6.2.2" - command-line-args "^5.2.1" - command-line-usage "^7.0.0" - stream-read-all "^3.0.1" - typical "^7.1.1" wordwrapjs "^5.1.0" tailwindcss@3.3.0: @@ -18947,9 +19012,9 @@ tailwindcss@3.3.0: sucrase "^3.29.0" tailwindcss@^3.3.3: - version "3.4.4" - resolved "https://registry.yarnpkg.com/tailwindcss/-/tailwindcss-3.4.4.tgz#351d932273e6abfa75ce7d226b5bf3a6cb257c05" - integrity sha512-ZoyXOdJjISB7/BcLTR6SEsLgKtDStYyYZVLsUtWChO4Ps20CBad7lfJKVDiejocV4ME1hLmyY0WJE3hSDcmQ2A== + version "3.4.10" + resolved "https://registry.yarnpkg.com/tailwindcss/-/tailwindcss-3.4.10.tgz#70442d9aeb78758d1f911af29af8255ecdb8ffef" + integrity sha512-KWZkVPm7yJRhdu4SRSl9d4AK2wM3a50UsvgHZO7xY77NQr2V+fIrEuoDGQcbvswWvFGbS2f6e+jC/6WJm1Dl0w== dependencies: "@alloc/quick-lru" "^5.2.0" arg "^5.0.2" @@ -19186,7 +19251,7 @@ tmp@^0.0.33: dependencies: os-tmpdir "~1.0.2" -tmp@~0.2.1: +tmp@~0.2.1, tmp@~0.2.3: version "0.2.3" resolved "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz#eb783cc22bc1e8bebd0671476d46ea4eb32a79ae" integrity sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w== @@ -19268,14 +19333,6 @@ tough-cookie@^4.0.0, tough-cookie@^4.1.3: universalify "^0.2.0" url-parse "^1.5.3" -tough-cookie@~2.5.0: - version "2.5.0" - resolved "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz#cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2" - integrity sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g== - dependencies: - psl "^1.1.28" - punycode "^2.1.1" - tr46@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz#fa87aa81ca5d5941da8cbf1f9b749dc969a4e240" @@ -19326,18 +19383,19 @@ ts-interface-checker@^0.1.9: integrity sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA== ts-jest@^29.1.0: - version "29.1.5" - resolved "https://registry.yarnpkg.com/ts-jest/-/ts-jest-29.1.5.tgz#d6c0471cc78bffa2cb4664a0a6741ef36cfe8f69" - integrity sha512-UuClSYxM7byvvYfyWdFI+/2UxMmwNyJb0NPkZPQE2hew3RurV7l7zURgOHAd/1I1ZdPpe3GUsXNXAcN8TFKSIg== + version "29.2.5" + resolved "https://registry.yarnpkg.com/ts-jest/-/ts-jest-29.2.5.tgz#591a3c108e1f5ebd013d3152142cb5472b399d63" + integrity sha512-KD8zB2aAZrcKIdGk4OwpJggeLcH1FgrICqDSROWqlnJXGCXK4Mn6FcdK2B6670Xr73lHMG1kHw8R87A0ecZ+vA== dependencies: - bs-logger "0.x" - fast-json-stable-stringify "2.x" + bs-logger "^0.2.6" + ejs "^3.1.10" + fast-json-stable-stringify "^2.1.0" jest-util "^29.0.0" json5 "^2.2.3" - lodash.memoize "4.x" - make-error "1.x" - semver "^7.5.3" - yargs-parser "^21.0.1" + lodash.memoize "^4.1.2" + make-error "^1.3.6" + semver "^7.6.3" + yargs-parser "^21.1.1" ts-loader@^9.1.0, ts-loader@^9.2.5: version "9.5.1" @@ -19352,7 +19410,7 @@ ts-loader@^9.1.0, ts-loader@^9.2.5: ts-node@^10.9.1: version "10.9.2" - resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.2.tgz#70f021c9e185bccdca820e26dc413805c101c71f" + resolved "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz#70f021c9e185bccdca820e26dc413805c101c71f" integrity sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ== dependencies: "@cspotcode/source-map-support" "^0.8.0" @@ -19407,10 +19465,10 @@ tsconfig@^7.0.0: strip-bom "^3.0.0" strip-json-comments "^2.0.0" -tslib@2.6.2, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.3.0, tslib@^2.4.0, tslib@^2.6.2: - version "2.6.2" - resolved "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" - integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== +tslib@2.6.3, tslib@^2.0.1, tslib@^2.0.3, tslib@^2.1.0, tslib@^2.3.0, tslib@^2.4.0, tslib@^2.6.2: + version "2.6.3" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.3.tgz#0438f810ad7a9edcde7a241c3d80db693c8cbfe0" + integrity sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ== tslib@^1.8.1, tslib@^1.9.0: version "1.14.1" @@ -19425,11 +19483,11 @@ tsutils@^3.21.0: tslib "^1.8.1" tsx@^4.7.1: - version "4.15.7" - resolved "https://registry.yarnpkg.com/tsx/-/tsx-4.15.7.tgz#69d7499196a323507c4051d2ba10753edcc057e5" - integrity sha512-u3H0iSFDZM3za+VxkZ1kywdCeHCn+8/qHQS1MNoO2sONDgD95HlWtt8aB23OzeTmFP9IU4/8bZUdg58Uu5J4cg== + version "4.19.0" + resolved "https://registry.yarnpkg.com/tsx/-/tsx-4.19.0.tgz#6166cb399b17d14d125e6158d23384045cfdf4f6" + integrity sha512-bV30kM7bsLZKZIOCHeMNVMJ32/LuJzLVajkQI/qf92J2Qr08ueLQvW00PUZGiuLPP760UINwupgUj8qrSCPUKg== dependencies: - esbuild "~0.21.4" + esbuild "~0.23.0" get-tsconfig "^4.7.5" optionalDependencies: fsevents "~2.3.3" @@ -19480,11 +19538,16 @@ type-check@^0.4.0, type-check@~0.4.0: dependencies: prelude-ls "^1.2.1" -type-detect@4.0.8, type-detect@^4.0.0, type-detect@^4.0.8: +type-detect@4.0.8: version "4.0.8" resolved "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz#7646fb5f18871cfbb7749e69bd39a6388eb7450c" integrity sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g== +type-detect@^4.0.0, type-detect@^4.0.8, type-detect@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.1.0.tgz#deb2453e8f08dcae7ae98c626b13dddb0155906c" + integrity sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw== + type-fest@^0.18.0: version "0.18.1" resolved "https://registry.npmjs.org/type-fest/-/type-fest-0.18.1.tgz#db4bc151a4a2cf4eebf9add5db75508db6cc841f" @@ -19590,19 +19653,19 @@ typedarray@^0.0.6: integrity sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA== typedoc@^0.26.2: - version "0.26.3" - resolved "https://registry.yarnpkg.com/typedoc/-/typedoc-0.26.3.tgz#723b2c4ca5dd1d9baf43d6a5a1f4d640ba4207a8" - integrity sha512-6d2Sw9disvvpdk4K7VNjKr5/3hzijtfQVHRthhDqJgnhMHy1wQz4yPMJVKXElvnZhFr0nkzo+GzjXDTRV5yLpg== + version "0.26.7" + resolved "https://registry.yarnpkg.com/typedoc/-/typedoc-0.26.7.tgz#1980e3ed51c6c315b7a09786b2b9af1106a3aa80" + integrity sha512-gUeI/Wk99vjXXMi8kanwzyhmeFEGv1LTdTQsiyIsmSYsBebvFxhbcyAx7Zjo4cMbpLGxM4Uz3jVIjksu/I2v6Q== dependencies: lunr "^2.3.9" markdown-it "^14.1.0" minimatch "^9.0.5" - shiki "^1.9.1" - yaml "^2.4.5" + shiki "^1.16.2" + yaml "^2.5.1" typescript@4.9.4: version "4.9.4" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.4.tgz#a2a3d2756c079abda241d75f149df9d561091e78" + resolved "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz#a2a3d2756c079abda241d75f149df9d561091e78" integrity sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg== typescript@4.9.5, typescript@^4.9.3: @@ -19627,12 +19690,12 @@ typescript@~4.5.5: typical@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/typical/-/typical-4.0.0.tgz#cbeaff3b9d7ae1e2bbfaf5a4e6f11eccfde94fc4" + resolved "https://registry.npmjs.org/typical/-/typical-4.0.0.tgz#cbeaff3b9d7ae1e2bbfaf5a4e6f11eccfde94fc4" integrity sha512-VAH4IvQ7BDFYglMd7BPRDfLgxZZX4O4TFcRDA6EN5X7erNJJq+McIEp8np9aVtxrCJ6qx4GTYVfOWNjcqwZgRw== typical@^7.1.1: version "7.1.1" - resolved "https://registry.yarnpkg.com/typical/-/typical-7.1.1.tgz#ba177ab7ab103b78534463ffa4c0c9754523ac1f" + resolved "https://registry.npmjs.org/typical/-/typical-7.1.1.tgz#ba177ab7ab103b78534463ffa4c0c9754523ac1f" integrity sha512-T+tKVNs6Wu7IWiAce5BgMd7OZfNYUndHwc5MknN+UHOudi7sGZzuHdCadllRuqJ3fPtgFtIH9+lt9qRv6lmpfA== uc.micro@^2.0.0, uc.micro@^2.1.0: @@ -19689,10 +19752,10 @@ unbzip2-stream@^1.0.9: buffer "^5.2.1" through "^2.3.8" -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici-types@~6.19.2: + version "6.19.8" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.19.8.tgz#35111c9d1437ab83a7cdc0abae2f26d88eda0a02" + integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw== unicode-canonical-property-names-ecmascript@^2.0.0: version "2.0.0" @@ -19714,7 +19777,7 @@ unicode-match-property-value-ecmascript@^2.1.0: unicode-properties@^1.4.1: version "1.4.1" - resolved "https://registry.yarnpkg.com/unicode-properties/-/unicode-properties-1.4.1.tgz#96a9cffb7e619a0dc7368c28da27e05fc8f9be5f" + resolved "https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz#96a9cffb7e619a0dc7368c28da27e05fc8f9be5f" integrity sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg== dependencies: base64-js "^1.3.0" @@ -19727,7 +19790,7 @@ unicode-property-aliases-ecmascript@^2.0.0: unicode-trie@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/unicode-trie/-/unicode-trie-2.0.0.tgz#8fd8845696e2e14a8b67d78fa9e0dd2cad62fec8" + resolved "https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz#8fd8845696e2e14a8b67d78fa9e0dd2cad62fec8" integrity sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ== dependencies: pako "^0.2.5" @@ -19817,7 +19880,7 @@ uri-js@^4.2.2: urijs@^1.19.1: version "1.19.11" - resolved "https://registry.yarnpkg.com/urijs/-/urijs-1.19.11.tgz#204b0d6b605ae80bea54bea39280cdb7c9f923cc" + resolved "https://registry.npmjs.org/urijs/-/urijs-1.19.11.tgz#204b0d6b605ae80bea54bea39280cdb7c9f923cc" integrity sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ== urix@^0.1.0: @@ -19904,11 +19967,6 @@ uuid@^10.0.0: resolved "https://registry.yarnpkg.com/uuid/-/uuid-10.0.0.tgz#5a95aa454e6e002725c79055fd42aaba30ca6294" integrity sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ== -uuid@^3.3.2: - version "3.4.0" - resolved "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee" - integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A== - uuid@^8.3.2: version "8.3.2" resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" @@ -19916,7 +19974,7 @@ uuid@^8.3.2: v8-compile-cache-lib@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" + resolved "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== v8-to-istanbul@^8.1.0: @@ -19957,10 +20015,10 @@ validate-npm-package-name@^3.0.0: dependencies: builtins "^1.0.3" -validator@^13.9.0: - version "13.11.0" - resolved "https://registry.npmjs.org/validator/-/validator-13.11.0.tgz#23ab3fd59290c61248364eabf4067f04955fbb1b" - integrity sha512-Ii+sehpSfZy+At5nPdnyMhx78fEoPDkR2XW/zimHEL3MyGJQOCQ7WeP20jPYRz7ZCpcKLB21NxuXHF3bxjStBQ== +validator@^13.12.0, validator@^13.9.0: + version "13.12.0" + resolved "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz#7d78e76ba85504da3fee4fd1922b385914d4b35f" + integrity sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg== value-or-promise@1.0.11: version "1.0.11" @@ -20050,10 +20108,10 @@ vue-cookies@^1.7.4: resolved "https://registry.yarnpkg.com/vue-cookies/-/vue-cookies-1.8.4.tgz#50ce538b3a66109b484936ae3ecc4677b8f21540" integrity sha512-9zjvACKE4W0kEb8OQtXzpizKhf6zfFOG/Z1TEUjSJn4Z4rintuAHo8y/FpCUhTWHMmPe8E+Fko+/tiXVM+5jOw== -vue-eslint-parser@^9.3.1, vue-eslint-parser@^9.4.2: - version "9.4.2" - resolved "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-9.4.2.tgz#02ffcce82042b082292f2d1672514615f0d95b6d" - integrity sha512-Ry9oiGmCAK91HrKMtCrKFWmSFWvYkpGglCeFAIqDdr9zdXmMMpJOmUJS7WWsW7fX81h6mwHmUZCQQ1E0PkSwYQ== +vue-eslint-parser@^9.3.1, vue-eslint-parser@^9.4.3: + version "9.4.3" + resolved "https://registry.yarnpkg.com/vue-eslint-parser/-/vue-eslint-parser-9.4.3.tgz#9b04b22c71401f1e8bca9be7c3e3416a4bde76a8" + integrity sha512-2rYRLWlIpaiN8xbPiDyXZXRgLGOtWxERV7ND5fFAv5qo1D2N9Fu9MNajBNc6o13lZ+24DAWCkQCvj4klgmcITg== dependencies: debug "^4.3.4" eslint-scope "^7.1.1" @@ -20148,7 +20206,7 @@ vue-svg-loader@^0.16.0: loader-utils "^1.2.3" svg-to-vue "^0.7.0" -vue-template-compiler@^2.7.16, vue-template-compiler@~2.7.16: +vue-template-compiler@~2.7.16: version "2.7.16" resolved "https://registry.npmjs.org/vue-template-compiler/-/vue-template-compiler-2.7.16.tgz#c81b2d47753264c77ac03b9966a46637482bb03b" integrity sha512-AYbUWAJHLGGQM7+cNTELw+KsOG9nl2CnSv467WobS5Cv9uk3wFcnr1Etsz2sEIHEZvw1U+o9mRlEO6QbZvUPGQ== @@ -20161,7 +20219,7 @@ vue-template-es2015-compiler@^1.6.0, vue-template-es2015-compiler@^1.9.0: resolved "https://registry.npmjs.org/vue-template-es2015-compiler/-/vue-template-es2015-compiler-1.9.1.tgz#1ee3bc9a16ecbf5118be334bb15f9c46f82f5825" integrity sha512-4gDntzrifFnCEvyoO8PqyJDmguXgVPxKiIxrBKjIowvL9l+N66196+72XVYR8BBf1Uv1Fgt3bGevJ+sEmxfZzw== -vue@^2.6.11, vue@^2.6.14, vue@^2.7.16, vue@~2.7.16: +vue@^2.6.11, vue@^2.6.14, vue@~2.7.16: version "2.7.16" resolved "https://registry.npmjs.org/vue/-/vue-2.7.16.tgz#98c60de9def99c0e3da8dae59b304ead43b967c9" integrity sha512-4gCtFXaAA3zYZdTp5s4Hl2sozuySsgz4jy1EnpBHNfpMa9dK1ZCG7viqBPCwXtmgc8nHqUsAu3G4gtmXkkY3Sw== @@ -20361,51 +20419,20 @@ webpack-virtual-modules@^0.4.2: resolved "https://registry.npmjs.org/webpack-virtual-modules/-/webpack-virtual-modules-0.4.6.tgz#3e4008230731f1db078d9cb6f68baf8571182b45" integrity sha512-5tyDlKLqPfMqjT3Q9TAqf2YqjwmnUleZwzJi1A5qXnlBCdj2AtOJ6wAWdglTIDOPgOiOrXeBeFcsQ8+aGQ6QbA== -webpack@5.90.1: - version "5.90.1" - resolved "https://registry.npmjs.org/webpack/-/webpack-5.90.1.tgz#62ab0c097d7cbe83d32523dbfbb645cdb7c3c01c" - integrity sha512-SstPdlAC5IvgFnhiRok8hqJo/+ArAbNv7rhU4fnWGHNVfN59HSQFaxZDSAL3IFG2YmqxuRs+IU33milSxbPlog== +webpack@5.94.0, webpack@^5.54.0: + version "5.94.0" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.94.0.tgz#77a6089c716e7ab90c1c67574a28da518a20970f" + integrity sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg== dependencies: - "@types/eslint-scope" "^3.7.3" - "@types/estree" "^1.0.5" - "@webassemblyjs/ast" "^1.11.5" - "@webassemblyjs/wasm-edit" "^1.11.5" - "@webassemblyjs/wasm-parser" "^1.11.5" - acorn "^8.7.1" - acorn-import-assertions "^1.9.0" - browserslist "^4.21.10" - chrome-trace-event "^1.0.2" - enhanced-resolve "^5.15.0" - es-module-lexer "^1.2.1" - eslint-scope "5.1.1" - events "^3.2.0" - glob-to-regexp "^0.4.1" - graceful-fs "^4.2.9" - json-parse-even-better-errors "^2.3.1" - loader-runner "^4.2.0" - mime-types "^2.1.27" - neo-async "^2.6.2" - schema-utils "^3.2.0" - tapable "^2.1.1" - terser-webpack-plugin "^5.3.10" - watchpack "^2.4.0" - webpack-sources "^3.2.3" - -webpack@^5.54.0: - version "5.91.0" - resolved "https://registry.npmjs.org/webpack/-/webpack-5.91.0.tgz#ffa92c1c618d18c878f06892bbdc3373c71a01d9" - integrity sha512-rzVwlLeBWHJbmgTC/8TvAcu5vpJNII+MelQpylD4jNERPwpBJOE2lEcko1zJX3QJeLjTTAnQxn/OJ8bjDzVQaw== - dependencies: - "@types/eslint-scope" "^3.7.3" "@types/estree" "^1.0.5" "@webassemblyjs/ast" "^1.12.1" "@webassemblyjs/wasm-edit" "^1.12.1" "@webassemblyjs/wasm-parser" "^1.12.1" acorn "^8.7.1" - acorn-import-assertions "^1.9.0" + acorn-import-attributes "^1.9.5" browserslist "^4.21.10" chrome-trace-event "^1.0.2" - enhanced-resolve "^5.16.0" + enhanced-resolve "^5.17.1" es-module-lexer "^1.2.1" eslint-scope "5.1.1" events "^3.2.0" @@ -20546,15 +20573,15 @@ winston-transport@^4.7.0: triple-beam "^1.3.0" winston@^3.3.3, winston@^3.6.0: - version "3.13.0" - resolved "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz#e76c0d722f78e04838158c61adc1287201de7ce3" - integrity sha512-rwidmA1w3SE4j0E5MuIufFhyJPBDG7Nu71RkZor1p2+qHvJSZ9GYDA81AyleQcZbh/+V6HjeBdfnTZJm9rSeQQ== + version "3.14.2" + resolved "https://registry.yarnpkg.com/winston/-/winston-3.14.2.tgz#94ce5fd26d374f563c969d12f0cd9c641065adab" + integrity sha512-CO8cdpBB2yqzEf8v895L+GNKYJiEq8eKlHU38af3snQBQ+sdAIUepjMSguOIJC7ICbzm0ZI+Af2If4vIJrtmOg== dependencies: "@colors/colors" "^1.6.0" "@dabh/diagnostics" "^2.0.2" async "^3.2.3" is-stream "^2.0.0" - logform "^2.4.0" + logform "^2.6.0" one-time "^1.0.0" readable-stream "^3.4.0" safe-stable-stringify "^2.3.1" @@ -20576,7 +20603,7 @@ wordwrap@^1.0.0: wordwrapjs@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/wordwrapjs/-/wordwrapjs-5.1.0.tgz#4c4d20446dcc670b14fa115ef4f8fd9947af2b3a" + resolved "https://registry.npmjs.org/wordwrapjs/-/wordwrapjs-5.1.0.tgz#4c4d20446dcc670b14fa115ef4f8fd9947af2b3a" integrity sha512-JNjcULU2e4KJwUNv6CHgI46UvDGitb6dGryHajXTDiLgg1/RiGoPSDw4kZfYnwGtEXf2ZMeIewDQgFGzkCB2Sg== "wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": @@ -20695,11 +20722,11 @@ ws@^8.13.0: integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ== xml-formatter@^3.6.2: - version "3.6.2" - resolved "https://registry.yarnpkg.com/xml-formatter/-/xml-formatter-3.6.2.tgz#f68ad1519beef8353f8759ab6269b91265bdef4a" - integrity sha512-enWhevZNOwffZFUhzl1WMcha8lFLZUgJ7NzFs5Ug4ZOFCoNheGYXz1J9Iz/e+cTn9rCkuT1GwTacz+YlmFHOGw== + version "3.6.3" + resolved "https://registry.yarnpkg.com/xml-formatter/-/xml-formatter-3.6.3.tgz#7f0a023744567ffc196151403c4a02fce19de0d8" + integrity sha512-++x1TlRO1FRlQ82AZ4WnoCSufaI/PT/sycn4K8nRl4gnrNC1uYY2VV/67aALZ2m0Q4Q/BLj/L69K360Itw9NNg== dependencies: - xml-parser-xo "^4.1.0" + xml-parser-xo "^4.1.2" xml-js@*, xml-js@^1.6.11: version "1.6.11" @@ -20718,10 +20745,10 @@ xml-name-validator@^4.0.0: resolved "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-4.0.0.tgz#79a006e2e63149a8600f15430f0a4725d1524835" integrity sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw== -xml-parser-xo@^4.1.0, xml-parser-xo@^4.1.1: - version "4.1.1" - resolved "https://registry.yarnpkg.com/xml-parser-xo/-/xml-parser-xo-4.1.1.tgz#7434d990f442e06ed96286c813c02e921f14fc50" - integrity sha512-Ggf2y90+Y6e9IK5hoPuembVHJ03PhDSdhldEmgzbihzu9k0XBo0sfcFxaSi4W1PlUSSI1ok+MJ0JCXUn+U4Ilw== +xml-parser-xo@^4.1.1, xml-parser-xo@^4.1.2: + version "4.1.2" + resolved "https://registry.yarnpkg.com/xml-parser-xo/-/xml-parser-xo-4.1.2.tgz#076936f2a395901bf5120a79f2006978cb3746be" + integrity sha512-Z/DRB0ZAKj5vAQg++XsfQQKfT73Vfj5n5lKIVXobBDQEva6NHWUTxOA6OohJmEcpoy8AEqBmSGkXXAnFwt5qAA== xml2js@^0.5.0: version "0.5.0" @@ -20800,12 +20827,12 @@ yaml@^1.10.0, yaml@^1.10.2, yaml@^1.7.2: resolved "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b" integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg== -yaml@^2.1.1, yaml@^2.3.4, yaml@^2.4.1, yaml@^2.4.5: - version "2.4.5" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.4.5.tgz#60630b206dd6d84df97003d33fc1ddf6296cca5e" - integrity sha512-aBx2bnqDzVOyNKfsysjA2ms5ZlnjSAW2eG3/L5G/CSujfjLJTJsEw1bGw8kCf04KodQWk1pxlGnZ56CRxiawmg== +yaml@^2.1.1, yaml@^2.3.4, yaml@^2.4.1, yaml@^2.5.1: + version "2.5.1" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.5.1.tgz#c9772aacf62cb7494a95b0c4f1fb065b563db130" + integrity sha512-bLQOjaX/ADgQ20isPJRvF0iRUHIxVhYvr53Of7wGcWlO2jvtUlH5m87DsmulFVxRpNLOnI4tB6p/oh8D7kpn9Q== -yargs-parser@21.1.1, yargs-parser@^21.0.1, yargs-parser@^21.1.1: +yargs-parser@21.1.1, yargs-parser@^21.1.1: version "21.1.1" resolved "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35" integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== @@ -20851,7 +20878,7 @@ yauzl@^2.10.0, yauzl@^2.4.2: yn@3.1.1: version "3.1.1" - resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" + resolved "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50" integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q== yocto-queue@^0.1.0: